Patchwork [0/1] logrotate: fix for CVE-2011-1548

login
register
mail settings
Submitter wenzong.fan@windriver.com
Date June 18, 2013, 2:28 a.m.
Message ID <cover.1371522167.git.wenzong.fan@windriver.com>
Download mbox
Permalink /patch/51867/
State New
Headers show

Pull-request

git://git.pokylinux.org/poky-contrib wenzong/logrotate

Comments

wenzong.fan@windriver.com - June 18, 2013, 2:28 a.m.
From: Wenzong Fan <wenzong.fan@windriver.com>

If a logfile is a symlink, it may be read when being compressed, being
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
may be exposed.
    
Portback nofollow.patch from:
http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz

The following changes since commit 1dd643b142c69ac9035e29bff11d02201638dc65:

  licences: Add SGI license (2013-06-17 16:45:37 +0100)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib wenzong/logrotate
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/logrotate

Wenzong Fan (1):
  logrotate: fix for CVE-2011-1548

 .../logrotate-3.8.1/logrotate-CVE-2011-1548.patch  |   43 ++++++++++++++++++++
 meta/recipes-extended/logrotate/logrotate_3.8.1.bb |    1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch