mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-22 12:51:25 +03:00
d6e7d92d82
Fix CVE-2022-1348: A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20. https://github.com/logrotate/logrotate/blob/3.20.1/ChangeLog.md Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>