help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Advisory?

From: Mark Burgess
Subject: Re: Security Advisory?
Date: Mon, 03 Oct 2005 08:38:38 +0200 
The fix is for some third party shell scripts which I don't think anyone
uses and I am thinking of dumping. I did not announce 2.1.16 since it
contains nothing new. It is simply the patch release that has been in
svn for about 4 months. I am catching up.

M

On Sun, 2005-10-02 at 19:36 -0400, Jeff Sheltren wrote:
> On Oct 2, 2005, at 1:34 PM, Lance Albertson wrote:
> 
> > I just got a report that debian has released [1] a security fix for
> > cfengine. Is this something thats old or something thats new? I  
> > couldn't
> > find much information about it anywhere. Feel free to comment on the
> > gentoo bug [2].
> >
> > Thanks!
> >
> > [1] http://www.debian.org/security/2005/dsa-836
> > [2] http://bugs.gentoo.org/show_bug.cgi?id=107871
> > -- 
> > Lance Albertson <ramereth@gentoo.org>
> > Gentoo Infrastructure | Operations Manager
> 
> I can't find any info on it either.  The CAN entry only shows  
> 'reserved' - not very helpful.  I can't figure out a way to see the  
> patch without having access to a debian machine; anyone know how to  
> do that (or have a debian box so you can show the patch contents)?
> 
> This looks like the patch:
> * Applied patch by Javier Fernández-Sanguino Peña to fix insecure
>       temporary file creation [debian/patches/010_CAN-2005-2960_tmpfile]
> 
> On another note, I just noticed that 2.1.16 is the current version on  
> cfengine.org - did I just miss the announcement, or was there one?
> 
> -Jeff
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine
reply via email to
[Prev in Thread] Current Thread [Next in Thread]