-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 06 Jan 2012 20:36:51 +0000 Source: ecryptfs-utils Binary: ecryptfs-utils libecryptfs0 libecryptfs-dev Architecture: source amd64 Version: 68-1+lenny1 Distribution: oldstable-security Urgency: low Maintainer: Daniel Baumann <daniel@debian.org> Changed-By: Jonathan Wiltshire <jmw@debian.org> Description: ecryptfs-utils - ecryptfs cryptographic filesystem (utilities) libecryptfs-dev - ecryptfs cryptographic filesystem (development) libecryptfs0 - ecryptfs cryptographic filesystem (library) Changes: ecryptfs-utils (68-1+lenny1) oldstable-security; urgency=low . * Non-maintainer upload by the security team. * Various security fixes in src/utils/mount.ecryptfs_private.c: - chdir into mountpoint before checking permissions in (CVE-2011-1831, CVE-2011-1832) - modify mtab via a temp file first and make sure it succeeds before replacing the real mtab (CVE-2011-1834) - make sure we don't copy into a user controlled directory (CVE-2011-1835) - also set gid and umask before updating mtab (CVE-2011-3145) Checksums-Sha1: 664ba7e2bb086a0d636da41b84dfe91d86ab1613 2193 ecryptfs-utils_68-1+lenny1.dsc 3614416ea4e989793c1f13dfb4d150d714f81b17 484723 ecryptfs-utils_68.orig.tar.gz 2f12c6d5ef28fb41d05258f303326472bc5fcaca 7855 ecryptfs-utils_68-1+lenny1.diff.gz 32d419070d84d1b7c4ce7cdb6ac78a89eab5ab17 85784 ecryptfs-utils_68-1+lenny1_amd64.deb 0d9facd5dc9e9b078fba9090c7f8846aa9e422e1 63648 libecryptfs0_68-1+lenny1_amd64.deb b138eb2acb373ec86196d851bcf572cb2c213c06 55828 libecryptfs-dev_68-1+lenny1_amd64.deb Checksums-Sha256: 1b0b29a4f0c08c4709b4730b3cff02c6c81951baf1f46d90e9a555a4d1aa88e0 2193 ecryptfs-utils_68-1+lenny1.dsc c26b109cd54b82033699727a455069bd9130c3be2e67573f5ebcdfb8f0d9b67e 484723 ecryptfs-utils_68.orig.tar.gz bb9aa84edcd892a338253ed3be80f667fa63c2be5088175548e0f6d08d1dc6c3 7855 ecryptfs-utils_68-1+lenny1.diff.gz 8c55656df6e5dfdf5ddc79590c76d75ca6096be317d3d372ceaf41f54b0bdabc 85784 ecryptfs-utils_68-1+lenny1_amd64.deb 66f080705287486de9eb3296fd112af14ce0847c5d3e2aa9fa32c31f2f72903f 63648 libecryptfs0_68-1+lenny1_amd64.deb d02dd7cf2014c04a78216ae6ff759a81318c55f1cbb0a611fb960fbcc4529fe9 55828 libecryptfs-dev_68-1+lenny1_amd64.deb Files: 43d322d2f4122c2c30abd56348597804 2193 misc optional ecryptfs-utils_68-1+lenny1.dsc 57428a8bf128bc1f076412c7b6478ca0 484723 misc optional ecryptfs-utils_68.orig.tar.gz 9f7ecb975ce4ac35a0eecc29752e8fa0 7855 misc optional ecryptfs-utils_68-1+lenny1.diff.gz 2ca1703851d7c01cbb9a337ee822416d 85784 misc optional ecryptfs-utils_68-1+lenny1_amd64.deb b9a14f23342e3744253a67cf6afd0afc 63648 libs optional libecryptfs0_68-1+lenny1_amd64.deb d4f0fa0d1a84ba70148391e67af774d6 55828 libdevel optional libecryptfs-dev_68-1+lenny1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPCD+pAAoJEFOUR53TUkxR8vEP/2gsJvXGWm9/mkBraSxHqK8V W+n2ZRTaRuXcf/aHdGHixUTamhewtiQaLW2bEgbMAyyPimag/zyjQslliN/piuXg en8opv3VAghycaSii1M/qTHYKDSmZJ2FsFSdicKL/NmeYqNSP/9UrtMXvFw3zWfg oKZEDTGgnuID05MX6s0OsElQSMunAnKWwFHvpw1ZHZiHMWvPycs+thkI05CSgNDs 8vJzOzqv5BlkdcXzIoqNWmzo5/YfDCNqqttZRmrkyJyt/k5qG9UXRhLBkG//XJs4 AElrIgmgXX2+tmxy3DZKpzscs7JuunHRE2sn1fe+5TFb5Oa/aVnkQodAHNx4HHT6 zXhqfwVTlq8kGFkN7DMsfKHNp2V8zp/j4PqdKha6h8YbGTOFiV7ua81xo5jBcr+W tpL5U0Lvc4MgW95pOo2a501LmSewhm9MCeqjHEvs6wJ8EGY/f/88usPEJ2iXOYES 7MW5nDS5tFM08IAxOHHhc9ml7TY8lvcQO7mPFJEVGNqDY1AcE94arZBVkfVoIAl5 079tjmGzkfjeOJ2X9CITQ/hMpASi/Bt2O/mmQhJpYyrnN1Z/sIL7qFa9sXd/Vk+g 1n1cdXKY7GE5RDBp5X0/ixZ7RmBRTcj9iWtO+I6cPzaumnLAnocxhkQingsY7L4N DvGLIZXFG2Xo2VMoMtH/ =WNYQ -----END PGP SIGNATURE----- Accepted: ecryptfs-utils_68-1+lenny1.diff.gz to main/e/ecryptfs-utils/ecryptfs-utils_68-1+lenny1.diff.gz ecryptfs-utils_68-1+lenny1.dsc to main/e/ecryptfs-utils/ecryptfs-utils_68-1+lenny1.dsc ecryptfs-utils_68-1+lenny1_amd64.deb to main/e/ecryptfs-utils/ecryptfs-utils_68-1+lenny1_amd64.deb libecryptfs-dev_68-1+lenny1_amd64.deb to main/e/ecryptfs-utils/libecryptfs-dev_68-1+lenny1_amd64.deb libecryptfs0_68-1+lenny1_amd64.deb to main/e/ecryptfs-utils/libecryptfs0_68-1+lenny1_amd64.deb