Format: 1.8
Date: Thu, 04 Aug 2011 10:41:53 -0400
Source: ecryptfs-utils
Binary: ecryptfs-utils libecryptfs0 libecryptfs-dev
Architecture: i386 i386_translations
Version: 83-0ubuntu3.2.10.10.1
Distribution: maverick
Urgency: low
Maintainer: Ubuntu/amd64 Build Daemon <buildd@roseapple.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 ecryptfs-utils - ecryptfs cryptographic filesystem (utilities)
 libecryptfs-dev - ecryptfs cryptographic filesystem (development)
 libecryptfs0 - ecryptfs cryptographic filesystem (library)
Launchpad-Bugs-Fixed: 732628
Changes: 
 ecryptfs-utils (83-0ubuntu3.2.10.10.1) maverick-security; urgency=low
 .
   * SECURITY UPDATE: privilege escalation via mountpoint race conditions
     (LP: #732628)
     - src/utils/mount.ecryptfs_private.c: chdir into mountpoint before
       checking permissions. Patch thanks to Dan Rosenberg.
     - CVE-2011-1831
     - CVE-2011-1832
   * SECURITY UPDATE: race condition when checking source during mount
     (LP: #732628)
     - src/utils/mount.ecryptfs_private.c: use new ecryptfs_check_dev_ruid
       kernel option when mounting directory.
     - CVE-2011-1833
   * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
     - src/utils/mount.ecryptfs_private.c: modify mtab via a temp file first
       and make sure it succeeds before replacing the real mtab. Patch
       thanks to Dan Rosenberg.
     - CVE-2011-1834
   * SECURITY UPDATE: key poisoning via insecure temp directory handling
     (LP: #732628)
     - src/utils/ecryptfs-setup-private: make sure we don't copy into a
       user controlled directory.
     - CVE-2011-1835
   * SECURITY UPDATE: arbitrary file overwrite via lock counter race
     condition (LP: #732628)
     - src/utils/mount.ecryptfs_private.c: verify permissions with a file
       descriptor, and don't follow symlinks.
     - CVE-2011-1837
Checksums-Sha1: 
 e02753f3ae199f7f86c7098f37d1ec5df1292dbd 105948 ecryptfs-utils_83-0ubuntu3.2.10.10.1_i386.deb
 5732abb2c582da871a0ad9d8afbd4d4968e1a12d 70802 libecryptfs0_83-0ubuntu3.2.10.10.1_i386.deb
 bc2f920fe94ff6fb8a672cf8d4fc5aff58fd8d2d 65068 libecryptfs-dev_83-0ubuntu3.2.10.10.1_i386.deb
 254db0b2b1a68df996d0a3dcffeb1f5b2d774ec5 1848 ecryptfs-utils_83-0ubuntu3.2.10.10.1_i386_translations.tar.gz
Checksums-Sha256: 
 d4c45d1a7fcecad37b80bf37e032b34e0284e44546047af809103aba9ce90076 105948 ecryptfs-utils_83-0ubuntu3.2.10.10.1_i386.deb
 e97c89e0ff73639ae55e890037b6575a53340af87f4868a7ceb0da36fda84e12 70802 libecryptfs0_83-0ubuntu3.2.10.10.1_i386.deb
 11a4fb79521c7f02c3d29daebc829fcdc6a9feef20af38890d4bf00185b75042 65068 libecryptfs-dev_83-0ubuntu3.2.10.10.1_i386.deb
 064dc3496cc92936aad66267e01b57ed795f962f82f3fba480eafaac4f49709a 1848 ecryptfs-utils_83-0ubuntu3.2.10.10.1_i386_translations.tar.gz
Files: 
 2775396607cba53e45dea501a60315e6 105948 misc optional ecryptfs-utils_83-0ubuntu3.2.10.10.1_i386.deb
 df9976463f9911f04376a0e47d044cf4 70802 libs optional libecryptfs0_83-0ubuntu3.2.10.10.1_i386.deb
 52911843b8dc534a693e9d518ade4f67 65068 libdevel optional libecryptfs-dev_83-0ubuntu3.2.10.10.1_i386.deb
 083b6f0a73a6f6d480bd8e0479ee6cad 1848 raw-translations - ecryptfs-utils_83-0ubuntu3.2.10.10.1_i386_translations.tar.gz
Original-Maintainer: Daniel Baumann <daniel@debian.org>