Your message dated Tue, 02 Oct 2018 06:07:28 +0000 with message-id <e1g7dqc-0001wd...@fasolo.debian.org> and subject line Bug#863631: fixed in sympa 6.2.16~dfsg-3+deb9u1 has caused the Debian Bug report #863631, regarding sympa: trashes configuration on update without asking to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863631: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863631 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: sympa Version: 6.2.16~dfsg-3 Severity: critical Justification: causes serious data loss The upgrade to 6.2.16~dfsg-3 from 6.2.16~dfsg-2 in stretch just ditched SYMPA's config files on my system, leaving it in a broken way, even in such a broken way that users who tried sending mails did not receive an error and thought things went through. I think some actions would even have led to destruction of database data. I have no idea why the maintainer scripts decided to do that. I recovered from etckeeper and a system backup. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sympa depends on: ii adduser 3.115 ii ca-certificates 20161130+nmu1 ii dbconfig-common 2.0.8 ii debconf [debconf-2.0] 1.5.60 ii fonts-font-awesome 4.7.0~dfsg-1 ii init-system-helpers 1.48 ii libarchive-zip-perl 1.59-1 ii libc6 2.24-10 ii libcgi-fast-perl 1:2.12-1 ii libcgi-pm-perl 4.35-1 ii libclass-singleton-perl 1.5-1 ii libcrypt-openssl-x509-perl 1.8.7-3 ii libcrypt-smime-perl 0.19-2 ii libdatetime-format-mail-perl 0.4030-1 ii libdbd-csv-perl 0.4900-1 ii libdbd-mysql-perl 4.041-2 ii libdbd-pg-perl 3.5.3-1+b2 ii libdbd-sqlite3-perl 1.54-1 ii libdbi-perl 1.636-1+b1 ii libfcgi-perl 0.78-2 ii libfile-copy-recursive-perl 0.38-1 ii libfile-nfslock-perl 1.27-1 ii libhtml-format-perl 2.12-1 ii libhtml-stripscripts-parser-perl 1.03-1 ii libhtml-tree-perl 5.03-2 ii libintl-perl 1.26-2 ii libio-stringy-perl 2.111-2 ii libjs-jquery 3.1.1-2 ii libjs-jquery-migrate-1 1.4.1-1 ii libjs-jquery-placeholder 2.3.1-2 ii libjs-jquery-ui 1.12.1+dfsg-4 ii libjs-modernizr 2.6.2+ds1-1 ii libjs-twitter-bootstrap 2.0.2+dfsg-10 ii libmail-dkim-perl 0.40-1 ii libmailtools-perl 2.18-1 ii libmime-charset-perl 1.012-2 ii libmime-encwords-perl 1.014.3-2 ii libmime-lite-html-perl 1.24-2 ii libmime-tools-perl 5.508-1 ii libmsgcat-perl 1.03-6+b3 ii libnet-cidr-perl 0.18-1 ii libnet-dns-perl 1.07-1 ii libnet-ldap-perl 1:0.6500+dfsg-1 ii libnet-netmask-perl 1.9022-1 ii libregexp-common-perl 2016060801-1 ii libsoap-lite-perl 1.20-1 ii libtemplate-perl 2.24-1.2+b3 ii libterm-progressbar-perl 2.18-1 ii libunicode-linebreak-perl 0.0.20160702-1+b1 ii libxml-libxml-perl 2.0128+dfsg-1+b1 ii lsb-base 9.20161125 ii mhonarc 2.6.19-2 ii perl 5.24.1-2 pn perl:any <none> ii postfix [mail-transport-agent] 3.1.4-4 ii rsyslog [system-log-daemon] 8.24.0-1 ii sqlite3 3.16.2-3 Versions of packages sympa recommends: ii apache2-suexec-pristine [apache2-suexec] 2.4.25-3 ii doc-base 0.10.7 ii libapache2-mod-fcgid 1:2.3.9-1+b1 pn libcrypt-ciphersaber-perl <none> ii libio-socket-ssl-perl 2.044-1 ii locales 2.24-10 ii