Hi, Just in case my message doesn't get through to the announce list, below is the message I sent 15 minutes ago. I would appreciate it when somebody resents it when it takes too long. Paul -------- Forwarded Message -------- Subject: [SECURITY] [DLA 381-1] dbconfig-common security update Date: Fri, 15 Jan 2016 14:07:39 +0100 From: Paul Gevers <elbrus@debian.org> To: debian-lts-announce@lists.debian.org Package : dbconfig-common Version : 1.8.46+squeeze.1 CVE ID : NA Debian Bug : 805638 It was discovered that dbconfig-common could, depending on the local umask, make PostgreSQL database backups that were readable by other users than the database owner. The issue is fixed in version 1.8.46+squeeze.1. Access rights to existing database backups (not only for PostgreSQL) will be limited to the owner of the backup during the upgrade of dbconfig-common to this version. Future upgrades will not change access rights in case the local administrator has specific requirements. dbconfig-common is a Debian helper package that is used by a number of packages to manage the corresponding database.
Attachment:
signature.asc
Description: OpenPGP digital signature