libuser: CVE-2012-5630 CVE-2012-5644
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libuser (Debian) |
Fix Released
|
Unknown
|
|||
libuser (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Imported from Debian bug http://
Package: libuser
Severity: important
Tags: security
Hi,
the following vulnerabilities were published for libuser.
CVE-2012-5630[0]:
TOCTOU race conditions by copying and removing directory trees
CVE-2012-5644[1]:
(Complete) Information disclosure when moving user's home directory
The patch however looks unfortunately quite substantial, see [2], so
might be better to update for unstable directly to the new upstream
version.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://
[1] http://
[2] https:/
Regards,
Salvatore
Changed in libuser (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
information type: | Public → Public Security |
description: | updated |
Changed in libuser (Debian): | |
importance: | Undecided → Unknown |
Changed in libuser (Debian): | |
status: | New → Fix Released |
in the meantime this has been fixed and synced.