-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 06 Sep 2015 07:23:33 +0200 Source: publicfile-installer Binary: publicfile-installer Architecture: source all Version: 0.11-1 Distribution: unstable Urgency: low Maintainer: Joost van Baal-Ilić <joostvb@debian.org> Changed-By: Joost van Baal-Ilić <joostvb@debian.org> Description: publicfile-installer - installer package for the publicfile http and ftp server Closes: 795062 Changes: publicfile-installer (0.11-1) unstable; urgency=low . * New upstream. No longer ships install-publicfile, no longer uses /tmp. This fixes a serious security issue: a local privilage escalation security hole due to insecure use of /tmp. "This [...] package downloads the source code for DJB's publicfile, builds it, and then puts the output in a predictable location in a world-writable directory, using an existing directory of that name if it already exists, then (either automatically or by telling the admin to run another script) installs whatever happens to be in that directory. This can be exploited by malicious local users to get arbitrary installscripts executed as root." Thanks Justin B Rye. Closes: #795062. + debian/templates: adjusted. + debian/control: Depends: add sudo. * debian/changelog: fix spelling error. Checksums-Sha1: 420a02e48c1febf15a285307b315c6da01ed87b4 1580 publicfile-installer_0.11-1.dsc 0acd86aeee87338c9765a88cf953769c475d7cab 18873 publicfile-installer_0.11.orig.tar.gz adb698e9182ebb4baa2cca2a300a546d52287b3a 4928 publicfile-installer_0.11-1.debian.tar.xz b8c59952328536d8ecd0424fcb2520549afd05d6 11676 publicfile-installer_0.11-1_all.deb Checksums-Sha256: ec50bac4902c8730bd6b95d59e5e87d0b735968dd3eae54abf72f0ec8baf4c2f 1580 publicfile-installer_0.11-1.dsc b7b4897473006da7fbef6ace95f817e6073f85e26a331d236774fd11b80382bd 18873 publicfile-installer_0.11.orig.tar.gz 7611358999414f05f58c1c7a52726f3ccf9ed488c0573c71d2360149982ee572 4928 publicfile-installer_0.11-1.debian.tar.xz 51ee9d383d9f14eab25b35ca3a0c0c58218935a295f481c5cebc0af825f58c51 11676 publicfile-installer_0.11-1_all.deb Files: 2d21fe4255426e9e3026b82f5b3dc1b3 1580 contrib/net extra publicfile-installer_0.11-1.dsc 51703972ffd065a82f3ef774c262d99a 18873 contrib/net extra publicfile-installer_0.11.orig.tar.gz 640dd63aa49c86f0a24c3363d95f041d 4928 contrib/net extra publicfile-installer_0.11-1.debian.tar.xz cd06a3f61cb056f3406b24541873ca08 11676 contrib/net extra publicfile-installer_0.11-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJV6848AAoJEDNRenKl5rDIps0IAIHMJrwT3NcbNdfeEQp+dk4F 1jqSdBXKN+VytV6s4TZHBENuyGRZQVb0p094t5EKRLwYI0fOwhKx5VydnRQebE60 cFkPOiPet//fYhTMLpw/FCKZprQmZioIR17USwx9aHoXy+ufgaa2Mtz0X+Y3yRfr SNJTd9EiCPnz4haoRxa3PYkucDTFVkeoXkfStp4TaMcJ6qushJemLbV++KF4mSCI yCFCnzOSncDcSrEyPutQNafaOLMERH3yGjqJN/e+QDqPXR5eSMYT9LyM1BakHszz iiLQeZe/w2ybKKuyEE3If8foXnSUUghwwLGTaPw40Bi8P9DuF3yBXATRuHlbda8= =dVQv -----END PGP SIGNATURE-----
