Your message dated Thu, 26 May 2022 01:45:40 +0200
with message-id <Yo6/[email protected]>
and subject line Re: Bug#1011651: RFS: logrotate/3.18.0-2+deb11u1 -- Log
rotation utility
has caused the Debian Bug report #1011651,
regarding RFS: logrotate/3.18.0-2+deb11u1 -- Log rotation utility
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1011651: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011651
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sponsorship-requests
Severity: important
X-Debbugs-CC: [email protected]
Dear mentors,
I am looking for a sponsor for my package "logrotate":
* Package name : logrotate
Version : 3.18.0-2+deb11u1
Upstream Author : https://github.com/logrotate/logrotate/issues
* URL : https://github.com/logrotate/logrotate
* License : GPL-2, GPL-3+, BSD-3-Clause
* Vcs : https://salsa.debian.org/debian/logrotate
Section : admin
The source builds the following binary packages:
logrotate - Log rotation utility
To access further information about this package, please visit the
following URL:
https://mentors.debian.net/package/logrotate/
Alternatively, you can download the package with 'dget' using this command:
dget -x
https://mentors.debian.net/debian/pool/main/l/logrotate/logrotate_3.18.0-2+deb11u1.dsc
Changes since the last upload:
logrotate (3.18.0-2+deb11u1) stable; urgency=medium
.
* d/patches: cherry-pick upstream fixes:
- skip locking if state file is world-readable (CVE-2022-1348)
.
- more strict configuration parsing to avoid parsing
parts of foreign files, e.g. core dumps, (see #1002022)
.
- do not use incorrect stat information when verifying an olddir
configuration after creating the olddir
.
- advance pointer in full_write on incomplete write to avoid data
corruption
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004580
and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011644
Regards,
Christian Göttsche
--- End Message ---
--- Begin Message ---
On Thu, May 26, 2022 at 12:50:30AM +0200, Christian Göttsche wrote:
> Version : 3.18.0-2+deb11u1
> Upstream Author : https://github.com/logrotate/logrotate/issues
> logrotate (3.18.0-2+deb11u1) stable; urgency=medium
> .
> * d/patches: cherry-pick upstream fixes:
> - skip locking if state file is world-readable (CVE-2022-1348)
> .
> - more strict configuration parsing to avoid parsing
> parts of foreign files, e.g. core dumps, (see #1002022)
> .
> - do not use incorrect stat information when verifying an olddir
> configuration after creating the olddir
> .
> - advance pointer in full_write on incomplete write to avoid data
> corruption
You need to target "bullseye" not "stable", as the latter keeps changing.
I've amended this and uploaded.
> See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004580
> and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011644
Meow!
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ If you ponder doing what Jesus did, remember than flipping tables
⢿⡄⠘⠷⠚⠋⠀ and chasing people with a whip is a prime choice.
⠈⠳⣄⠀⠀⠀⠀
--- End Message ---
