Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package extplorer unblock extplorer/2.1.0b6+dfsg.3-4 The only change is adding the sticky bit to /var/lib/extplorer/ftp_tmp. Debdiff attached. Sorry for not uploading such trivial fix earlier. Cheers, Thomas Note that I believe the FTP mode is anyway broken in Debian, so I don't think any Debian setup is affected, but let's play it safe and have the fix go to testing.
diff -Nru extplorer-2.1.0b6+dfsg.3/debian/changelog extplorer-2.1.0b6+dfsg.3/debian/changelog --- extplorer-2.1.0b6+dfsg.3/debian/changelog 2012-06-24 09:41:06.000000000 +0000 +++ extplorer-2.1.0b6+dfsg.3/debian/changelog 2012-10-20 15:53:51.000000000 +0000 @@ -1,3 +1,9 @@ +extplorer (2.1.0b6+dfsg.3-4) unstable; urgency=low + + * Sets the stick bit on /var/lib/extplorer/ftp_tmp (Closes: #683649). + + -- Thomas Goirand <z...@debian.org> Sat, 20 Oct 2012 15:51:50 +0000 + extplorer (2.1.0b6+dfsg.3-3) unstable; urgency=high * Fixes an Cross Site Request forgery security problem if user is logged diff -Nru extplorer-2.1.0b6+dfsg.3/debian/postinst extplorer-2.1.0b6+dfsg.3/debian/postinst --- extplorer-2.1.0b6+dfsg.3/debian/postinst 2012-06-24 09:41:06.000000000 +0000 +++ extplorer-2.1.0b6+dfsg.3/debian/postinst 2012-10-20 15:53:51.000000000 +0000 @@ -3,7 +3,7 @@ set -e mkdir -p /var/lib/extplorer/ftp_tmp -chmod 777 /var/lib/extplorer/ftp_tmp +chmod 1777 /var/lib/extplorer/ftp_tmp touch /etc/extplorer/.htusers.php chmod 664 /etc/extplorer/.htusers.php