arg, I just notice my screw up... I didn't reserve 381-1, but 390-1. Is that a reason to reject the mail? (I must stop with using "git svn" on the security archive.) Paul On 15-01-16 14:23, Paul Gevers wrote: > Hi, > > Just in case my message doesn't get through to the announce list, below > is the message I sent 15 minutes ago. I would appreciate it when > somebody resents it when it takes too long. > > Paul > > > -------- Forwarded Message -------- > Subject: [SECURITY] [DLA 381-1] dbconfig-common security update > Date: Fri, 15 Jan 2016 14:07:39 +0100 > From: Paul Gevers <elbrus@debian.org> > To: debian-lts-announce@lists.debian.org > > Package : dbconfig-common > Version : 1.8.46+squeeze.1 > CVE ID : NA > Debian Bug : 805638 > > It was discovered that dbconfig-common could, depending on the local > umask, make PostgreSQL database backups that were readable by other > users than the database owner. The issue is fixed in version > 1.8.46+squeeze.1. Access rights to existing database backups (not only > for PostgreSQL) will be limited to the owner of the backup during the > upgrade of dbconfig-common to this version. Future upgrades will not > change access rights in case the local administrator has specific > requirements. > > dbconfig-common is a Debian helper package that is used by a number of > packages to manage the corresponding database. > > > > >
Attachment:
signature.asc
Description: OpenPGP digital signature