torque (2.4.16+dfsg-1.5) unstable; urgency=high
* Non-maintainer upload.
* Add CVE-2014-3684.patch patch.
CVE-2014-3684: Within a TORQUE Resource Manager job, the tm_adopt()
TORQUE library call enables a user-built executable calling tm_adopt()
to adopt any session id (and its child processes) regardless of the
session id owner on any node within a job. When a job that includes the
executable calling tm_adopt() exits, the adopted processes are killed
along with the job processes during normal job cleanup. This can enable
a non-root user to kill processes he doesn't own including root-owned
ones on any node in a job. (Closes: #763922)
-- Salvatore Bonaccorso <email address hidden> Sat, 25 Oct 2014 13:18:37 +0200
