Bug#928718: stretch-pu: groonga/6.1.5-1+deb9u1

Kentaro Hayashi Sat, 11 May 2019 07:12:27 -0700

Hi,

It should be stretch-proposed-updates instead stretch.
Here is the updated debdiff just for changing target:


debdiff groonga_6.1.5-1.dsc groonga_6.1.5-1+deb9u1.dsc
diff -Nru groonga-6.1.5/debian/changelog groonga-6.1.5/debian/changelog
--- groonga-6.1.5/debian/changelog      2017-01-23 19:14:09.000000000 +0900
+++ groonga-6.1.5/debian/changelog      2019-05-11 22:22:01.000000000 +0900
@@ -1,3 +1,13 @@
+groonga (6.1.5-1+deb9u1) stretch-proposed-updates; urgency=medium
+
+  * debian/groonga-httpd.logrotate
+    debian/groonga-server-gqtp.logrotate
+    - Mitigate privilege escalation by changing the owner and group of logs
+      with "su" option. Reported by Wolfgang Hotwagner.
+      (Closes: #928304) (CVE-2019-11675)
+
+ -- Kentaro Hayashi <haya...@clear-code.com>  Sat, 11 May 2019 22:22:01 +0900
+
 groonga (6.1.5-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru groonga-6.1.5/debian/groonga-httpd.logrotate 
groonga-6.1.5/debian/groonga-httpd.logrotate
--- groonga-6.1.5/debian/groonga-httpd.logrotate        2016-12-10 
15:18:50.000000000 +0900
+++ groonga-6.1.5/debian/groonga-httpd.logrotate        2019-05-09 
23:33:43.000000000 +0900
@@ -1,11 +1,11 @@
 /var/log/groonga/httpd/*.log {
+    su groonga groonga
     daily
     missingok
     rotate 30
     compress
     delaycompress
     notifempty
-    create 640 groonga groonga
     sharedscripts
     postrotate
         . /etc/default/groonga-httpd
diff -Nru groonga-6.1.5/debian/groonga-server-gqtp.logrotate 
groonga-6.1.5/debian/groonga-server-gqtp.logrotate
--- groonga-6.1.5/debian/groonga-server-gqtp.logrotate  2016-12-10 
15:18:50.000000000 +0900
+++ groonga-6.1.5/debian/groonga-server-gqtp.logrotate  2019-05-09 
23:33:43.000000000 +0900
@@ -1,11 +1,11 @@
 /var/log/groonga/*-gqtp.log {
+    su groonga groonga
     daily
     missingok
     rotate 30
     compress
     delaycompress
     notifempty
-    create 640 groonga groonga
     sharedscripts
     postrotate
         . /etc/default/groonga-server-gqtp


Regards,

diff -Nru groonga-6.1.5/debian/changelog groonga-6.1.5/debian/changelog
--- groonga-6.1.5/debian/changelog	2017-01-23 19:14:09.000000000 +0900
+++ groonga-6.1.5/debian/changelog	2019-05-11 22:22:01.000000000 +0900
@@ -1,3 +1,13 @@
+groonga (6.1.5-1+deb9u1) stretch-proposed-updates; urgency=medium
+
+  * debian/groonga-httpd.logrotate
+    debian/groonga-server-gqtp.logrotate
+    - Mitigate privilege escalation by changing the owner and group of logs
+      with "su" option. Reported by Wolfgang Hotwagner.
+      (Closes: #928304) (CVE-2019-11675)
+
+ -- Kentaro Hayashi <haya...@clear-code.com>  Sat, 11 May 2019 22:22:01 +0900
+
 groonga (6.1.5-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru groonga-6.1.5/debian/groonga-httpd.logrotate groonga-6.1.5/debian/groonga-httpd.logrotate
--- groonga-6.1.5/debian/groonga-httpd.logrotate	2016-12-10 15:18:50.000000000 +0900
+++ groonga-6.1.5/debian/groonga-httpd.logrotate	2019-05-09 23:33:43.000000000 +0900
@@ -1,11 +1,11 @@
 /var/log/groonga/httpd/*.log {
+    su groonga groonga
     daily
     missingok
     rotate 30
     compress
     delaycompress
     notifempty
-    create 640 groonga groonga
     sharedscripts
     postrotate
         . /etc/default/groonga-httpd
diff -Nru groonga-6.1.5/debian/groonga-server-gqtp.logrotate groonga-6.1.5/debian/groonga-server-gqtp.logrotate
--- groonga-6.1.5/debian/groonga-server-gqtp.logrotate	2016-12-10 15:18:50.000000000 +0900
+++ groonga-6.1.5/debian/groonga-server-gqtp.logrotate	2019-05-09 23:33:43.000000000 +0900
@@ -1,11 +1,11 @@
 /var/log/groonga/*-gqtp.log {
+    su groonga groonga
     daily
     missingok
     rotate 30
     compress
     delaycompress
     notifempty
-    create 640 groonga groonga
     sharedscripts
     postrotate
         . /etc/default/groonga-server-gqtp

Bug#928718: stretch-pu: groonga/6.1.5-1+deb9u1

Reply via email to