Your message dated Mon, 23 May 2005 08:58:21 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Closing
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 11 May 2005 10:31:07 +0000
>From [EMAIL PROTECTED] Wed May 11 03:31:07 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.enyo.de [212.9.189.167]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DVoUd-000084-00; Wed, 11 May 2005 03:31:07 -0700
Received: from deneb.enyo.de ([212.9.189.171])
by albireo.enyo.de with esmtp id 1DVoUb-0001dw-NT
for [EMAIL PROTECTED]; Wed, 11 May 2005 12:31:05 +0200
Received: from fw by deneb.enyo.de with local (Exim 4.50)
id 1DVoUc-0004Jm-9o; Wed, 11 May 2005 12:31:06 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Florian Weimer <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: postgresl-8.0: server socket created in /tmp
X-Mailer: reportbug 3.11
Date: Wed, 11 May 2005 12:31:06 +0200
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: postgresl-8.0
Version: 8.0.2-1
Severity: grave
Tags: security
Justification: user security hole
The server creates a socket in /tmp, which is unsafe. Any local user
can create a similar socket and impersonate the database server.
This bug also breaks backwards comaptibility with old client libraries.
---------------------------------------
Received: (at 308597-done) by bugs.debian.org; 23 May 2005 06:58:53 +0000
>From [EMAIL PROTECTED] Sun May 22 23:58:53 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail01.pironet-ndh.com (mail02.pironet-ndh.com) [194.64.31.10]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Da6tp-0007Rv-00; Sun, 22 May 2005 23:58:53 -0700
Received: from mail.fbn-dd.de (mail.fbn-dd.de [195.227.105.178])
by mail02.pironet-ndh.com (Postfix) with ESMTP id 357004985A;
Mon, 23 May 2005 08:58:21 +0200 (CEST)
Received: from sonne.intranet.fbn-dd.de
(192-168-0-1.transfer-000.intranet.fbn-dd.de [192.168.0.1])
by mail.fbn-dd.de (Postfix) with ESMTP
id DBD4D1F977; Mon, 23 May 2005 08:58:21 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by sonne.intranet.fbn-dd.de (Postfix) with ESMTP
id C7B211F4DC; Mon, 23 May 2005 08:58:21 +0200 (CEST)
Received: from sonne.intranet.fbn-dd.de (localhost [127.0.0.1])
by localhost (AvMailGate-2.0.1.16) id 09424-6E1E2332;
Mon, 23 May 2005 08:58:21 +0200
Received: from localhost.localdomain (10-28-130-200.intranet-28-130.fbn-dd.de
[10.28.130.200])
by sonne.intranet.fbn-dd.de (Postfix) with ESMTP
id A02081F4B8; Mon, 23 May 2005 08:58:21 +0200 (CEST)
Received: by localhost.localdomain (Postfix, from userid 1000)
id 7A74F32E3; Mon, 23 May 2005 08:58:21 +0200 (CEST)
Date: Mon, 23 May 2005 08:58:21 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Closing
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.16; AVE: 6.30.0.12;
VDF: 6.30.0.192; host: sonne)
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.0 required=4.0 tests=BAYES_00,ONEWORD autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi!
These two bugs affected only experimental, thus can be closed now.
postgresql-common (9) experimental; urgency=3Dlow
.
* Add README.Debian with some general introduction, "first steps for the
impatient", and pointers to further documentation.
* pg_ctlcluster: Check validity of postmaster locale before setting it.
* pg_createcluster: Check validity of locale before calling initdb under=
it.
* pg_wrapper: Support PGCLUSTER environment variable. Closes: #305912
* pg_upgradecluster:
- Copy original configuration files.
- Configure the target cluster to use the original port, move the old
cluster to a previously unused port.
- Start the new cluster after upgrade.
* debian/init.d-functions: Create /var/run/postgresql if it does not exi=
st.
* pg_createcluster: Set the socket directory to /var/run/postgresql for
postgres-owned clusters. Print a warning to change the directory for o=
ther
owners. Closes: #308597
* pg_wrapper: If PGHOST is not defined, set it to the cluster's socket
directory to make client programs work with non-default socket
directories.
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org
--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCkX8NDecnbV4Fd/IRAt4YAJ9+XEfG/7eoDa4MgUuElt0NPZfVRgCeKJDd
rQ9H2arSK5P2lHkaKW+Ipr0=
=L3JG
-----END PGP SIGNATURE-----
--EVF5PPMfhYS0aIcm--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
