Package: john
Version: 1.6-40
Severity: important
Tags: security
I note the following changelog entry:
- Added /var/run/john to DEB_FIXPERMS_EXCLUDE: the location needs
to be safe from normal user reading
If any versions were uploaded to unstable which had /var/lib/john set
to any mode besides 0700, then dpkg will not have updated the
directory to the mode used by new .debs. The closest fix to a proper
one is probably to postinst, to be run after every configuration of an
instance of a package:
dpkg-statoverride --list /var/run/john >/dev/null ||
chmod -v 0700 /var/run/john
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
