Bug#626281: marked as done (pid file has wrong permissions)

Wed, 09 Nov 2011 23:48:24 -0800 

Your message dated Thu, 10 Nov 2011 07:47:10 +0000
with message-id <e1roplq-0007gy...@franck.debian.org>
and subject line Bug#626281: fixed in keepalived 1:1.2.2-2
has caused the Debian Bug report #626281,
regarding pid file has wrong permissions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
626281: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: keepalived
Version: 1.1.12-1
Severity: grave
Tags: security

Hi,

keepalive writes a public writeable pid file to /var/run

-rw-rw-rw-  1 root     root        5 2011-02-08 13:00 keepalived.pid

Cheers,
Martin


reference: 
http://lists.debian.org/05578bff-44fc-41b3-9e8e-c11b5b9a6...@gmail.com
-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
 Martin Zobel-Helas <zo...@debian.org>  | Debian System Administrator
 Debian & GNU/Linux Developer           |           Debian Listmaster
 GPG key http://go.debian.net/B11B627B  | 
 GPG Fingerprint:  6B18 5642 8E41 EC89 3D5D  BDBB 53B1 AC6D B11B 627B

--- End Message ---
--- Begin Message --- 
Source: keepalived
Source-Version: 1:1.2.2-2

We believe that the bug you reported is fixed in the latest version of
keepalived, which is due to be installed in the Debian FTP archive:

keepalived_1.2.2-2.diff.gz
  to main/k/keepalived/keepalived_1.2.2-2.diff.gz
keepalived_1.2.2-2.dsc
  to main/k/keepalived/keepalived_1.2.2-2.dsc
keepalived_1.2.2-2_amd64.deb
  to main/k/keepalived/keepalived_1.2.2-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 626...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Wirt <formo...@debian.org> (supplier of updated keepalived package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 10 Nov 2011 08:38:47 +0100
Source: keepalived
Binary: keepalived
Architecture: source amd64
Version: 1:1.2.2-2
Distribution: unstable
Urgency: low
Maintainer: Alexander Wirt <formo...@debian.org>
Changed-By: Alexander Wirt <formo...@debian.org>
Description: 
 keepalived - Failover and monitoring daemon for LVS clusters
Closes: 626281
Changes: 
 keepalived (1:1.2.2-2) unstable; urgency=low
 .
   * [9db4134] Fix override disparity
   * [8f0c721] Remove obsolete patch
   * [897c0a0] Set correct permissions on pid file.
     This is a fix for CVE-2011-1784.
     (Closes: #626281)
   * [5ab4b8d] Don't use modprobe -k.
     Thanks to Sven Ulland for the patch
   * [c87fe40] Add vcs headers to control file
   * [8107104] Bump standards version - no changes
Checksums-Sha1: 
 e72fb11cf6fd4a945faadd0f5a8b880f83509a2d 1195 keepalived_1.2.2-2.dsc
 ccd607f0f59dca110c9334fe3507d390d5e5ed05 13932 keepalived_1.2.2-2.diff.gz
 1595fdfefc244284edc1b565c132aaa789c39041 128088 keepalived_1.2.2-2_amd64.deb
Checksums-Sha256: 
 1cf6cf1ee980cbcb166d2b84169a5c26ba88d365f5fd12e9799eaaaf9a805d1e 1195 
keepalived_1.2.2-2.dsc
 61afa84705b75137082ce1aa4b28cdf8bb70631554fca06b866423c2e365a5d2 13932 
keepalived_1.2.2-2.diff.gz
 9e0f0792283e7f85f1dbf92c142148318144700026ebb44a5e8a162a59a3c00d 128088 
keepalived_1.2.2-2_amd64.deb
Files: 
 e0b6bddb9625419c605035ec6b81277f 1195 admin extra keepalived_1.2.2-2.dsc
 dfcc5a684278bafde8926036f2d902a7 13932 admin extra keepalived_1.2.2-2.diff.gz
 a65f3473064340f3ad6ffa3dc3d76739 128088 admin extra 
keepalived_1.2.2-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk67gGYACgkQ01u8mbx9AgodCACfSFQQYgUePg3ZRQMpST4M7lmr
gqUAoLlC0F4sYobEZcVH1/AzXVyJmgXq
=UL/V
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to