Bug#626281: marked as done (pid file has wrong permissions)

Sat, 24 Mar 2012 10:36:17 -0700 

Your message dated Sat, 24 Mar 2012 17:32:08 +0000
with message-id <e1sbuoy-00064k...@franck.debian.org>
and subject line Bug#626281: fixed in keepalived 1:1.1.20-1+squeeze1
has caused the Debian Bug report #626281,
regarding pid file has wrong permissions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
626281: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: keepalived
Version: 1.1.12-1
Severity: grave
Tags: security

Hi,

keepalive writes a public writeable pid file to /var/run

-rw-rw-rw-  1 root     root        5 2011-02-08 13:00 keepalived.pid

Cheers,
Martin


reference: 
http://lists.debian.org/05578bff-44fc-41b3-9e8e-c11b5b9a6...@gmail.com
-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
 Martin Zobel-Helas <zo...@debian.org>  | Debian System Administrator
 Debian & GNU/Linux Developer           |           Debian Listmaster
 GPG key http://go.debian.net/B11B627B  | 
 GPG Fingerprint:  6B18 5642 8E41 EC89 3D5D  BDBB 53B1 AC6D B11B 627B

--- End Message ---
--- Begin Message --- 
Source: keepalived
Source-Version: 1:1.1.20-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
keepalived, which is due to be installed in the Debian FTP archive:

keepalived_1.1.20-1+squeeze1.diff.gz
  to main/k/keepalived/keepalived_1.1.20-1+squeeze1.diff.gz
keepalived_1.1.20-1+squeeze1.dsc
  to main/k/keepalived/keepalived_1.1.20-1+squeeze1.dsc
keepalived_1.1.20-1+squeeze1_amd64.deb
  to main/k/keepalived/keepalived_1.1.20-1+squeeze1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 626...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Wirt <formo...@debian.org> (supplier of updated keepalived package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 18 Mar 2012 21:56:09 +0000
Source: keepalived
Binary: keepalived
Architecture: source amd64
Version: 1:1.1.20-1+squeeze1
Distribution: stable
Urgency: low
Maintainer: Alexander Wirt <formo...@debian.org>
Changed-By: Alexander Wirt <formo...@debian.org>
Description: 
 keepalived - Failover and monitoring daemon for LVS clusters
Closes: 626281
Changes: 
 keepalived (1:1.1.20-1+squeeze1) stable; urgency=low
 .
   * Set correct permissions on pid file.
     This is a fix for CVE-2011-1784.
     (Closes: #626281)
Checksums-Sha1: 
 30f1b39facb5363d2c47e10c66ecb9ce169e0622 1074 keepalived_1.1.20-1+squeeze1.dsc
 905067c86120c12b68290f7167c8a0e7de5cdc5b 14351 
keepalived_1.1.20-1+squeeze1.diff.gz
 d6ae57f238d0e0c714ef204143c52f42781ab100 143674 
keepalived_1.1.20-1+squeeze1_amd64.deb
Checksums-Sha256: 
 ee87c79ce49601f45dd3d06132f942ad1bdee09835a13f63b80070aefe91b534 1074 
keepalived_1.1.20-1+squeeze1.dsc
 68672c746c50b561e0007eca48f4c0701b54c8c3a6a62e6ed47b7abddde5c397 14351 
keepalived_1.1.20-1+squeeze1.diff.gz
 51bb9048b0e5bf1170dc722a9f8cbaf2062d13e46e7de387417645e3bf273d7c 143674 
keepalived_1.1.20-1+squeeze1_amd64.deb
Files: 
 945c0a54182bc88e990d9e2232d414f2 1074 admin optional 
keepalived_1.1.20-1+squeeze1.dsc
 701e26a9dda5a494d106d8a82cb3c2cb 14351 admin optional 
keepalived_1.1.20-1+squeeze1.diff.gz
 e37ad1950af11659737cc2f53d910d28 143674 admin optional 
keepalived_1.1.20-1+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk9t4C0ACgkQ01u8mbx9AgoQOwCfVAuXrU1JhLlpbOM42j+ocbfL
JmEAnRBYgJEd81+nQejWP96p1hVB2mxH
=qcck
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to