Commit 7a56052d authored by Christian Kastner's avatar Christian Kastner

Acknowledge NMU changes by Markus Koschany

parent f028a4e6
libcgroup (0.41-8.1) unstable; urgency=high
* Non-maintainer upload.
* Fix CVE-2018-14348:
It was discovered that the cgrulesengd daemon would create a log file which
would allow any user to write to it. (Closes: #906308)
-- Markus Koschany <apo@debian.org> Sun, 19 Aug 2018 23:10:45 +0200
libcgroup (0.41-8) unstable; urgency=medium
* Drop package libcgroup-dbg in favor of automatic dbgsym packages.
......
From: Markus Koschany <apo@debian.org>
Date: Sun, 19 Aug 2018 23:09:25 +0200
Subject: CVE-2018-14348
Bug-Debian: https://bugs.debian.org/906308
Origin: https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/
---
src/daemon/cgrulesengd.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
index 367b898..ffd1fc3 100644
--- a/src/daemon/cgrulesengd.c
+++ b/src/daemon/cgrulesengd.c
@@ -886,8 +886,6 @@ int cgre_start_daemon(const char *logp, const int logf,
exit(EXIT_SUCCESS);
}
- /* Change the file mode mask. */
- umask(0);
} else {
flog(LOG_DEBUG, "Not using daemon mode\n");
pid = getpid();
......@@ -4,3 +4,4 @@ template-doc.patch
initscript-return.patch
Syntax-fixes-for-man-pages.patch
pam_cgroup-Revert-broken-cache-usage.patch
CVE-2018-14348.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment