Subject: Detailed commit messages and not just url pointers (was: CVS commit: pkgsrc/print/ghostscript)
To: Adrian Portelli <adrianp@NetBSD.org>
From: Bernd Ernesti <veego@NetBSD.org>
Date: 11/27/2005 18:59:32
On Sun, Nov 27, 2005 at 05:07:30PM +0000, Adrian Portelli wrote:
> Module Name: pkgsrc
> Committed By: adrianp
> Date: Sun Nov 27 17:07:30 UTC 2005
> Modified Files:
> pkgsrc/print/ghostscript: Makefile
> Log Message:
> Update for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0967
please use a more detailed commit message and not just a pointer to an
url, which could be changed or vanish in the future.
From the Description part of the url above:
The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh scripts in
the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1,
and other operating systems, allow local users to overwrite files via a
symlink attack on temporary files.
Something like that and that you fixed it.