Package: rush | Debian Sources

Package: rush / 1.7+dfsg-1+deb7u1

Metadata

Package	Version	Patches format
rush	1.7+dfsg-1+deb7u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
dfsg_reduction.diff \| (download)	Makefile.am \| 2 1 + 1 - 0 ! configure.ac \| 1 0 + 1 - 0 ! 2 files changed, 1 insertion(+), 2 deletions(-)	remove texinfo documentation. The original source contained a licensing of the Texinfo source which is incompatible with DFSG. The build target is now removed.
tcpmux_service.diff \| (download)	src/socket.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	use sensible mode flags in fdopen(). A socket cannot be rewound, therefore the only sensible opening mode is "a+". The original mode fails for Linux. . Remove an annoying carrage return that only makes the report look uglier. The TCPMUX daemon does not care so late into the message exchange.
cve_2013_6889.diff \| (download)	src/rush.c \| 4 4 + 0 - 0 ! 1 file changed, 4 insertions(+)	cve-2013-6889, elevated access. The executable will, when used with SUID-bit set, allow opening and reading access to every system file also by an unprivileged user, whenever invocation is done in testing mode, i.e., using '-t' without '-u'. . Prevent this mistake by resetting the effective user identification to the real user identification when- ever testing mode is asked for.

Patch

File delta

Description

dfsg_reduction.diff | (download)

Makefile.am | 2 1 + 1 - 0 !
configure.ac | 1 0 + 1 - 0 !
2 files changed, 1 insertion(+), 2 deletions(-)

 remove texinfo documentation.
 The original source contained a licensing
 of the Texinfo source which is incompatible
 with DFSG. The build target is now removed.

tcpmux_service.diff | (download)

src/socket.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 use sensible mode flags in fdopen().
 A socket cannot be rewound, therefore the only sensible
 opening mode is "a+". The original mode fails for Linux.
 .
 Remove an annoying carrage return that only makes the
 report look uglier. The TCPMUX daemon does not care
 so late into the message exchange.

cve_2013_6889.diff | (download)

src/rush.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 cve-2013-6889, elevated access.
 The executable will, when used with SUID-bit set,
 allow opening and reading access to every system
 file also by an unprivileged user, whenever invocation
 is done in testing mode, i.e., using '-t' without '-u'.
 .
 Prevent this mistake by resetting the effective user
 identification to the real user identification when-
 ever testing mode is asked for.