Your message dated Mon, 23 Aug 2010 08:32:28 +0000
with message-id <e1onssc-0003xe...@franck.debian.org>
and subject line Bug#588082: fixed in docbookwiki 0.9.1cvs-15
has caused the Debian Bug report #588082,
regarding docbookwiki: race condition in postrm
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
588082: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588082
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: docbookwiki
Version: 0.9.1cvs-14
Severity: grave
Tags: security
Hi,
There's a race condition in the postrm script that could let a user get a copy
of the sudoers file while the package is being purged.
Vulnerable code:
> sed -e '/allow apache to run everything as dbwiki/{N;d;p}' < /etc/sudoers >
/etc/sudoers.new
> mv -f /etc/sudoers.new /etc/sudoers
> chmod 0440 /etc/sudoers
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---
Source: docbookwiki
Source-Version: 0.9.1cvs-15
We believe that the bug you reported is fixed in the latest version of
docbookwiki, which is due to be installed in the Debian FTP archive:
docbookwiki_0.9.1cvs-15.diff.gz
to non-free/d/docbookwiki/docbookwiki_0.9.1cvs-15.diff.gz
docbookwiki_0.9.1cvs-15.dsc
to non-free/d/docbookwiki/docbookwiki_0.9.1cvs-15.dsc
docbookwiki_0.9.1cvs-15_all.deb
to non-free/d/docbookwiki/docbookwiki_0.9.1cvs-15_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 588...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Malcolm <termi...@debian.org> (supplier of updated docbookwiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 23 Aug 2010 14:05:43 +0800
Source: docbookwiki
Binary: docbookwiki
Architecture: source all
Version: 0.9.1cvs-15
Distribution: unstable
Urgency: low
Maintainer: Jeremy Malcolm <termi...@debian.org>
Changed-By: Jeremy Malcolm <termi...@debian.org>
Description:
docbookwiki - a Web application to display and edit DocBook documents online
Closes: 578212 588082
Changes:
docbookwiki (0.9.1cvs-15) unstable; urgency=low
.
* Patched several files for compatibility with PHP >= 5.3 (Closes: #578212)
* Fixed race condition in postrm script (Closes: #588082)
Checksums-Sha1:
8dabac0e01a4368250df4fcf8856eca9eee4ef2c 1029 docbookwiki_0.9.1cvs-15.dsc
87f4de1d7e42aec82e0735293f1cbf69d267177d 25769 docbookwiki_0.9.1cvs-15.diff.gz
38204afa2a8e753246e1593fdc1fabab1d9a2894 912536 docbookwiki_0.9.1cvs-15_all.deb
Checksums-Sha256:
f1ef1c4fe9346d2688cd66b1768a4a53b7acded5718c35ad1e2179b75425c399 1029
docbookwiki_0.9.1cvs-15.dsc
6f1889f5df19e128ee42371ca6fa8ac5d61aa218cf2766934ce47a3a0e9182fd 25769
docbookwiki_0.9.1cvs-15.diff.gz
a98ab9de85dda7a03094bd0bfd17df09ecbbc2caac0ab6c31809808623c48c70 912536
docbookwiki_0.9.1cvs-15_all.deb
Files:
b5b2be843bf106d69ad09841450fd6ea 1029 non-free/web extra
docbookwiki_0.9.1cvs-15.dsc
4863040307fa02a43512ca6e4d81db1f 25769 non-free/web extra
docbookwiki_0.9.1cvs-15.diff.gz
e59c327bd90222223aaeb2826fc46023 912536 non-free/web extra
docbookwiki_0.9.1cvs-15_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFMcia09nWq4tKrIiARAkPtAJ42iCAXziHcNiodCjdVYEhVNGX2HQCfQXPP
d5Aw/AeKh54mi2Gc5fjSbvM=
=ZFU7
-----END PGP SIGNATURE-----
--- End Message ---
