-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 11 Jan 2019 13:27:15 +0100 Source: tmpreaper Binary: tmpreaper Architecture: source amd64 Version: 1.6.14 Distribution: unstable Urgency: medium Maintainer: Paul Slootman <paul@debian.org> Changed-By: Paul Slootman <paul@debian.org> Description: tmpreaper - cleans up files in directories based on their age Closes: 918956 Changes: tmpreaper (1.6.14) unstable; urgency=medium . * Upload to unstable to fix the race condition described in CVE-2019-3461: There was a race condition when tmpreaper was testing for a (bind) mount, which was done via rename() which could potentially lead to a file being placed elsewhere on the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. This has been fixed by using an alternative way of looking for bind mounts using code from mountpoint (from the util-linux package). closes: #918956 Checksums-Sha1: 0b05ef2ad749d2d4cafbcfb36206b2bf8a89a7fa 1437 tmpreaper_1.6.14.dsc 8965085694add283c6baca6c15e237012a4ed3c5 158981 tmpreaper_1.6.14.tar.gz 47417e78521836aa12b7604753f58135d1385a0d 12888 tmpreaper-dbgsym_1.6.14_amd64.deb e3f9b10ccab29600959f81d154dc99743f764762 6011 tmpreaper_1.6.14_amd64.buildinfo c1c06e052e971cea855d45038bc122763b869d12 47432 tmpreaper_1.6.14_amd64.deb Checksums-Sha256: 595b8535fc29b9e2b62e1c01496d2868efbd6cf2450e7d9b38ca60deebe2884c 1437 tmpreaper_1.6.14.dsc 4acb93745ceb8b8c5941313bbba78ceb2af0c3914f1afea0e0ae1f7950d6bdae 158981 tmpreaper_1.6.14.tar.gz 7c8cba09a9c6f109a663860ba10dad408178eb328be2c63190daefb8eb83ba55 12888 tmpreaper-dbgsym_1.6.14_amd64.deb fef0f239f75cb9b6af5ea6abb490c4e99a62b78427c80fcda339091e88b0cb05 6011 tmpreaper_1.6.14_amd64.buildinfo 97acf216bbe125426ceed4db1fcf65d1fdc10c732068a0bea91348c2e05e86f6 47432 tmpreaper_1.6.14_amd64.deb Files: 5c66a8dd6c5280afaecfa2bfbd169dd2 1437 admin optional tmpreaper_1.6.14.dsc a534f2457439fb569a6f62958e653082 158981 admin optional tmpreaper_1.6.14.tar.gz a6110a113b7bf829f95a53db6ed71f65 12888 debug optional tmpreaper-dbgsym_1.6.14_amd64.deb 4198f3976462f848ee4529c344cff83c 6011 admin optional tmpreaper_1.6.14_amd64.buildinfo 890ebe5dc6295e1c8764a4d9ffa521a8 47432 admin optional tmpreaper_1.6.14_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyfNP08AZcbxb9VhpMveNzq0RO4sFAlw4jAgACgkQMveNzq0R O4tUEA//eJxwfdgkVa11tEhPuAHeCCgqU+OREr2FXIebvkmbK/69ve8zN6+uB1Os zSyou34zmm6GZABMnNs5mwiD578jNL49zej+uWT0vlU7iotJheQmGK98rEnl6i0C vP/9K6qMfLXHM/X2q5930rstFx5/SnjrqQFnxskhotDREAuSQPQJbEcRP/krAZD+ HMBGPGfkyJixBSAaKZIjpXwW/vS3VPvoz3vbCGB+1zCK+0aPw+picZNLZ82NEV5c sgbI+jVK+iFXX3OxDfFoevP8UK4TUegx/xLheJDuDr/AUn98l8W0l941T7TvuuLo QKJeyK3+LmaBasfZFVwhP+8rnfGxL1EvJOzraZBrGOMoocy/pfDS95roEzQGBN/D CtH1yiRO7+2Bzz3xB1hVyscINCWqBYewhjhhE6HgxV0pq40s3bUjlnZkeoLhC8nj XR2MazvYVe+C5CiHT267nzaaC2aUSqZYoz9smsYYcdUTUhEYoQ1gxTJ9wHeV5X0e dC7KQDC3WIPiOxzrHFroC60AhUkxk8iYj2niJLCmtHs7weDFTP4B14kaGk2UwgmR 4GXW28T35eWVFDusHd4T5+x3gv1jUN1io+AxvoUZwce7RwPlbiInGiiB5adYPJ2X kSbIR9XAeR8jlciW/UcyabRZ/jMuicIJvPQ1bnFKAdaRxUXJHfE= =MiKu -----END PGP SIGNATURE-----