Package: nginx Version: 0.7.67-3+squeeze3 Severity: normal Tags: security After installing nginx in squeeze directory /var/log/nginx is world readable as reported in http://www.openwall.com/lists/oss-security/2013/02/21/15
I suggest something like this for a fix: """puppet-common postinst in unstable sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet""" Logging is enabled after service is started. -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nginx depends on: ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libgeoip1 1.4.7~beta6+dfsg-1 A non-DNS IP-to-country resolver l ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi ii libssl0.9.8 0.9.8o-4squeeze14 SSL shared libraries ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime nginx recommends no packages. nginx suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
