Your message dated Mon, 15 Jul 2019 21:55:00 +0200 with message-id <c5695921-24b9-9fa4-eb2a-d38a34685087@debian.org> and subject line buster has been released; closing open unblock request has caused the Debian Bug report #931375, regarding unblock: calamares-settings-debian/10.0.24-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 931375: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931375 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: calamares-settings-debian/10.0.24-1
- From: Jonathan Carter <jcc@debian.org>
- Date: Wed, 03 Jul 2019 15:41:50 +0200
- Message-id: <[🔎] 156216131023.13964.3270850096694690536.reportbug@adjutant>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package calamares-settings-debian I realise it's 3 days before release weekend, this upload fixes a problem that we can't really fix in a security update. Yesterday a user discovered that their encryption key for their hard disk in a full-disk-encryption setup is world-readable on debian-based systems using initramfs-tools. This affects Calamares users who can now install Debian on in an easy to use full-disk encryption setup. Upstream bug: https://github.com/calamares/calamares/issues/1191 CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-13179 This upload updates the bootloader-config script with this additional snippet: """ # Set secure permissions for the initramfs, # the initramfs is re-generated later in the installation process # so we only set the permissions without regenerating the initramfs now: echo "UMASK=0077" > $CHROOT/etc/initramfs-tools/conf.d/initramfs-permissions """ Which will cause "update-initramfs -u" that runs later in the script to write the initramfs with safe permissions. Without this upload, users will have to write that file theirselves in order to have a setup safe from local users (or users on the system with filesystem access). In such a case we'll note it in the release notes, but I would urge the release team to consider it if there is still any possibility.
--- End Message ---
--- Begin Message ---
- To: 929637-done@bugs.debian.org, 931245-done@bugs.debian.org, 931271-done@bugs.debian.org, 931375-done@bugs.debian.org, 926383-done@bugs.debian.org, 926780-done@bugs.debian.org, 928188-done@bugs.debian.org, 930801-done@bugs.debian.org, 930921-done@bugs.debian.org, 930955-done@bugs.debian.org
- Subject: buster has been released; closing open unblock request
- From: Paul Gevers <elbrus@debian.org>
- Date: Mon, 15 Jul 2019 21:55:00 +0200
- Message-id: <c5695921-24b9-9fa4-eb2a-d38a34685087@debian.org>
Hi, buster has been released on July 6, this unblock request is now moot. PaulAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---