Your message dated Tue, 27 Jan 2015 13:44:50 +0100
with message-id <[email protected]>
and subject line Re: Bug#776378: unblock: pxz/4.999.99~beta3+git659fc9b-3
has caused the Debian Bug report #776378,
regarding unblock: pxz/4.999.99~beta3+git659fc9b-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
776378: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776378
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Dear release team,
This is an unblock approval request for pxz fixing an important security bug
with a trivial patch which just sets the correct umask:
~/Projects/pxz/collab-maint$ debdiff pxz_4.999.99~beta3+git659fc9b-2.dsc
pxz_4.999.99~beta3+git659fc9b-3.dsc
diff -Nru pxz-4.999.99~beta3+git659fc9b/debian/changelog
pxz-4.999.99~beta3+git659fc9b/debian/changelog
--- pxz-4.999.99~beta3+git659fc9b/debian/changelog 2014-08-04
16:07:17.000000000 +0200
+++ pxz-4.999.99~beta3+git659fc9b/debian/changelog 2015-01-27
12:34:39.000000000 +0100
@@ -1,3 +1,10 @@
+pxz (4.999.99~beta3+git659fc9b-3) unstable; urgency=medium
+
+ * CVE-2015-1200: Fix race condition in setting permissions. Thanks to
+ Moritz Mühlenhoff for the patch. (Closes: #775306)
+
+ -- Holger Levsen <[email protected]> Tue, 27 Jan 2015 12:34:37 +0100
+
pxz (4.999.99~beta3+git659fc9b-2) unstable; urgency=medium
* Bump Standards Version to 3.9.5, no changes needed.
diff -Nru
pxz-4.999.99~beta3+git659fc9b/debian/patches/CVE-2015-1200-Fix-race-condition-in-setting-permissions.patch
pxz-4.999.99~beta3+git659fc9b/debian/patches/CVE-2015-1200-Fix-race-condition-in-setting-permissions.patch
---
pxz-4.999.99~beta3+git659fc9b/debian/patches/CVE-2015-1200-Fix-race-condition-in-setting-permissions.patch
1970-01-01 01:00:00.000000000 +0100
+++
pxz-4.999.99~beta3+git659fc9b/debian/patches/CVE-2015-1200-Fix-race-condition-in-setting-permissions.patch
2015-01-27 12:33:33.000000000 +0100
@@ -0,0 +1,27 @@
+From 31ac8e5bd6a437a5e1acd8e1a3c1c8f2b514629f Mon Sep 17 00:00:00 2001
+From: Holger Levsen <[email protected]>
+Date: Tue, 27 Jan 2015 12:29:50 +0100
+Subject: [PATCH] CVE-2015-1200
+
+Fix race condition in setting permissions. (Closes: #775306)
+Thanks to Moritz Mühlenhoff for the patch.
+
+---
+ pxz.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pxz.c b/pxz.c
+index cfdb172..9404f0b 100644
+--- a/pxz.c
++++ b/pxz.c
+@@ -285,6 +285,7 @@ int main( int argc, char **argv ) {
+ }
+
+ fo = stdout;
++ umask(077);
+ if ( std_in ) {
+ fi = stdin;
+ } else {
+--
+1.9.1
+
diff -Nru pxz-4.999.99~beta3+git659fc9b/debian/patches/series
pxz-4.999.99~beta3+git659fc9b/debian/patches/series
--- pxz-4.999.99~beta3+git659fc9b/debian/patches/series 2013-05-27
22:48:38.000000000 +0200
+++ pxz-4.999.99~beta3+git659fc9b/debian/patches/series 2015-01-27
12:31:23.000000000 +0100
@@ -1 +1,2 @@
fix-man-keep-option.patch
+CVE-2015-1200-Fix-race-condition-in-setting-permissions.patch
The package has been uploaded and accepted into sid.
Thanks for your work on jessie!
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
On 2015-01-27 13:34, Holger Levsen wrote:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: unblock
>
> Dear release team,
>
> This is an unblock approval request for pxz fixing an important security bug
> with a trivial patch which just sets the correct umask:
>
> [...]
>
> cheers,
> Holger
>
Unblocked, thanks.
~Niels
--- End Message ---
