Bug#1011651: RFS: logrotate/3.18.0-2+deb11u1 -- Log rotation utility

Skip to first unread message

Christian Göttsche

May 25, 2022, 7:00:03 PMMay 25
Package: sponsorship-requests
Severity: important
X-Debbugs-CC: te...@security.debian.org

Dear mentors,

I am looking for a sponsor for my package "logrotate":

* Package name : logrotate
Version : 3.18.0-2+deb11u1
Upstream Author : https://github.com/logrotate/logrotate/issues
* URL : https://github.com/logrotate/logrotate
* License : GPL-2, GPL-3+, BSD-3-Clause
* Vcs : https://salsa.debian.org/debian/logrotate
Section : admin

The source builds the following binary packages:

logrotate - Log rotation utility

To access further information about this package, please visit the
following URL:


Alternatively, you can download the package with 'dget' using this command:

dget -x https://mentors.debian.net/debian/pool/main/l/logrotate/logrotate_3.18.0-2+deb11u1.dsc

Changes since the last upload:

logrotate (3.18.0-2+deb11u1) stable; urgency=medium
* d/patches: cherry-pick upstream fixes:
- skip locking if state file is world-readable (CVE-2022-1348)
- more strict configuration parsing to avoid parsing
parts of foreign files, e.g. core dumps, (see #1002022)
- do not use incorrect stat information when verifying an olddir
configuration after creating the olddir
- advance pointer in full_write on incomplete write to avoid data

See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004580
and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011644

Christian Göttsche
Reply all
Reply to author
0 new messages