Your message dated Mon, 19 Jun 2006 01:49:34 +0200
with message-id <[EMAIL PROTECTED]>
and subject line been fixed in 0.1.19-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: storebackup
Version: 1.18.4-2
Severity: grave
Tags: security
Justification: user security hole
Although it's not really mentioned in the changelog storebackup 1.19 fixed
several security problems, which are still present in Sarge, they've been
assigned CAN-2005-3150, CAN-2005-3149 and CAN-2005-3148:
Quoting upstream's changelog:
- uid and gid were not set correctly for symbolic links in the
backups (in the files, not the description of the files)
- check for symbolic links before opening temporary files
- set permissions of backup root directory to 0755
(independent of umask)
- uid and gid were not set correctly for symbolic links when
restoring, instead they were changed in the file where the
symlink pointed to
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
--- End Message ---
--- Begin Message ---
Version: 1.19-1
On Mon, Jan 09, 2006 at 07:08:24PM +0100, Arthur Korn wrote:
> Version: 0.1.19-1
I assume you meant 1.19-1. Closing, so it doesn't show up for etch/sid.
/* Steinar */
--
Homepage: http://www.sesse.net/
--- End Message ---
