Bug#1011651: RFS: logrotate/3.18.0-2+deb11u1 -- Log rotation utility
0 views
Skip to first unread message
Christian Göttsche
May 25, 2022, 7:00:03 PMMay 25
to
Package: sponsorship-requests
Severity: important
X-Debbugs-CC: te...@security.debian.org
Dear mentors,
I am looking for a sponsor for my package "logrotate":
* Package name : logrotate
Version : 3.18.0-2+deb11u1
Upstream Author : https://github.com/logrotate/logrotate/issues
* URL : https://github.com/logrotate/logrotate
* License : GPL-2, GPL-3+, BSD-3-Clause
* Vcs : https://salsa.debian.org/debian/logrotate
Section : admin
The source builds the following binary packages:
logrotate - Log rotation utility
To access further information about this package, please visit the
following URL:
https://mentors.debian.net/package/logrotate/
Alternatively, you can download the package with 'dget' using this command:
dget -x https://mentors.debian.net/debian/pool/main/l/logrotate/logrotate_3.18.0-2+deb11u1.dsc
Changes since the last upload:
logrotate (3.18.0-2+deb11u1) stable; urgency=medium
.
* d/patches: cherry-pick upstream fixes:
- skip locking if state file is world-readable (CVE-2022-1348)
.
- more strict configuration parsing to avoid parsing
parts of foreign files, e.g. core dumps, (see #1002022)
.
- do not use incorrect stat information when verifying an olddir
configuration after creating the olddir
.
- advance pointer in full_write on incomplete write to avoid data
corruption
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004580
and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011644
Regards,
Christian Göttsche
Severity: important
X-Debbugs-CC: te...@security.debian.org
Dear mentors,
I am looking for a sponsor for my package "logrotate":
* Package name : logrotate
Version : 3.18.0-2+deb11u1
Upstream Author : https://github.com/logrotate/logrotate/issues
* URL : https://github.com/logrotate/logrotate
* License : GPL-2, GPL-3+, BSD-3-Clause
* Vcs : https://salsa.debian.org/debian/logrotate
Section : admin
The source builds the following binary packages:
logrotate - Log rotation utility
To access further information about this package, please visit the
following URL:
https://mentors.debian.net/package/logrotate/
Alternatively, you can download the package with 'dget' using this command:
dget -x https://mentors.debian.net/debian/pool/main/l/logrotate/logrotate_3.18.0-2+deb11u1.dsc
Changes since the last upload:
logrotate (3.18.0-2+deb11u1) stable; urgency=medium
.
* d/patches: cherry-pick upstream fixes:
- skip locking if state file is world-readable (CVE-2022-1348)
.
- more strict configuration parsing to avoid parsing
parts of foreign files, e.g. core dumps, (see #1002022)
.
- do not use incorrect stat information when verifying an olddir
configuration after creating the olddir
.
- advance pointer in full_write on incomplete write to avoid data
corruption
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004580
and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011644
Regards,
Christian Göttsche
Reply all
Reply to author
Forward
0 new messages