Bug#469853: marked as done (cupsys: Logs in /var/log/cups are world-readable)

To: Martin Pitt <mpitt@debian.org>
Subject: Bug#469853: marked as done (cupsys: Logs in /var/log/cups are world-readable)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 16 Mar 2008 22:03:25 +0000
Message-id: <[🔎] handler.469853.D469853.120570496827559.ackdone@bugs.debian.org>
References: <E1Jb0vc-0005ao-0Q@ries.debian.org> <[🔎] 20080307144237.8521.34079.reportbug@gunboat-diplomat.oucs.ox.ac.uk>

Your message dated Sun, 16 Mar 2008 22:02:04 +0000
with message-id <E1Jb0vc-0005ao-0Q@ries.debian.org>
and subject line Bug#469853: fixed in cupsys 1.3.6-2
has caused the Debian Bug report #469853,
regarding cupsys: Logs in /var/log/cups are world-readable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
469853: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469853
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: cupsys: Logs in /var/log/cups are world-readable
From: Dominic Hargreaves <dom@earth.li>
Date: Fri, 07 Mar 2008 14:42:37 +0000
Message-id: <[🔎] 20080307144237.8521.34079.reportbug@gunboat-diplomat.oucs.ox.ac.uk>

Package: cupsys
Version: 1.2.7-4etch2
Severity: important

[note: I believe this bug should be of a higher severity, since it is a
security bug (information disclosure) but the guidelines for severity do
not make it clear which severity I should choose. Feel free to inflate
the severity if you think it's warranted].

[note 2: I have tested that this bug applies in the version of cupsys in
sid, but am not able to specify multiple version numbers; will follow up
with a message to control@]

Cups logs contain potentially sensitive information, which should not be
exposed to normal users. Please make the logs readable by the adm group
only [ref /usr/share/doc/base-passwd/users-and-groups.txt.gz].

Thanks,

Dominic.

--- End Message ---

--- Begin Message ---

To: 469853-close@bugs.debian.org
Subject: Bug#469853: fixed in cupsys 1.3.6-2
From: Martin Pitt <mpitt@debian.org>
Date: Sun, 16 Mar 2008 22:02:04 +0000
Message-id: <E1Jb0vc-0005ao-0Q@ries.debian.org>

Source: cupsys
Source-Version: 1.3.6-2

We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:

