Your message dated Wed, 19 Nov 2014 12:03:01 +0100 with message-id <[email protected]> and subject line Re: Bug#770164: php5: /usr/lib/php5/sessionclean broken: passes incompatible argument to sed has caused the Debian Bug report #770164, regarding php5: /usr/lib/php5/sessionclean broken: passes incompatible argument to sed to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 770164: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770164 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: php5 Version: 5.4.35-0+deb7u1 Severity: serious Tags: security Justification: Policy 10.4 With the latest update of the php5-package, the session cleaning script is broken. As I'm unfamiliar with the session cleaning implementation, I guess this might cause a security issue by potentially not deleting session information that should be deleted. Here's some debugging information from manually running the script that is run by the cron job. > root@vm-b:~# set -x > root@vm-b:~# . /usr/lib/php5/sessionclean /var/lib/php5 > $(/usr/lib/php5/maxlifetime) > ++ /usr/lib/php5/maxlifetime > + . /usr/lib/php5/sessionclean /var/lib/php5 24 > ++ '[' -x /usr/bin/lsof ']' > ++ xargs -0i echo touch -c -h ''\''{}'\''' > ++ sed -zne 's/^n//p' > sed: invalid option -- 'z' > Usage: sed [OPTION]... {script-only-if-no-other-script} [input-file]... > > -n, --quiet, --silent > suppress automatic printing of pattern space > -e script, --expression=script > add the script to the commands to be executed > -f script-file, --file=script-file > add the contents of script-file to the commands to be > executed > --follow-symlinks > follow symlinks when processing in place > -i[SUFFIX], --in-place[=SUFFIX] > edit files in place (makes backup if extension supplied) > -l N, --line-length=N > specify the desired line-wrap length for the `l' command > --posix > disable all GNU extensions. > -r, --regexp-extended > use extended regular expressions in the script. > -s, --separate > consider files as separate rather than as a single continuous > long stream. > -u, --unbuffered > load minimal amounts of data from the input files and flush > the output buffers more often > --help display this help and exit > --version output version information and exit > > If no -e, --expression, -f, or --file option is given, then the first > non-option argument is taken as the sed script to interpret. All > remaining arguments are names of input files; if no input files are > specified, then the standard input is read. > > GNU sed home page: <http://www.gnu.org/software/sed/>. > General help using GNU software: <http://www.gnu.org/gethelp/>. > ++ /usr/bin/lsof -w -l +d /var/lib/php5 -F0 > ++ find /var/lib/php5 -depth -mindepth 1 -maxdepth 1 -ignore_readdir_race > -type f -cmin +24 -delete -- System Information: Debian Release: 7.7 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-042stab092.3 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages php5 depends on: ii libapache2-mod-php5 5.4.35-0+deb7u1 ii php5-cgi 5.4.35-0+deb7u1 ii php5-common 5.4.35-0+deb7u1 php5 recommends no packages. php5 suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Version: 5.4.35-0+deb7u2 This was fixed in a DSA regression update.
--- End Message ---
