Comment 23 for bug 7373

package slocate
tags 226103 patch
thanks

On Mon, 9 Aug 2004 22:11:14 -0300, Joey Hess wrote:
> However, I see no
> indication that CAN-2003-0848 is fixed in unstable. As noted at the top
> of the bug, 2.7 is probably vulnerable. The sgid dropping should
> certainly be forward ported from 2.6-1.3.2.

Forward porting the patch is easy, it applies cleanly (just some
offset), except for the debian/changelog part. I don't know whether
this patch will be sufficient for v2.7, though, but I'd assume so as
the attached patch and the diff between v2.6 and v2.7 don't seem to
intersect...
Find attached the patch from DSA-428-1 (diff between v2.6-1.3.1 and
v2.6-1.3.2)

Cheers,
Flo

PS: Please lart me if I went to far in tagging this bug "patch".