Bug#684679: RFS: nullmailer/1:1.11-2 (security bugfix upload request)

Sun, 12 Aug 2012 13:21:19 -0700 

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "nullmailer", which I hope will
qualify for a freeze exception as this upload fixes a new security issue.
(I haven't yet approached ftp-masters about this though).

 Package name    : nullmailer
 Version         : 1:1.11-2
 Upstream Author : Bruce Guenter <br...@untroubled.org>
 URL             : http://untroubled.org/nullmailer/
 License         : GPL-2+
 Section         : mail

It builds those binary packages:

  nullmailer - simple relay-only mail transport agent

To access further information about this package, please visit the following 
URL:

http://mentors.debian.net/package/nullmailer


Alternatively, one can download the package with dget using this command:

  dget -x 
http://mentors.debian.net/debian/pool/main/n/nullmailer/nullmailer_1.11-2.dsc

Changes since the last upload:

diff -Nru nullmailer-1.11/debian/changelog nullmailer-1.11/debian/changelog
--- nullmailer-1.11/debian/changelog    2012-06-16 16:36:28.000000000 +0100
+++ nullmailer-1.11/debian/changelog    2012-08-11 23:55:36.000000000 +0100
@@ -1,3 +1,9 @@
+nullmailer (1:1.11-2) unstable; urgency=low
+
+  * Make 'remotes' not world-readable (Closes: #684619)
+
+ -- Nick Leverton <n...@leverton.org>  Sat, 11 Aug 2012 23:54:55 +0100
+
 nullmailer (1:1.11-1) unstable; urgency=low
 
   * New upstream release
diff -Nru nullmailer-1.11/debian/postinst nullmailer-1.11/debian/postinst
--- nullmailer-1.11/debian/postinst     2012-05-16 08:25:36.000000000 +0100
+++ nullmailer-1.11/debian/postinst     2012-08-12 20:23:46.000000000 +0100
@@ -24,10 +24,14 @@
                fi
 
                db_get nullmailer/relayhost
+               # securely create nullmailer/remotes with mode 0600
+               R=$( tempfile -d /etc/nullmailer -p nullm )
                echo "$RET" | sed -r -e ':a s/(\[[^]:]*):/\1=/; ta' \
                                     -e 's/[[:space:]]*:[[:space:]]*/\n/g' \
                                     -e ':b s/(\[[^]=]*)=/\1:/; tb' \
-                                    -e 's/[][]//g' > /etc/nullmailer/remotes
+                                    -e 's/[][]//g' >> $R
+               chown mail:mail $R
+               mv $R /etc/nullmailer/remotes
 
                db_get nullmailer/adminaddr
                if [ "$RET" ]; then


-- 
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120812201819.ga18...@leverton.org

Reply via email to