Register | Log in

sarg

squid analysis report generator

Choose email to subscribe with

general

source: sarg (main)
version: 2.4.0-1
maintainer: Luigi Gangitano (DMD)
arch: any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.3.6-1
oldstable: 2.3.10-2
unstable: 2.4.0-1

versioned links

2.3.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.3.10-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

sarg (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 2.4.0-pre3 high

A new upstream version 2.4.0-pre3 is available, you should consider packaging it.

Created: 2019-12-26 Last update: 2020-02-26 06:38

1 security issue in stretch high

There is 1 open security issue in stretch.

1 important issue:

CVE-2019-18932: log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.

Please fix it.

Created: 2020-01-21 Last update: 2020-02-24 08:03

1 ignored security issue in jessie low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2019-18932: log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.

Please fix it.

Created: 2020-01-21 Last update: 2020-02-24 08:03

testing migrations

excuses:
- Migration status for sarg (- to 2.4.0-1): Waiting for test results, another package or too young (no action required now - check later)
- Issues preventing migration:
- Too young, only 2 of 5 days old
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/s/sarg.html
- Not considered

news

[2020-02-24] Accepted sarg 2.4.0-1 (source) into unstable (Debian FTP Masters) (signed by: Luigi Gangitano)
[2018-08-20] sarg REMOVED from testing (Debian testing watch)
[2018-02-19] sarg 2.3.11-1 MIGRATED to testing (Debian testing watch)
[2018-02-13] Accepted sarg 2.3.11-1 (source amd64) into unstable (Luigi Gangitano)
[2017-08-21] sarg REMOVED from testing (Debian testing watch)
[2016-04-02] sarg 2.3.10-2 MIGRATED to testing (Debian testing watch)
[2016-03-27] Accepted sarg 2.3.10-2 (source amd64) into unstable (Luigi Gangitano)
[2015-08-16] sarg 2.3.10-1 MIGRATED to testing (Britney)
[2015-08-10] Accepted sarg 2.3.10-1 (source amd64) into unstable (Luigi Gangitano)
[2013-05-17] sarg 2.3.6-1 MIGRATED to testing (Debian testing watch)
[2013-05-06] Accepted sarg 2.3.6-1 (source i386) (Luigi Gangitano)
[2012-01-16] sarg 2.3.2-2 MIGRATED to testing (Debian testing watch)
[2012-01-06] Accepted sarg 2.3.2-2 (source i386) (Luigi Gangitano)
[2011-12-26] Accepted sarg 2.3.2-1 (source i386) (Luigi Gangitano)
[2011-03-02] sarg 2.3.1-2 MIGRATED to testing (Debian testing watch)
[2011-02-19] Accepted sarg 2.3.1-2 (source i386) (Luigi Gangitano)
[2011-02-18] Accepted sarg 2.3.1-1 (source i386) (Luigi Gangitano)
[2011-01-02] sarg REMOVED from testing (Debian testing watch)
[2010-07-06] sarg 2.3-1 MIGRATED to testing (Debian testing watch)
[2010-06-25] Accepted sarg 2.3-1 (source i386) (Luigi Gangitano)
[2010-04-14] sarg 2.2.7.1-2 MIGRATED to testing (Debian testing watch)
[2010-04-03] Accepted sarg 2.2.7.1-2 (source i386) (Luigi Gangitano)
[2010-02-27] sarg 2.2.7.1-1 MIGRATED to testing (Debian testing watch)
[2010-02-16] Accepted sarg 2.2.7.1-1 (source i386) (Luigi Gangitano)
[2010-01-17] sarg 2.2.6-1 MIGRATED to testing (Debian testing watch)
[2010-01-11] Accepted sarg 2.2.6-1 (source i386) (Luigi Gangitano)
[2009-01-21] sarg 2.2.5-2 MIGRATED to testing (Debian testing watch)
[2009-01-10] Accepted sarg 2.2.5-2 (source sparc) (Luigi Gangitano)
[2008-03-08] sarg 2.2.5-1 MIGRATED to testing (Debian testing watch)
[2008-03-05] Accepted sarg 2.2.5-1 (source sparc) (Luigi Gangitano)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

buildd: logs, clang, cross
popcon
browse source code
edit tags
security tracker
screenshots
l10n (-, 16)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.3.11-1
1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing