commit a841020e5e20225c754d5a1276ecb5ccd82ff8e8 Merge: bbcf9f1 5307e85 Author: Tobias Heider <tobias.heider@stusta.de> Date: Wed Mar 6 10:44:57 2024 +0000 Merge branch 'ci-salsa-pipeline' into 'debian/latest' CI: add salsa-ci-team pipeline See merge request debian/nvi!5 commit 5307e856b60059d09c7847b13d73242ed1672408 Author: Paride Legovini <paride@debian.org> Date: Thu Feb 15 20:20:27 2024 +0100 CI: add salsa-ci-team pipeline commit bbcf9f11cef2bd60ff0d4b02c4f2be3b7de89332 Author: Tobias Heider <me@tobhe.de> Date: Thu Feb 15 11:27:58 2024 +0100 Fix TOCTOU issue with creation and chmod of vi.recovery. An attacker could exploit this to chmod arbitrary files via symlinks by creating it at the right time. Fixes #771375 commit 4c42a8cb211a7cf420750530c20371672bab98b0 Author: Tobias Heider <me@tobhe.de> Date: Thu Feb 15 11:11:01 2024 +0100 Fix shell quoting in recovery mail script. Fixes #769719.
Among the 38 debian patches available in version 1.81.6-20 of the package, we noticed the following issues: