Package: storebackup Version: 1.18.4-2 Severity: grave Tags: security Justification: user security hole
Although it's not really mentioned in the changelog storebackup 1.19 fixed several security problems, which are still present in Sarge, they've been assigned CAN-2005-3150, CAN-2005-3149 and CAN-2005-3148: Quoting upstream's changelog: - uid and gid were not set correctly for symbolic links in the backups (in the files, not the description of the files) - check for symbolic links before opening temporary files - set permissions of backup root directory to 0755 (independent of umask) - uid and gid were not set correctly for symbolic links when restoring, instead they were changed in the file where the symlink pointed to Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-rc1 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]