[Bug 377485] Re: SECURITY: Please upgrade to the latest SID version
Thanks for the debdiff. The package for jaunty is currently building. ** Changed in: automysqlbackup (Ubuntu Jaunty) Status: In Progress = Fix Committed -- SECURITY: Please upgrade to the latest SID version https://bugs.launchpad.net/bugs/377485 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 377485] Re: SECURITY: Please upgrade to the latest SID version
This bug was fixed in the package automysqlbackup - 2.5-1ubuntu0.1 --- automysqlbackup (2.5-1ubuntu0.1) jaunty-security; urgency=low * SECURITY UPDATE: Fix for world readable backups. (LP: #377485) - automysqlbackup: Create backup with mode 600. - debian/postinst: Change $BACKUPDIR to mode 600. -- Stefan Lesicnik ste...@lsd.co.za Tue, 04 Aug 2009 12:14:28 +0200 ** Changed in: automysqlbackup (Ubuntu Jaunty) Status: Fix Committed = Fix Released -- SECURITY: Please upgrade to the latest SID version https://bugs.launchpad.net/bugs/377485 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 377485] Re: SECURITY: Please upgrade to the latest SID version
We are now 4 months later, after I sent a warning about this package. Jaunty is still using version 2.5-1 that is saving backups of the server's databases world readable. Is it that nobody cares at Ubuntu? It took exactly 2 days in Debian to have this fixed. Why 4 months in Ubuntu? I'm telling you guys, I'm advertising about the lack of package security in Ubuntu, seeing how much this is *bad*. I cannot stress it more: please upgrade ASAP Jaunty to 2.5-3. Thomas -- SECURITY: Please upgrade to the latest SID version https://bugs.launchpad.net/bugs/377485 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 377485] Re: SECURITY: Please upgrade to the latest SID version
Patch taken from Debian. Tested by installing autobackupmysql and noting that files we're 644. Test build completed with no problems. Installed the new built deb and the postinst modified my files to 600. Created a new backup and the files were marked 600. ** Attachment added: jaunty-debdiff http://launchpadlibrarian.net/29887232/jaunty-debdiff ** Changed in: automysqlbackup (Ubuntu Jaunty) Status: Triaged = In Progress -- SECURITY: Please upgrade to the latest SID version https://bugs.launchpad.net/bugs/377485 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 377485] Re: SECURITY: Please upgrade to the latest SID version
FYI: I wont do more work than just warning you about the security issue, as I do not use Ubuntu at all. But I really think that someone should take care of this one. Databases often have loads of passwords in them, and this would reveal them to any user of the system. Also, please note that the package fix has been review and approved by a Debian security team member (can't remember who). Thomas -- SECURITY: Please upgrade to the latest SID version https://bugs.launchpad.net/bugs/377485 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 377485] Re: SECURITY: Please upgrade to the latest SID version
Thank you for taking the time to report a bug. This package is in universe and is community supported. If you or someone else are able, perhaps debdiffs could be prepared to fix this issue by following https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures. ** Visibility changed to: Public ** Also affects: automysqlbackup (Ubuntu Jaunty) Importance: Undecided Status: New ** Also affects: automysqlbackup (Ubuntu Karmic) Importance: Undecided Status: New ** Changed in: automysqlbackup (Ubuntu Jaunty) Importance: Undecided = Medium ** Changed in: automysqlbackup (Ubuntu Jaunty) Status: New = Triaged ** Changed in: automysqlbackup (Ubuntu Karmic) Status: New = Confirmed -- SECURITY: Please upgrade to the latest SID version https://bugs.launchpad.net/bugs/377485 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 377485] Re: SECURITY: Please upgrade to the latest SID version
Karmic has 2.5-3 now. ** Changed in: automysqlbackup (Ubuntu Karmic) Status: Confirmed = Fix Released -- SECURITY: Please upgrade to the latest SID version https://bugs.launchpad.net/bugs/377485 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
