Your message dated Mon, 07 Sep 2009 22:33:42 +0000
with message-id <e1mkmmm-000118...@ries.debian.org>
and subject line Bug#543785: fixed in backintime 0.9.26-3
has caused the Debian Bug report #543785,
regarding backintime-common: backintime make world readable file in backup when
it remove old backup
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
543785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: backintime-common
Version: 0.9.26-2
Severity: grave
Tags: security
Justification: user security hole
When asking backintime to remove an old backup, it first change mode
of all file of the backup to 777, allowing potentially every local
user to read and modify those before they are deleted (and this could take some
time).
Worst still, if a file is shared between several backup, as the file's
mode are also shared, it stay world readable and writable in those
other backup.
Note that one do not need to change the mode of a file to suppress it:
only the mode of the directory need to be changed. The other advantage
to change the mode only for directories is that they are not shared
between backup, so the changed mode don't stay for long period of
time.
-- System Information:
Debian Release: squeeze/sid
APT prefers transitional
APT policy: (500, 'transitional'), (500, 'unstable'), (500, 'testing'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30.4 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages backintime-common depends on:
ii cron 3.0pl1-106 process scheduling daemon
ii python 2.5.4-2 An interactive high-level object-o
ii python-support 1.0.3 automated rebuilding support for P
ii rsync 3.0.6-1 fast remote file copy program (lik
backintime-common recommends no packages.
backintime-common suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: backintime
Source-Version: 0.9.26-3
We believe that the bug you reported is fixed in the latest version of
backintime, which is due to be installed in the Debian FTP archive:
backintime-common_0.9.26-3_all.deb
to pool/main/b/backintime/backintime-common_0.9.26-3_all.deb
backintime-gnome_0.9.26-3_all.deb
to pool/main/b/backintime/backintime-gnome_0.9.26-3_all.deb
backintime-kde_0.9.26-3_all.deb
to pool/main/b/backintime/backintime-kde_0.9.26-3_all.deb
backintime_0.9.26-3.diff.gz
to pool/main/b/backintime/backintime_0.9.26-3.diff.gz
backintime_0.9.26-3.dsc
to pool/main/b/backintime/backintime_0.9.26-3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 543...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <deb...@jwiltshire.org.uk> (supplier of updated backintime
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 07 Sep 2009 21:53:28 +0100
Source: backintime
Binary: backintime-common backintime-gnome backintime-kde
Architecture: source all
Version: 0.9.26-3
Distribution: unstable
Urgency: high
Maintainer: Jonathan Wiltshire <deb...@jwiltshire.org.uk>
Changed-By: Jonathan Wiltshire <deb...@jwiltshire.org.uk>
Description:
backintime-common - simple backup/snapshot system
backintime-gnome - GNOME front-end for backintime
backintime-kde - KDE front-end for backintime
Closes: 543785
Changes:
backintime (0.9.26-3) unstable; urgency=high
.
* Fix typo in debian/rules
* New patch no-chmod-777.patch to stop common/snapshots.py from making
all files world-readable and writeable before deleting a backup.
(Closes: #543785) - thanks to Rémi Vanicat, Bart de Koning
Checksums-Sha1:
1549ae8b8fef26d386d31761a8ab308f2f8c8f1b 1246 backintime_0.9.26-3.dsc
e45972eef86ca4003a5d1fbb344ab4c4810b4008 4699 backintime_0.9.26-3.diff.gz
a32c3d104917278687b61309d08ae88f0d739ba6 77444
backintime-common_0.9.26-3_all.deb
1ab7d6b9100157f9bf440dfa86e3eb9d419942ba 419388
backintime-gnome_0.9.26-3_all.deb
24f5b32dcd260b01a0ab5b6ee8a72c00c8a5766f 334654 backintime-kde_0.9.26-3_all.deb
Checksums-Sha256:
c2c7ac6a827ab0ebca1547602c67699ee3b175af69b2071d31103ac5560a0735 1246
backintime_0.9.26-3.dsc
7a2522fcb868ba82143f3502b3814bf62ad5a5ed38434f5097858ef15954a378 4699
backintime_0.9.26-3.diff.gz
614dffcc535e2cc145b39e607ed03fbce36caacd478e2f34c18a321ff0ac2022 77444
backintime-common_0.9.26-3_all.deb
102babc33f37b936e03a1ae1a635d704b20eaa1d252b1caf1ec4e03a08caac58 419388
backintime-gnome_0.9.26-3_all.deb
08543295ea99d5d79018c175ae42e54fc4631cf824a570e8a5faa089d6e27ae4 334654
backintime-kde_0.9.26-3_all.deb
Files:
49e40593e2eb231b08d5202b87b6facb 1246 utils extra backintime_0.9.26-3.dsc
193f909bb20f0f23321714afd9bdc425 4699 utils extra backintime_0.9.26-3.diff.gz
e3fdb5ed45b135d7c223284b77af526b 77444 utils extra
backintime-common_0.9.26-3_all.deb
e37999023ed5d9477bcac73944cca004 419388 utils extra
backintime-gnome_0.9.26-3_all.deb
cbf32dba693d14d8c9e351e122a4b75c 334654 utils extra
backintime-kde_0.9.26-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkqlet0ACgkQB01zfu119ZnqRwCfZ/2zHEbvP6Vs1gxPqpbgRX2U
CoQAoISMZlRQOU5eiEFLVVsgbmZ1Z8LC
=3yO/
-----END PGP SIGNATURE-----
--- End Message ---
