Your message dated Sat, 07 Sep 2019 14:37:11 +0100 with message-id <17351b82f829eb6917f78885cb849c4060b0a4a6.camel@adam-barratt.org.uk> and subject line Closing bugs for fixes included in 9.10 point release has caused the Debian Bug report #928718, regarding stretch-pu: groonga/6.1.5-1+deb9u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 928718: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928718 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Cc: debian-release@lists.debian.org, team@security.debian.org
- Subject: stretch-pu: groonga/6.1.5-1+deb9u1
- From: Kentaro Hayashi <hayashi@clear-code.com>
- Date: Thu, 9 May 2019 23:55:53 +0900
- Message-id: <20190509235553.2e1ed29c9fa520194a495e06@clear-code.com>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: pu This is stretch pu for groonga-6.1.5-1. * It fixes #928304 * debian/groonga-httpd.logrotate debian/groonga-server-gqtp.logrotate - Mitigate privilege escalation by changing the owner and group of logs with "su" option. Reported by Wolfgang Hotwagner. (Closes: #928304) (CVE-2019-11675) I've misunderstood stretch update process, so I've already uploaded groonga-6.1.5-1+deb9u1. Mr Adam D. Barratt noticed me it, so I've now filed as stretch-pu. Thanks! Here is the debdiff: debdiff groonga_6.1.5-1.dsc groonga_6.1.5-1+deb9u1.dsc diff -Nru groonga-6.1.5/debian/changelog groonga-6.1.5/debian/changelog --- groonga-6.1.5/debian/changelog 2017-01-23 19:14:09.000000000 +0900 +++ groonga-6.1.5/debian/changelog 2019-05-07 22:33:11.000000000 +0900 @@ -1,3 +1,13 @@ +groonga (6.1.5-1+deb9u1) stretch; urgency=medium + + * debian/groonga-httpd.logrotate + debian/groonga-server-gqtp.logrotate + - Mitigate privilege escalation by changing the owner and group of logs + with "su" option. Reported by Wolfgang Hotwagner. + (Closes: #928304) (CVE-2019-11675) + + -- Kentaro Hayashi <hayashi@clear-code.com> Tue, 07 May 2019 22:33:11 +0900 + groonga (6.1.5-1) unstable; urgency=medium * New upstream release. diff -Nru groonga-6.1.5/debian/groonga-httpd.logrotate groonga-6.1.5/debian/groonga-httpd.logrotate --- groonga-6.1.5/debian/groonga-httpd.logrotate 2016-12-10 15:18:50.000000000 +0900 +++ groonga-6.1.5/debian/groonga-httpd.logrotate 2019-05-07 22:33:11.000000000 +0900 @@ -1,11 +1,11 @@ /var/log/groonga/httpd/*.log { + su groonga groonga daily missingok rotate 30 compress delaycompress notifempty - create 640 groonga groonga sharedscripts postrotate . /etc/default/groonga-httpd diff -Nru groonga-6.1.5/debian/groonga-server-gqtp.logrotate groonga-6.1.5/debian/groonga-server-gqtp.logrotate --- groonga-6.1.5/debian/groonga-server-gqtp.logrotate 2016-12-10 15:18:50.000000000 +0900 +++ groonga-6.1.5/debian/groonga-server-gqtp.logrotate 2019-05-07 22:33:11.000000000 +0900 @@ -1,11 +1,11 @@ /var/log/groonga/*-gqtp.log { + su groonga groonga daily missingok rotate 30 compress delaycompress notifempty - create 640 groonga groonga sharedscripts postrotate . /etc/default/groonga-server-gqtpAttachment: groonga_6.1.5-1+deb9u1.debian.tar.xz
Description: application/xzAttachment: groonga_6.1.5-1+deb9u1.dsc
Description: Binary dataAttachment: groonga_6.1.5-1+deb9u1_source.buildinfo
Description: Binary dataAttachment: groonga_6.1.5-1+deb9u1_source.changes
Description: Binary data
--- End Message ---
--- Begin Message ---
- To: 891581-done@bugs.debian.org, 906258-done@bugs.debian.org, 912367-done@bugs.debian.org, 915935-done@bugs.debian.org, 916650-done@bugs.debian.org, 922385-done@bugs.debian.org, 922930-done@bugs.debian.org, 924278-done@bugs.debian.org, 926481-done@bugs.debian.org, 928213-done@bugs.debian.org, 928271-done@bugs.debian.org, 928276-done@bugs.debian.org, 928292-done@bugs.debian.org, 928553-done@bugs.debian.org, 928556-done@bugs.debian.org, 928718-done@bugs.debian.org, 929246-done@bugs.debian.org, 929255-done@bugs.debian.org, 929257-done@bugs.debian.org, 929611-done@bugs.debian.org, 929613-done@bugs.debian.org, 930112-done@bugs.debian.org, 930123-done@bugs.debian.org, 930420-done@bugs.debian.org, 930438-done@bugs.debian.org, 930630-done@bugs.debian.org, 931350-done@bugs.debian.org, 931386-done@bugs.debian.org, 931610-done@bugs.debian.org, 931723-done@bugs.debian.org, 931968-done@bugs.debian.org, 932175-done@bugs.debian.org, 932665-done@bugs.debian.org, 932944-done@bugs.debian.org, 933176-done@bugs.debian.org, 933218-done@bugs.debian.org, 933651-done@bugs.debian.org, 933653-done@bugs.debian.org, 933793-done@bugs.debian.org, 933828-done@bugs.debian.org, 933970-done@bugs.debian.org, 934342-done@bugs.debian.org, 934356-done@bugs.debian.org, 934508-done@bugs.debian.org, 934518-done@bugs.debian.org, 934688-done@bugs.debian.org, 934741-done@bugs.debian.org, 934775-done@bugs.debian.org, 934952-done@bugs.debian.org, 935158-done@bugs.debian.org, 935254-done@bugs.debian.org, 935366-done@bugs.debian.org, 935367-done@bugs.debian.org, 935368-done@bugs.debian.org, 935369-done@bugs.debian.org, 935445-done@bugs.debian.org, 935460-done@bugs.debian.org, 935473-done@bugs.debian.org, 935481-done@bugs.debian.org, 935581-done@bugs.debian.org, 935599-done@bugs.debian.org, 935708-done@bugs.debian.org, 935947-done@bugs.debian.org, 935976-done@bugs.debian.org, 935999-done@bugs.debian.org, 936051-done@bugs.debian.org, 936062-done@bugs.debian.org, 936067-done@bugs.debian.org, 938926-done@bugs.debian.org, 938997-done@bugs.debian.org, 939063-done@bugs.debian.org
- Subject: Closing bugs for fixes included in 9.10 point release
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 07 Sep 2019 14:37:11 +0100
- Message-id: <17351b82f829eb6917f78885cb849c4060b0a4a6.camel@adam-barratt.org.uk>
Version: 9.10 Hi, The fixes referenced by each of these bugs were included in today's stretch point release (9.10). Regards, Adam
--- End Message ---