Your message dated Sat, 18 Jul 2020 13:07:00 +0100 with message-id <b8d89cdfeeda7b6d1ef96a8706a20f9525c2151b.ca...@adam-barratt.org.uk> and subject line Closing requests for fixes included in 9.13 point release has caused the Debian Bug report #964713, regarding stretch-pu: package storebackup/3.2.1-2~deb9u1 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 964713: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964713 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu * Set maintainer to Debian QA Group. (see #856299) * Add patch to change the way the lockfile is opened in the Perl code. (Fixes: CVE-2020-7040) (Closes: #949393) CVE-2020-7040 is "no DSA" in stretch and buster.diff -Nru storebackup-3.2.1/debian/changelog storebackup-3.2.1/debian/changelog --- storebackup-3.2.1/debian/changelog 2012-06-17 07:31:31.000000000 +0300 +++ storebackup-3.2.1/debian/changelog 2020-07-09 14:54:23.000000000 +0300 @@ -1,3 +1,19 @@ +storebackup (3.2.1-2~deb9u1) stretch; urgency=medium + + * QA upload. + * Rebuild for stretch. + + -- Adrian Bunk <b...@debian.org> Thu, 09 Jul 2020 14:54:23 +0300 + +storebackup (3.2.1-2) unstable; urgency=medium + + * QA upload. + * Set maintainer to Debian QA Group. (see #856299) + * Add patch to change the way the lockfile is opened in the Perl code. + (Fixes: CVE-2020-7040) (Closes: #949393) + + -- Adrian Bunk <b...@debian.org> Wed, 08 Jul 2020 15:54:21 +0300 + storebackup (3.2.1-1) unstable; urgency=low * change short description, recommendation from Heinz-Josef Claes diff -Nru storebackup-3.2.1/debian/control storebackup-3.2.1/debian/control --- storebackup-3.2.1/debian/control 2012-06-16 13:21:56.000000000 +0300 +++ storebackup-3.2.1/debian/control 2020-07-08 15:54:21.000000000 +0300 @@ -1,7 +1,7 @@ Source: storebackup Section: utils Priority: optional -Maintainer: Ryan Niebur <r...@debian.org> +Maintainer: Debian QA Group <packa...@qa.debian.org> Build-Depends: debhelper (>= 7.2), perl Standards-Version: 3.9.3 Homepage: http://www.nongnu.org/storebackup/ diff -Nru storebackup-3.2.1/debian/patches/CVE-2020-7040.patch storebackup-3.2.1/debian/patches/CVE-2020-7040.patch --- storebackup-3.2.1/debian/patches/CVE-2020-7040.patch 1970-01-01 02:00:00.000000000 +0200 +++ storebackup-3.2.1/debian/patches/CVE-2020-7040.patch 2020-07-08 15:54:21.000000000 +0300 @@ -0,0 +1,27 @@ +Description: changing the way the lockfile is opened in the Perl code +Author: Jan Ritzerfeld +Author: Utkarsh Gupta <utka...@debian.org> +Bug-Debian: https://bugs.debian.org/949393 +Origin: https://www.openwall.com/lists/oss-security/2020/01/20/3/1 +Last-Update: 2020-02-04 + +--- a/lib/fileDir.pl ++++ b/lib/fileDir.pl +@@ -22,7 +22,7 @@ + + push @VERSION, '$Id: fileDir.pl 364 2012-02-12 14:14:44Z hjc $ '; + +-use Fcntl qw(O_RDWR O_CREAT); ++use Fcntl qw(O_RDWR O_CREAT O_WRONLY O_EXCL); + use POSIX; + + require 'prLog.pl'; +@@ -404,7 +404,7 @@ + '-str' => ["creating lock file <$lockFile>"]); + + &::checkDelSymLink($lockFile, $prLog, 0x01); +- open(FILE, "> $lockFile") or ++ sysopen(FILE, $lockFile, O_WRONLY | O_CREAT | O_EXCL) or + $prLog->print('-kind' => 'E', + '-str' => ["cannot create lock file <$lockFile>"], + '-exit' => 1); diff -Nru storebackup-3.2.1/debian/patches/series storebackup-3.2.1/debian/patches/series --- storebackup-3.2.1/debian/patches/series 2012-06-16 13:19:48.000000000 +0300 +++ storebackup-3.2.1/debian/patches/series 2020-07-08 15:54:21.000000000 +0300 @@ -1 +1,2 @@ fix-spelling-error-in-manpage +CVE-2020-7040.patch
--- End Message ---
--- Begin Message ---Package: release.debian.org Version: 9.13 Hi, All of these requests relate to updates that were included in today's stretch point release. Regards, Adam
--- End Message ---
