Your message dated Tue, 27 Jan 2015 13:44:50 +0100 with message-id <54C78842.8010903@thykier.net> and subject line Re: Bug#776378: unblock: pxz/4.999.99~beta3+git659fc9b-3 has caused the Debian Bug report #776378, regarding unblock: pxz/4.999.99~beta3+git659fc9b-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 776378: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776378 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: unblock: pxz/4.999.99~beta3+git659fc9b-3
- From: Holger Levsen <holger@layer-acht.org>
- Date: Tue, 27 Jan 2015 13:34:35 +0100
- Message-id: <[🔎] 201501271334.36698.holger@layer-acht.org>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Dear release team, This is an unblock approval request for pxz fixing an important security bug with a trivial patch which just sets the correct umask: ~/Projects/pxz/collab-maint$ debdiff pxz_4.999.99~beta3+git659fc9b-2.dsc pxz_4.999.99~beta3+git659fc9b-3.dsc diff -Nru pxz-4.999.99~beta3+git659fc9b/debian/changelog pxz-4.999.99~beta3+git659fc9b/debian/changelog --- pxz-4.999.99~beta3+git659fc9b/debian/changelog 2014-08-04 16:07:17.000000000 +0200 +++ pxz-4.999.99~beta3+git659fc9b/debian/changelog 2015-01-27 12:34:39.000000000 +0100 @@ -1,3 +1,10 @@ +pxz (4.999.99~beta3+git659fc9b-3) unstable; urgency=medium + + * CVE-2015-1200: Fix race condition in setting permissions. Thanks to + Moritz Mühlenhoff for the patch. (Closes: #775306) + + -- Holger Levsen <holger@debian.org> Tue, 27 Jan 2015 12:34:37 +0100 + pxz (4.999.99~beta3+git659fc9b-2) unstable; urgency=medium * Bump Standards Version to 3.9.5, no changes needed. diff -Nru pxz-4.999.99~beta3+git659fc9b/debian/patches/CVE-2015-1200-Fix-race-condition-in-setting-permissions.patch pxz-4.999.99~beta3+git659fc9b/debian/patches/CVE-2015-1200-Fix-race-condition-in-setting-permissions.patch --- pxz-4.999.99~beta3+git659fc9b/debian/patches/CVE-2015-1200-Fix-race-condition-in-setting-permissions.patch 1970-01-01 01:00:00.000000000 +0100 +++ pxz-4.999.99~beta3+git659fc9b/debian/patches/CVE-2015-1200-Fix-race-condition-in-setting-permissions.patch 2015-01-27 12:33:33.000000000 +0100 @@ -0,0 +1,27 @@ +From 31ac8e5bd6a437a5e1acd8e1a3c1c8f2b514629f Mon Sep 17 00:00:00 2001 +From: Holger Levsen <holger@layer-acht.org> +Date: Tue, 27 Jan 2015 12:29:50 +0100 +Subject: [PATCH] CVE-2015-1200 + +Fix race condition in setting permissions. (Closes: #775306) +Thanks to Moritz Mühlenhoff for the patch. + +--- + pxz.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/pxz.c b/pxz.c +index cfdb172..9404f0b 100644 +--- a/pxz.c ++++ b/pxz.c +@@ -285,6 +285,7 @@ int main( int argc, char **argv ) { + } + + fo = stdout; ++ umask(077); + if ( std_in ) { + fi = stdin; + } else { +-- +1.9.1 + diff -Nru pxz-4.999.99~beta3+git659fc9b/debian/patches/series pxz-4.999.99~beta3+git659fc9b/debian/patches/series --- pxz-4.999.99~beta3+git659fc9b/debian/patches/series 2013-05-27 22:48:38.000000000 +0200 +++ pxz-4.999.99~beta3+git659fc9b/debian/patches/series 2015-01-27 12:31:23.000000000 +0100 @@ -1 +1,2 @@ fix-man-keep-option.patch +CVE-2015-1200-Fix-race-condition-in-setting-permissions.patch The package has been uploaded and accepted into sid. Thanks for your work on jessie! cheers, HolgerAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
- To: Holger Levsen <holger@layer-acht.org>, 776378-done@bugs.debian.org
- Subject: Re: Bug#776378: unblock: pxz/4.999.99~beta3+git659fc9b-3
- From: Niels Thykier <niels@thykier.net>
- Date: Tue, 27 Jan 2015 13:44:50 +0100
- Message-id: <54C78842.8010903@thykier.net>
- In-reply-to: <[🔎] 201501271334.36698.holger@layer-acht.org>
- References: <[🔎] 201501271334.36698.holger@layer-acht.org>
On 2015-01-27 13:34, Holger Levsen wrote: > Package: release.debian.org > Severity: normal > User: release.debian.org@packages.debian.org > Usertags: unblock > > Dear release team, > > This is an unblock approval request for pxz fixing an important security bug > with a trivial patch which just sets the correct umask: > > [...] > > cheers, > Holger > Unblocked, thanks. ~Niels
--- End Message ---