Package: storebackup
Version: 1.18.4-2
Severity: grave
Tags: security
Justification: user security hole
Although it's not really mentioned in the changelog storebackup 1.19 fixed
several security problems, which are still present in Sarge, they've been
assigned CAN-2005-3150, CAN-2005-3149 and CAN-2005-3148:
Quoting upstream's changelog:
- uid and gid were not set correctly for symbolic links in the
backups (in the files, not the description of the files)
- check for symbolic links before opening temporary files
- set permissions of backup root directory to 0755
(independent of umask)
- uid and gid were not set correctly for symbolic links when
restoring, instead they were changed in the file where the
symlink pointed to
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
