Publishing details


publicfile-installer (0.11-1) unstable; urgency=low

  * New upstream.  No longer ships install-publicfile, no longer uses /tmp.
    This fixes a serious security issue: a local privilage escalation
    security hole due to insecure use of /tmp. "This [...] package downloads
    the source code for DJB's publicfile, builds it, and then puts the
    output in a predictable location in a world-writable directory, using an
    existing directory of that name if it already exists, then (either
    automatically or by telling the admin to run another script) installs
    whatever happens to be in that directory.  This can be exploited by
    malicious local users to get arbitrary installscripts executed as root."
    Thanks Justin B Rye.  Closes: #795062.
    + debian/templates: adjusted.
    + debian/control: Depends: add sudo.
  * debian/changelog: fix spelling error.

 -- Joost van Baal-Ilić <email address hidden>  Sun, 06 Sep 2015 07:23:33 +0200

Available diffs


Built packages

Package files