[pkg-bacula-devel] Bug#881871: stretch-pu: package bacula/7.4.4+dfsg-6
Carsten Leonhardt
leo at debian.org
Wed Nov 15 23:02:29 UTC 2017
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org at packages.debian.org
Usertags: pu
Hi,
we would like to fix the following two problems in stable:
1 ) The bacula packages are vulnerable to a security problem similar to
CVE 2017-14610 (PID files not owned by root). On the downside this
change disables a bacula feature that permits automatic tracebacks on a
crash. I've mailed the security team about this, they recommended a
stable update.
2) Bug #880529: When updating from jessie to stretch, the package
"bacula-director-common" will be removed, but the postrm will stay
around. Upon purging this package, postrm unconditionally removes the
main bacula configuration file /etc/bacula/bacula-dir.conf, leaving
bacula unusable. We fix this by introducing a transitional package that
can then be safely removed.
Regards,
Carsten
-- System Information:
Debian Release: 9.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bacula-7.4.4+dfsg-6_7.4.4+dfsg-6+deb9u1.debdiff
Type: text/x-diff
Size: 4936 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-bacula-devel/attachments/20171116/f829c1a9/attachment.diff>
More information about the pkg-bacula-devel
mailing list