[Rpm-maint] [rpm-software-management/rpm] First steps towards fixing the symlink CVEs (PR #1919)
Panu Matilainen
notifications at github.com
Thu Feb 10 13:19:57 UTC 2022
It should be noted (probably in the commit message too) that as these symlink CVE's overlap and interact in various ways, this does not fully fix CVE-2021-35939 as the directory tracking does not cover all our installation steps yet. Plugging all the holes requires converting all of FSM to the *at() family of calls plus fd-based ops where possible, so this really is just the first step of many to come.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1919#issuecomment-1034914090
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1919/c1034914090 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220210/222fa5d6/attachment.html>
More information about the Rpm-maint
mailing list