tags 378571 +pending
Thanks
I have prepared a package that applies the patch Martin sent, and I'm going
to upload it.
This is a very simple fix, and hopefully it will make everyone happy even
if lintian complains that it's a non-standard dir permission.
I'm attaching the full output of interdiff for this NMU, and as you can see
it's only Martin's change, and the changelog entry.
--
Love,
Marga.
diff -u courier-authlib-0.58/debian/permissions
courier-authlib-0.58/debian/permissions
--- courier-authlib-0.58/debian/permissions
+++ courier-authlib-0.58/debian/permissions
@@ -5,3 +5,3 @@
/var/run/courier 755 daemon daemon
-/var/run/courier/authdaemon 755 daemon daemon
+/var/run/courier/authdaemon 750 daemon daemon
diff -u courier-authlib-0.58/debian/changelog
courier-authlib-0.58/debian/changelog
--- courier-authlib-0.58/debian/changelog
+++ courier-authlib-0.58/debian/changelog
@@ -1,3 +1,11 @@
+courier-authlib (0.58-3.1) unstable; urgency=medium
+
+ * Non-Maintainer Upload to fix security bug, caused by
+ /var/run/courier/authdaemon being world executable. Thanks to Martin
+ Ferrari for the fix. (Closes: #378571)
+
+ -- Margarita Manterola <[EMAIL PROTECTED]> Tue, 1 Aug 2006 16:45:07 -0300
+
courier-authlib (0.58-3) unstable; urgency=low
* remove all Courier runtime files on purge of courier-authdaemon
