Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of libsys-syslog-perl:
https://security-tracker.debian.org/tracker/CVE-2016-1238
Would you like to take care of this yourself?
If yes, please follow the workflow we
On Wed, Aug 03, 2016 at 12:25:32AM +0200, Ola Lundqvist wrote:
>Hi
>Maybe. However if someone is added to a users group that should really
>mean that they should at least be able to read things, even though they
>may not be able to write to stuff. So I actually think bash and others
Hi
Maybe. However if someone is added to a users group that should really mean
that they should at least be able to read things, even though they may not
be able to write to stuff. So I actually think bash and others do the wrong
thing here.
The way I have done it is also more in line with upstre
On 02/08/16 23:57, Ola Lundqvist wrote:
> Hi Chris
>
> The reason I do not simply set the umask to a fixed value is to use the same
> principle as upstream. That is honor the umask set bu the user. There may be
> reasons why group read and/or write should be set for example.
>
> I agree with up
Hi Chris
I had this
// Make sure this file is not readable by others
But maybe it was not clear enough. :-)
// Ola
On Wed, Aug 3, 2016 at 12:00 AM, Chris Lamb wrote:
> > This is why I just override the "world readable" part and
> > let the rest be controlled by the user.
>
> Ah, didn't quite
> This is why I just override the "world readable" part and
> let the rest be controlled by the user.
Ah, didn't quite spot you are overriding just this bit. Worth a comment
I think.
> In the working patch you can see that I also set back the umask (just a
> little further down in the file) as it
Hi Chris
The reason I do not simply set the umask to a fixed value is to use the
same principle as upstream. That is honor the umask set bu the user. There
may be reasons why group read and/or write should be set for example.
I agree with upstream that the umask should be honored, but not as stri
On 07/26/2016 10:51 PM, Bálint Réczey wrote:
> Hi Nick,
>
> 2016-07-19 15:35 GMT+02:00 Nick Leverton :
>> On Tue, Jul 19, 2016 at 08:54:18AM +0200, Chris Lamb wrote:
>>> Hello dear maintainer(s),
>>>
>>> the Debian LTS team would like to fix the security issues which are
>>> currently open in the
On 02/08/16 19:16, Chris Lamb wrote:
> Chris Lamb wrote:
>
>>> DLA-577-1 has been issued two days ago but redis hasn't been uploaded
>>> yet.
> [..]
>> Could these checks be automated instead of relying on a diligent
>> front-desk..?)
>
> I've pushed such a script as bin/lts-missing-uploads.py. P
On 01/08/16 23:26, Markus Koschany wrote:
> On 01.08.2016 23:01, Emilio Pozuelo Monfort wrote:
>> On 31/07/16 19:41, Roberto C. Sánchez wrote:
>>> On Sun, Jul 31, 2016 at 07:34:28PM +0200, Emilio Pozuelo Monfort wrote:
Hi,
Currently, icedtea-plugin depends on icedtea-6-plugin, i.e. J
Chris Lamb wrote:
> > DLA-577-1 has been issued two days ago but redis hasn't been uploaded
> > yet.
[..]
> Could these checks be automated instead of relying on a diligent
> front-desk..?)
I've pushed such a script as bin/lts-missing-uploads.py. Please consider
it to be proof-of-concept right no
> Here is the working patch (attached).
Out of interest, why:
+mode_t prev_mask = umask(0022);
+// Make sure this file is not readable by others
+umask(prev_mask | S_IROTH | S_IWOTH | S_IXOTH);
FILE *fp = fopen(filename,"w");
.. over, say:
+// Make sure this file is not rea
Hi again
Here is the working patch (attached).
Hope it helps for later versions too.
// Ola
On Tue, Aug 2, 2016 at 12:15 AM, Ola Lundqvist wrote:
> Hi again
>
> I just realize that we need to change back the umask after the file is
> created. I'll update the patch tomorrow and send one that I
On Aug/02, Santiago R.R. wrote:
> .changes attached. security-master doesn't handle source-only uploads,
> isn't it?
No, in most cases it does not, so it's always better not to try it. Feel
free to upload to security-master, and I'll probably have time to
release the DSA tomorrow.
Cheers,
--Seb
El 02/08/16 a las 10:11, Sébastien Delafond escribió:
> On Aug/01, Santiago R.R. wrote:
> > Please, find attached debdiffs to mitigate this in wheezy (that I plan
> > to upload) and jessie. I have tested it with a python cgi taken from
> > httpoxy's PoCs, and it seems to work well. However, I am no
On Aug/01, Santiago R.R. wrote:
> Please, find attached debdiffs to mitigate this in wheezy (that I plan
> to upload) and jessie. I have tested it with a python cgi taken from
> httpoxy's PoCs, and it seems to work well. However, I am not familiar
> with lighttpd, so any review is welcome.
Hi Sant
16 matches
Mail list logo
