Your message dated Fri, 04 May 2018 18:34:52 +0000 with message-id <e1fefxg-0000di...@fasolo.debian.org> and subject line Bug#881749: fixed in bundler 1.16.1-2 has caused the Debian Bug report #881749, regarding redmine: creates world-writable tempdir /tmp/bundler/home to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881749: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881749 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: redmine Version: 3.3.1-4 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Control: affects -1 + redmine-sqlite redmine-mysql redmine-pgsql Hi, during a test with piuparts I noticed your package behaves strangely while upgrading from 'stretch' to 'buster'. There is currently no redmine in buster, so the stretch version (which matches sid) is kept installed. But after the upgrade an insecure temporary directory appears: /tmp/bundler/home which is a) a predictable path name b) world writable This directory does not show up after just an installation in stretch. redmine(-*) are the only packages showing such behavior. >From the attached log (scroll to the bottom...): ERROR: BAD PERMISSIONS drwxrwxrwx 3 www-data www-data 60 Nov 13 17:05 /tmp/bundler/home cheers, Andreas
redmine_None.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---Source: bundler Source-Version: 1.16.1-2 We believe that the bug you reported is fixed in the latest version of bundler, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 881...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Antonio Terceiro <terce...@debian.org> (supplier of updated bundler package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 03 May 2018 21:18:24 -0300 Source: bundler Binary: ruby-bundler bundler Architecture: source Version: 1.16.1-2 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Antonio Terceiro <terce...@debian.org> Description: bundler - Manage Ruby application dependencies ruby-bundler - Manage Ruby application dependencies (runtime) Closes: 796383 881749 Changes: bundler (1.16.1-2) unstable; urgency=medium . * debian/patches: - convert to gbp-pq format - add two new patches: 0006-Don-t-use-insecure-temporary-directory-as-home-direc.patch (Closes: #881749) 0007-Remove-temporary-home-directories.patch (Closes: #796383) * Bump Standards-Version to 4.1.4; no changes needed * debian/watch: point to gemwatch.debian.net Checksums-Sha1: 1e7bcc67cb213a9bc640390e4403c1c8df4828f0 2144 bundler_1.16.1-2.dsc fe4706453f92f83f010ee0daabaf0fa4918657d7 10136 bundler_1.16.1-2.debian.tar.xz c4c0ea08d223ce6a5b45cea3f483b30a5913073f 6768 bundler_1.16.1-2_source.buildinfo Checksums-Sha256: f3b47f7c94e7f436385e577cc6c06272af5c88bcd2e56d8a3cbc54fa76164807 2144 bundler_1.16.1-2.dsc 52046936bef347dce85d28539f8f380ab42df09f73f41c5d440239c85ef908a9 10136 bundler_1.16.1-2.debian.tar.xz 6ba998692f59a8c11ffa58f159419dd0de623f50c2c16adfc62f1dc066a2b93e 6768 bundler_1.16.1-2_source.buildinfo Files: add89feff773a057570930b3a74d1166 2144 ruby optional bundler_1.16.1-2.dsc 7ab0e19298e71778b907e83765489eca 10136 ruby optional bundler_1.16.1-2.debian.tar.xz a7333eba4dc22663f40201603460fbb9 6768 ruby optional bundler_1.16.1-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAlrso5AACgkQ/A2xu81G C97x5xAArQtV+Mq6L/U8X7cLOu0OBGXBMOoofDXdFdmeFceMs4P5cGjsv2fR8dzi ldgQoTSZP7KWFP2+N8xpWZoukba0wNe2JdL5BOEO9i/WXkjluclsbLls7M1lQHNm E3Cq01pSEazku3XETMdyCHbgwnBLP35SPwwihkDTLSzCxtQPN0n75gYjw8Vv4bcb bjfSJyIGYrXDRu4UBjYLQR9ACbsBdEQtihLLA2d2gwTk+TXX/X5L9jQmgky2h5Gr vDJpAUN88f0FHk4RsxxF28zCs0+yR9LTGgl6ScC/2bH7Cc55Vs6c1x4VQqFq7DSn xs4AGpDspXHstr+l5iGJaNEEvpar/X36e4G20ctg8LnZCel9WtMPLyKqKNwy7ijV 4YKz/Sh92Joe4rBcZPLy4UiekGMQ4gP/ySnbwE2PF57v+jvDn4tnaRBlwT+4bL2m H4HgRs8dUVmJhhyOJOyFYhqxoNeDtcQ2qALZ6mg7VjcPTvvMFsPw8/GVbJIepQVy w0gbN22wLwOh4ekmr+sQp2bne6te5xvPM5DyF62hgKfmODRl1YQBm2FnEG6gBX3Q uvQ8wGSdNKjeUA7CdtauCjvaETIuTwO0D0qDAO2S4KC9Y2K51QMFH8/XR313ZMFz HoXRt+6inqcLt3YUkGD4OjcxrwJF/JdkesXrDzt5bcsylIF8gBo= =VFCv -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