cupsys-bsd_1.3.6-2_i386.deb
  to pool/main/c/cupsys/cupsys-bsd_1.3.6-2_i386.deb
cupsys-client_1.3.6-2_i386.deb
  to pool/main/c/cupsys/cupsys-client_1.3.6-2_i386.deb
cupsys-common_1.3.6-2_all.deb
  to pool/main/c/cupsys/cupsys-common_1.3.6-2_all.deb
cupsys-dbg_1.3.6-2_i386.deb
  to pool/main/c/cupsys/cupsys-dbg_1.3.6-2_i386.deb
cupsys_1.3.6-2.diff.gz
  to pool/main/c/cupsys/cupsys_1.3.6-2.diff.gz
cupsys_1.3.6-2.dsc
  to pool/main/c/cupsys/cupsys_1.3.6-2.dsc
cupsys_1.3.6-2_i386.deb
  to pool/main/c/cupsys/cupsys_1.3.6-2_i386.deb
libcupsimage2-dev_1.3.6-2_i386.deb
  to pool/main/c/cupsys/libcupsimage2-dev_1.3.6-2_i386.deb
libcupsimage2_1.3.6-2_i386.deb
  to pool/main/c/cupsys/libcupsimage2_1.3.6-2_i386.deb
libcupsys2-dev_1.3.6-2_i386.deb
  to pool/main/c/cupsys/libcupsys2-dev_1.3.6-2_i386.deb
libcupsys2_1.3.6-2_i386.deb
  to pool/main/c/cupsys/libcupsys2_1.3.6-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 469853@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated cupsys package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 16 Mar 2008 22:34:50 +0100
Source: cupsys
Binary: libcupsys2 libcupsimage2 cupsys cupsys-client libcupsys2-dev libcupsimage2-dev cupsys-bsd cupsys-common cupsys-dbg
Architecture: source all i386
Version: 1.3.6-2
Distribution: unstable
Urgency: low
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description: 
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 cupsys-common - Common UNIX Printing System(tm) - common files
 cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - libs
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
Closes: 313536 376580 426519 469853
Changes: 
 cupsys (1.3.6-2) unstable; urgency=low
 .
   * debian/rules: Configure with default log file permissions 0640.
     (Closes: #469853)
   * debian/control: Mention "lpr" in the description of -bsd, for easier
     apt-cache search catching. (Closes: #426519)
   * Remove debian/NEWS, there's nothing new since Etch's release.
     (Closes: #376580)
   * Add debian/patches/pbmprint.dpatch: Fix printing of PBM files, thanks to
     Eugeniy Meshcheryakov! (Closes: #313536)
   * debian/cupsys.preinst: Only chown /var/run/cups if it exists. (LP #156634)
   * Move scripting examples from cupsys to libcupsys2-dev. No need to install
     those 1.3 MB by default on every system, this is much more developer
     oriented. Mention this in the package description.
   * debian/rules: Explicitly build with -fno-stack-protector on arm and armel,
     since the compiler produces segfaulting binaries. Works around #469517.
   * search_mime_files_in_usr_share.dpatch: Do not fatally fail if
     DataDir/mime does not exist. This both makes much more sense (since
     /etc/cups is the canonical dir which must exist, and /usr/share/cups/mime
     is optional), and also unbreaks the test suite (which does not create this
     directory by default).
   * pidfile.dpatch: Specify PidFile in temporary directory in the self test's
     cupsd.conf.
   * debian/rules clean: Remove test suite HTML reports.
   * Add testsuite-exit-code.dpatch: Exit with nonzero if the test suite fails,
     so that it is easier to integrate into package building.
   * pdftops-cups-1.4.dpatch: Update pdftops location in test suite, too, so
     that it does not fail the PDF printing test. (Forwarded to STR #2759)
   * debian/rules: Run test suite on build. This will fail the build if any
     tests fail, so that problems on particular platforms will be caught
     easily.
   * debian/control: Add alternative (build-)depends to heimdal-dev.
   * debian/rules, debian/cupsys.postinst: Call update-rc.d to not install stop
     symlinks for runlevels 0 and 6, since they just needlessly slow down
     shutdown. Remove the obsolete kill symlinks on upgrade. Patch adopted from
     the Ubuntu branch, but without using the Ubuntu-only 'multiuser' mode of
     update-rc.d.
   * Add debian/local/apparmor-profile: AppArmor profile (taken from Ubuntu
     branch). Install it in debian/rules if package is built on Ubuntu (tested
     with lsb_release -is). Reload AppArmor in debian/cupsys.postinst if both
     the cupsys profile and AppArmor itself are present.
   * Add debian/patches/ubuntu-disable-browsing.dpatch: Disable Browsing by
     default when building on Ubuntu.
   * Add debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Set
     default job error policy to "Retry", since it is less confusing and a
     better default on desktop machines. This is only applied when building on
     Ubuntu.
   * debian/control: Add Vcs-{Svn,Browser} fields.
Files: 
 0563e7870a54c4153f715e7f70e9fe3d 1302 net optional cupsys_1.3.6-2.dsc
 7623bb3c88197787c49d3ba88639f832 110980 net optional cupsys_1.3.6-2.diff.gz
 06c8cdb103a04fc1b5aeae357d9772a6 1127226 net optional cupsys-common_1.3.6-2_all.deb
 a09478cb81af3be407e3087cc51494c5 155754 libs optional libcupsys2_1.3.6-2_i386.deb
 55f5b8bb5f880a2f75ed229afc44f2c4 91318 libs optional libcupsimage2_1.3.6-2_i386.deb
 9df0aa0fd70a1d6beb69efc5746840d0 1918850 net optional cupsys_1.3.6-2_i386.deb
 6f9d125336d7321073ad7a6dea5c1a78 78930 net optional cupsys-client_1.3.6-2_i386.deb
 056d79d7849fc9002bf31ba3dbed761d 382830 libdevel optional libcupsys2-dev_1.3.6-2_i386.deb
 e01bc1a91338b5e709bc7143fdc19140 59694 libdevel optional libcupsimage2-dev_1.3.6-2_i386.deb
 f1f7d4401309e7bb2f39ff1105af3c78 34302 net extra cupsys-bsd_1.3.6-2_i386.deb
 68591e873fe098e65bbcdf4fbf16df07 1059932 libdevel extra cupsys-dbg_1.3.6-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH3ZWRDecnbV4Fd/IRAmNZAJ0W0S+4kdxKgB+ZfdLYW6u9E/agrwCeNiRJ
9Ig10OJVUAkoH9C0epLUhaw=
=gw5d
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#469853: cupsys: Logs in /var/log/cups are world-readable
  - From: Dominic Hargreaves <dom@earth.li>

Prev by Date: Bug#313536: marked as done (libcupsimage2: incorectly prints pbm files)
Next by Date: Bug#426519: marked as done (cupsys-bsd: add 'lpr' in the description for search with apt-cache)
Previous by thread: Bug#469853: cupsys: Logs in /var/log/cups are world-readable
Next by thread: Processed: tagging 469730
Index(es):
- Date
- Thread