Re: security issues
- From: Colin Watson <cjwatson@xxxxxxxxxx>
- Date: Tue, 14 Mar 2006 12:35:28 +0000
On Tue, Mar 14, 2006 at 12:29:41PM +0000, Colin Watson wrote:
The attached diff fixes the core of the problem, although some other
changes were necessary to fix a related problem with preseeded
passwords.
Of course I forgot to actually attach the diff. Done now.
--
Colin Watson [cjwatson@xxxxxxxxxx]
Index: debian/changelog
===================================================================
--- debian/changelog (revision 35398)
+++ debian/changelog (revision 35399)
@@ -16,6 +16,12 @@
it's on the initrd and packages will get correct deps as they're
recompiled against this.
+ [ Colin Watson ]
+ * Honour accept_types/reject_types for questions registered against
+ templates that were received in DATA commands over passthrough. This was
+ one of the root causes of Ubuntu's recent installer password disclosure
+ vulnerability.
+
-- Attilio Fiandrotti <fiandro@xxxxxxxxxx> Wed, 8 Mar 2006 22:40:40 +0100
cdebconf (0.97) unstable; urgency=low
Index: src/commands.c
===================================================================
--- src/commands.c (revision 35398)
+++ src/commands.c (revision 35399)
@@ -804,11 +804,12 @@
q->template = t;
template_ref(t);
}
+ t->lset(t, NULL, item, value);
mod->questions->methods.set(mod->questions, q);
}
+ else
+ t->lset(t, NULL, item, value);
- t->lset(t, NULL, item, value);
-
asprintf(&out, "%u OK", CMDSTATUS_SUCCESS);
return out;
}
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- References:
- security issues
- From: Lamp
- Re: security issues
- From: Colin Watson
- security issues
- Prev by Date: Re: security issues
- Next by Date: Re: is there a good alternative to totem?
- Previous by thread: Re: security issues
- Next by thread: Re: security issues
- Index(es):
