Arthur Korn wrote: BTW, I made an error in my initial bug report, it's CAN-2005-314[876].
> 1.19-1 source and binary packages work on stable, and the > differences to 1.18.4-2 are all local bugfixes, so I figure it > doesn't make any sense to separate bugfixes from bugfixes for a > special security fix for stable. Well, we could split out > storeBackupSync, though that new script is explicitely marked as > experimental. Security fixes for stable are typically minimal. > I don't know the details of the security issues, but might have > some time over the weekend to look at it if needed. A quick view at the interdiff between 18.4-2 and 19-1 shows that http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3147 seems fixed by this hunk: --- storebackup-1.18.4/bin/storeBackup.pl 2004-07-23 05:58:47.000000000 +0200 +++ storebackup-1.19/bin/storeBackup.pl 2005-08-12 21:11:18.000000000 +0200 @@ -3164,6 +3183,7 @@ ["cannot create <$aktDir>, exiting"], '-exit' => 1) unless (mkdir $aktDir); + chmod 0755, $aktDir; my $chmodDir = $chmodMD5File; $chmodDir |= 0100 if $chmodDir & 0400; $chmodDir |= 0010 if $chmodDir & 0040; http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3146 seems fixed by the newly introduced checkDelSymlink() function, which was added to ten different places in the code (not all of which might be security sensitive, but at least two operate directly on temporary files). I'm not sure about http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3148, which would require some more studying of the code. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
