Re: Fwd: [SECURITY] [DLA 381-1] dbconfig-common security update
On Fri, 15 Jan 2016, Paul Gevers wrote:
> arg, I just notice my screw up... I didn't reserve 381-1, but 390-1. Is
> that a reason to reject the mail?
No, it's more likely that you forgot to sign the mail or that the
signature was screwed in some way (try with inline sig instead of
MIME sig).
> (I must stop with using "git svn" on the security archive.)
I use it but I pay attention to "dcommit" after each change.
Cheers,
> On 15-01-16 14:23, Paul Gevers wrote:
> > Hi,
> >
> > Just in case my message doesn't get through to the announce list, below
> > is the message I sent 15 minutes ago. I would appreciate it when
> > somebody resents it when it takes too long.
> >
> > Paul
> >
> >
> > -------- Forwarded Message --------
> > Subject: [SECURITY] [DLA 381-1] dbconfig-common security update
> > Date: Fri, 15 Jan 2016 14:07:39 +0100
> > From: Paul Gevers <elbrus@debian.org>
> > To: debian-lts-announce@lists.debian.org
> >
> > Package : dbconfig-common
> > Version : 1.8.46+squeeze.1
> > CVE ID : NA
> > Debian Bug : 805638
> >
> > It was discovered that dbconfig-common could, depending on the local
> > umask, make PostgreSQL database backups that were readable by other
> > users than the database owner. The issue is fixed in version
> > 1.8.46+squeeze.1. Access rights to existing database backups (not only
> > for PostgreSQL) will be limited to the owner of the backup during the
> > upgrade of dbconfig-common to this version. Future upgrades will not
> > change access rights in case the local administrator has specific
> > requirements.
> >
> > dbconfig-common is a Debian helper package that is used by a number of
> > packages to manage the corresponding database.
> >
> >
> >
> >
> >
>
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: