Debian Package Tracker

From: Hugo Lefeuvre <hle@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted tmpreaper 1.6.13+nmu1+deb8u1 (source amd64) into oldstable
Date: Thu, 24 Jan 2019 14:20:11 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 23 Jan 2019 09:33:21 +0100
Source: tmpreaper
Binary: tmpreaper
Architecture: source amd64
Version: 1.6.13+nmu1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Paul Slootman <paul@debian.org>
Changed-By: Hugo Lefeuvre <hle@debian.org>
Description:
 tmpreaper  - cleans up files in directories based on their age
Changes:
 tmpreaper (1.6.13+nmu1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2019-3461:
     There was a race condition when tmpreaper was testing for a (bind) mount,
     which was done via rename() which could potentially lead to a file being
     placed elsewhere on the filesystem hierarchy (e.g. /etc/cron.d/) if the
     directory being cleaned up was on the same physical filesystem.
     This has been fixed by using an alternative way of looking for bind mounts
     using code from mountpoint (from the util-linux package).
Checksums-Sha1:
 dbcd708ca3cbc3344622b3a6ef1f259aad3c6388 1140 tmpreaper_1.6.13+nmu1+deb8u1.dsc
 c25a488afd2460b816b87b1cfd5ddc4f87dae0f1 160432 tmpreaper_1.6.13+nmu1+deb8u1.tar.gz
 4372b274952d38eafb39157acf86735eb7bb2592 50546 tmpreaper_1.6.13+nmu1+deb8u1_amd64.deb
Checksums-Sha256:
 86b4af178757ad55b4648bd3f96724081120e0f0a1ef8ae45abc3dc07e653684 1140 tmpreaper_1.6.13+nmu1+deb8u1.dsc
 ad58d240757fb905af1344398307cc1df84d1be167b3ec7580cdec620e198c49 160432 tmpreaper_1.6.13+nmu1+deb8u1.tar.gz
 ef0e088ff07d49f787d15be362e0066cfb01f4089aca3178cd2487fa1cff0704 50546 tmpreaper_1.6.13+nmu1+deb8u1_amd64.deb
Files:
 fe962d662e65b5ac165d056437e65510 1140 admin optional tmpreaper_1.6.13+nmu1+deb8u1.dsc
 9cf8d01c23246dc5b277099cf28a4396 160432 admin optional tmpreaper_1.6.13+nmu1+deb8u1.tar.gz
 8e8d859dfa88f8d65d8bbb3ac7fb1608 50546 admin optional tmpreaper_1.6.13+nmu1+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlxJxjAACgkQZYVUZx9w
0DQMtwgAsS4cgQ5NmfAzcKCLD8TqQtnQw3raxLIFJn4i4Z0Fg/uDdtdLjmGjMiw9
XvWDI99u7tIZnJLF2qC5bo7IYX7gYJXfAQ0IMw10TLmbnnOJXPfLH5wU5sN29hRe
JSIKzzVYisgx0Uh7dHRENEyjjARfCumD31INbw3du2zUkzz+lRtA2uoR+J8DXCFv
8jZj0IOwEkITbvO3GWbAYJVB48+AbFTVIo/Y90SmWiWj+qpxNdn/5TRiQgrK9uKP
Cmz9wyBj7pI1XtY5KkvK8M9masOrQKhp0cTMTwLche/ekIHP4VZvbSXRucW51d7X
nX9BMlzC2RKLNrp7uORPVC6lej0RtQ==
=0B8Y
-----END PGP SIGNATURE-----

News for package tmpreaper