Gentoo Bug 105764 - app-backup/rdiff-backup restrict bug

First Last Prev Next No search results available Search page Enter new bug

Bug#:	105764
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 105764 depends on:			Show dependency tree Show dependency graph
Bug 105764 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-09-12 22:28 0000

From Changelog: 
 
bug#14209: Security bug with --restrict-read-only and 
--restrict-update-only allowed file statting and directory listing 
outside path.  Bug with --restrict option allowed writes outside path. 
(Reported by Charles Duffy.)

------- Comment #1 From Thierry Carrez (RETIRED) 2005-09-14 03:04:09 0000 -------

Ccing maintainer

------- Comment #2 From Thierry Carrez (RETIRED) 2005-09-21 05:44:04 0000 -------

Ccing a possible herd match as mholzer is apparently missing.

------- Comment #3 From Robin Johnson 2005-09-21 13:45:40 0000 -------

in cvs now, 1.0.1 for this security fix only, 1.0.1-r1 for the new acl/attr
stuff (has new deps that need keywording across arches).

------- Comment #4 From Thierry Carrez (RETIRED) 2005-09-22 01:52:47 0000 -------

Thx Robin.

Archs, please test and mark 1.0.1 stable... I guess 1.0.1-r1 should be left in ~
for the time being.

------- Comment #5 From Gustavo Zacarias (RETIRED) 2005-09-22 08:40:29 0000 -------

sparc stable.

------- Comment #6 From Michael Hanselmann (hansmi) (RETIRED) 2005-09-22 11:01:40 0000 -------

Stable on ppc.

------- Comment #7 From Mark Loeser 2005-09-22 16:26:51 0000 -------

Stable on x86

------- Comment #8 From Thierry Carrez (RETIRED) 2005-09-23 00:27:19 0000 -------

Ready for GLSA vote

------- Comment #9 From Sune Kloppenborg Jeppesen 2005-09-23 01:40:28 0000 -------

I tend to vote NO.

------- Comment #10 From Thierry Carrez (RETIRED) 2005-09-23 13:40:37 0000 -------

I tend to vote NO too...

------- Comment #11 From Thierry Carrez (RETIRED) 2005-09-25 10:33:48 0000 -------

Closing without GLSA, reopen if you disagree.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 105764

app-backup/rdiff-backup restrict bug

Last modified: 2005-09-25 10:33:48 0000