Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at Fri Aug 12 13:24:19 CEST 2011. -------- --- ecryptfs-utils/ecryptfs-utils.changes 2011-04-18 17:09:01.000000000 +0200 +++ /mounts/work_src_done/STABLE/ecryptfs-utils/ecryptfs-utils.changes 2011-08-11 17:27:36.000000000 +0200 @@ -1,0 +2,17 @@ +Thu Aug 11 17:25:21 CEST 2011 - meissner@suse.de + +- Updated to 90 + Fixed several security issues: + * CVE-2011-1831 - Race condition when checking mountpoint during mount. + * CVE-2011-1832 - Race condition when checking mountpoint during unmount. + * CVE-2011-1833 - Race condition when checking source during mount. + * CVE-2011-1834 - Improper mtab handling allowing corruption due to resource + limits, signals, etc. + * CVE-2011-1835 - Key poisoning in ecryptfs-setup-private due to insecure temp + directory. + * CVE-2011-1836 - ecryptfs-recover-private mounts directly in /tmp + * CVE-2011-1837 - Predictable lock counter name and associated races. + + New ecryptfs-find binary to find by inode. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- ecryptfs-utils_87.orig.tar.gz New: ---- ecryptfs-utils_90.orig.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ecryptfs-utils.spec ++++++ --- /var/tmp/diff_new_pack.Bl1Eqy/_old 2011-08-12 13:24:01.000000000 +0200 +++ /var/tmp/diff_new_pack.Bl1Eqy/_new 2011-08-12 13:24:01.000000000 +0200 @@ -24,7 +24,7 @@ Group: Productivity/Security AutoReqProv: on Summary: Userspace Utilities for ecryptfs -Version: 87 +Version: 90 Release: 1 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%versi... Source1: baselibs.conf ++++++ ecryptfs-utils_87.orig.tar.gz -> ecryptfs-utils_90.orig.tar.gz ++++++ ++++ 18222 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org