Your message dated Sat, 11 May 2019 13:24:00 +0000
with message-id <[email protected]>
and subject line Re: Bug#928715: testing-pu: groonga/9.0.0-1+deb10u1
has caused the Debian Bug report #928715,
regarding testing-pu: groonga/9.0.0-1+deb10u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
928715: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928715
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock groonga package:
* It fixes #928304.
The bug is reported against 6.1.5-1 on stretch, but it need to be fixed on
testing and unstable package too. so I've prepared the update.
Note that it is already packages on testing (9.0.0-1) and unstable (9.0.1-1).
9.0.1-1 contains unrelated changes to #928304, so based on freeze policy,
it seems that update package (9.0.0-1+deb10u1) should be uploaded to
testing-proposed-updates explicitly.
Here is the debdiff:
debdiff groonga_9.0.0-1.dsc groonga_9.0.0-1+deb10u1.dsc
diff -Nru groonga-9.0.0/debian/changelog groonga-9.0.0/debian/changelog
--- groonga-9.0.0/debian/changelog 2019-02-09 22:13:00.000000000 +0900
+++ groonga-9.0.0/debian/changelog 2019-05-09 22:44:57.000000000 +0900
@@ -1,3 +1,13 @@
+groonga (9.0.0-1+deb10u1) testing-proposed-updates; urgency=medium
+
+ * debian/groonga-httpd.logrotate
+ debian/groonga-server-gqtp.logrotate
+ - Mitigate privilege escalation by changing the owner and group of logs
+ with "su" option. Reported by Wolfgang Hotwagner.
+ (Closes: #928304) (CVE-2019-11675)
+
+ -- Kentaro Hayashi <[email protected]> Thu, 09 May 2019 22:44:57 +0900
+
groonga (9.0.0-1) unstable; urgency=medium
* New upstream version 9.0.0
diff -Nru groonga-9.0.0/debian/groonga-httpd.logrotate
groonga-9.0.0/debian/groonga-httpd.logrotate
--- groonga-9.0.0/debian/groonga-httpd.logrotate 2019-02-09
22:12:32.000000000 +0900
+++ groonga-9.0.0/debian/groonga-httpd.logrotate 2019-05-09
22:43:28.000000000 +0900
@@ -1,11 +1,11 @@
/var/log/groonga/httpd/*.log {
+ su groonga groonga
daily
missingok
rotate 30
compress
delaycompress
notifempty
- create 640 groonga groonga
sharedscripts
postrotate
. /etc/default/groonga-httpd
diff -Nru groonga-9.0.0/debian/groonga-server-gqtp.logrotate
groonga-9.0.0/debian/groonga-server-gqtp.logrotate
--- groonga-9.0.0/debian/groonga-server-gqtp.logrotate 2019-02-09
22:12:32.000000000 +0900
+++ groonga-9.0.0/debian/groonga-server-gqtp.logrotate 2019-05-09
22:43:28.000000000 +0900
@@ -1,11 +1,11 @@
/var/log/groonga/*-gqtp.log {
+ su groonga groonga
daily
missingok
rotate 30
compress
delaycompress
notifempty
- create 640 groonga groonga
sharedscripts
postrotate
. /etc/default/groonga-server-gqtp
diff -Nru groonga-9.0.0/debian/changelog groonga-9.0.0/debian/changelog
--- groonga-9.0.0/debian/changelog 2019-02-09 22:13:00.000000000 +0900
+++ groonga-9.0.0/debian/changelog 2019-05-09 22:44:57.000000000 +0900
@@ -1,3 +1,13 @@
+groonga (9.0.0-1+deb10u1) testing-proposed-updates; urgency=medium
+
+ * debian/groonga-httpd.logrotate
+ debian/groonga-server-gqtp.logrotate
+ - Mitigate privilege escalation by changing the owner and group of logs
+ with "su" option. Reported by Wolfgang Hotwagner.
+ (Closes: #928304) (CVE-2019-11675)
+
+ -- Kentaro Hayashi <[email protected]> Thu, 09 May 2019 22:44:57 +0900
+
groonga (9.0.0-1) unstable; urgency=medium
* New upstream version 9.0.0
diff -Nru groonga-9.0.0/debian/groonga-httpd.logrotate groonga-9.0.0/debian/groonga-httpd.logrotate
--- groonga-9.0.0/debian/groonga-httpd.logrotate 2019-02-09 22:12:32.000000000 +0900
+++ groonga-9.0.0/debian/groonga-httpd.logrotate 2019-05-09 22:43:28.000000000 +0900
@@ -1,11 +1,11 @@
/var/log/groonga/httpd/*.log {
+ su groonga groonga
daily
missingok
rotate 30
compress
delaycompress
notifempty
- create 640 groonga groonga
sharedscripts
postrotate
. /etc/default/groonga-httpd
diff -Nru groonga-9.0.0/debian/groonga-server-gqtp.logrotate groonga-9.0.0/debian/groonga-server-gqtp.logrotate
--- groonga-9.0.0/debian/groonga-server-gqtp.logrotate 2019-02-09 22:12:32.000000000 +0900
+++ groonga-9.0.0/debian/groonga-server-gqtp.logrotate 2019-05-09 22:43:28.000000000 +0900
@@ -1,11 +1,11 @@
/var/log/groonga/*-gqtp.log {
+ su groonga groonga
daily
missingok
rotate 30
compress
delaycompress
notifempty
- create 640 groonga groonga
sharedscripts
postrotate
. /etc/default/groonga-server-gqtp
--- End Message ---
--- Begin Message ---
Niels Thykier:
> Control: tags -1 moreinfo confirmed
>
> On Thu, 9 May 2019 23:10:14 +0900 Kentaro Hayashi
> <[email protected]> wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: [email protected]
>> Usertags: unblock
>>
>> Please unblock groonga package:
>>
>> * It fixes #928304.
>> The bug is reported against 6.1.5-1 on stretch, but it need to be fixed on
>> testing and unstable package too. so I've prepared the update.
>>
>> Note that it is already packages on testing (9.0.0-1) and unstable (9.0.1-1).
>> 9.0.1-1 contains unrelated changes to #928304, so based on freeze policy,
>> it seems that update package (9.0.0-1+deb10u1) should be uploaded to
>> testing-proposed-updates explicitly.
>>
>> Here is the debdiff:
>>
>> [...]
>
> Hi,
>
> Please go ahead with the upload and remove the moreinfo tag when the
> upload is in tpu and ready to be unblocked.
>
> Thanks,
> ~Niels
>
Hi,
I saw the upload and have added the approval hint for it. Please ensure
that the builds complete successfully and let us know if there are
issues with the migration.
Thanks,
~Niels
--- End Message ---