logrotate 3.11.0-0.1 ii postgresql 9.6+181 Versions of packages sympa suggests: ii apache2 [httpd-cgi] 2.4.25-3 pn libauthcas-perl <none> pn libdbd-odbc-perl <none> pn libdbd-oracle-perl <none> -- Configuration Files: /etc/sympa/auth.conf changed [not included] -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: sympa Source-Version: 6.2.16~dfsg-3+deb9u1 We believe that the bug you reported is fixed in the latest version of sympa, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 863...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated sympa package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 27 Jul 2018 19:48:38 +0200 Source: sympa Binary: sympa Architecture: source Version: 6.2.16~dfsg-3+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Sympa team <pkg-sympa-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 863631 Description: sympa - Modern mailing list manager Changes: sympa (6.2.16~dfsg-3+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. . [ Salvatore Bonaccorso ] * Directory traversal vulnerability (CVE-2018-1000550) . [ Emmanuel Bouthenot ] * Fix shell function used to prefill debconf questions from Sympa configuration file in debian/config. Values reinjected to Sympa config file were false and led to serious configurations issues. (Closes: #863631) Checksums-Sha1: 2a96a78c1f5a46a2e358db3ab9b9bc193437f766 2660 sympa_6.2.16~dfsg-3+deb9u1.dsc 356132e8b2ae8cca3b715b4f59abe90b95ebd935 8908449 sympa_6.2.16~dfsg.orig.tar.gz 2b401769eacd9d46852257f833cf41938be4fd27 174380 sympa_6.2.16~dfsg-3+deb9u1.debian.tar.xz Checksums-Sha256: d43c27226f5e8c215525a85ebfe2569a7d1a3411f1feabe1f434379a96fa4c53 2660 sympa_6.2.16~dfsg-3+deb9u1.dsc 5ea891c64b448ea94354e3d0edb21a6c3aae4a3881cae75963ebf98e50106839 8908449 sympa_6.2.16~dfsg.orig.tar.gz 2184ecc4eb541b5950ccd452b085f21cbc24a7f108b5d0760f1f0d39595f4d62 174380 sympa_6.2.16~dfsg-3+deb9u1.debian.tar.xz Files: c755a43c59d2bb3d62acfe58472d083a 2660 mail optional sympa_6.2.16~dfsg-3+deb9u1.dsc 96ddbf2919894d5ada244be92e00c7cd 8908449 mail optional sympa_6.2.16~dfsg.orig.tar.gz dd94f2fd30a0bdff0b27f2d302cf4983 174380 mail optional sympa_6.2.16~dfsg-3+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltbXTZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ETaMP/0bHEZ++RgKbcO4jlAIw5CkQYNT4p7DR hQL0WCsCBMnZL1sozaMVMhDzYZGvv2XcnT5sEzA+2B8XmdoXnMnxVegmdZzt28iw WgTPtofPlxY6P3G2U6/gLvpWQKf0adgZKy78/g6mR7FDGqxhReAfCzvtDfUl+39R KxsiT6AoNBNBcHUYX0DXwor3UvsgI+XymtBsJHIoCybUG5RuqQlc1HRrXxOteuqM gGPOXndF2Pk5KqJf/QU0EjO0vN/GvH2bKICijV4bTUTM4uadzZI89nGYbotzPprC iyM/jaByKvLpwqB4FF8vNCXfnHcTrXi4a6Pv3LsLYWf729KdEtQBqY8VDr3g4yg5 lwqe+c3a3P8Q4S4fEGNKcc8TNdF1BJZrdAJznyV2y21993xH3i5JSfmzCkMdPA6o IV/FrjMIK0xTk7itLYFSSoC3jjohH61eJvvpiPdvLR5FZ64IPKOJf2jLP9zw8O9u 9MNgu71BG3J5GYnmmhSdszJ7eBise1rv97Sny7luLFZ+Lft5RMy+4BKyoI1TEGF2 fEp5WQUdPGk17SVnmWG2kcquSy6cvLrRSzZ+0LgO3o862Ga7WGaeG3lMxr20MT+U 2xnrpHOckmimRm+yaP4W/jgQmQlMXgaU0TznDFZ4ya4f+iZmAqx1N2wMEDXpe9ve nA+Zf7A53Xab =Jnfx -----END PGP SIGNATURE-----
--- End Message ---
