Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>: Bug#711172; Package phpbb3.
(Wed, 05 Jun 2013 08:21:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Andreas Beckmann <anbe@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>.
(Wed, 05 Jun 2013 08:21:07 GMT) (full text, mbox, link).
Package: phpbb3
Version: 3.0.11-3
Severity: serious
Tags: security
User: debian-qa@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package creates a world
writable file:
-rw-rw-rw- 1 root www-data 34 May 29 14:47 /var/cache/phpbb3/cache/phpbb3/data_hooks.php
This was observed on upgrades from sid to experimental.
So far I didn't notice it in any other install or upgrade path.
Andreas
Added tag(s) pending.
Request was from www-data <www-data@wolffelaar.nl>
to control@bugs.debian.org.
(Thu, 13 Jun 2013 03:27:04 GMT) (full text, mbox, link).
Message sent on
to Andreas Beckmann <anbe@debian.org>:
Bug#711172.
(Thu, 13 Jun 2013 03:27:08 GMT) (full text, mbox, link).
Source: phpbb3
Source-Version: 3.0.11-4
We believe that the bug you reported is fixed in the latest version of
phpbb3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 711172@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <taffit@debian.org> (supplier of updated phpbb3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 13 Jun 2013 15:35:45 -0400
Source: phpbb3
Binary: phpbb3 phpbb3-l10n
Architecture: source all
Version: 3.0.11-4
Distribution: unstable
Urgency: high
Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Changed-By: David Prévot <taffit@debian.org>
Description:
phpbb3 - full-featured, skinnable non-threaded web forum
phpbb3-l10n - additional language files for phpBB
Closes: 711172
Changes:
phpbb3 (3.0.11-4) unstable; urgency=high
.
* Fix chown in cache (closes: #711172)
* Fix world-writable directories
Checksums-Sha1:
e0474d9313cc360918ad41ec99b05e5fbfe03279 14593 phpbb3_3.0.11-4.dsc
3a3732ec901885789f3a07112f0db0a06c4702b6 120744 phpbb3_3.0.11-4.debian.tar.gz
8245e03714277a0e9b17d55824b5eb17ea81de42 2288374 phpbb3_3.0.11-4_all.deb
22f2d6fc73b328154c3a2e6634bee1aa6a4587a7 8654618 phpbb3-l10n_3.0.11-4_all.deb
Checksums-Sha256:
714b9eafef6c67295d2970f625e0e6f4d76a8a7f0f432a5b23983c1c12a6cde9 14593 phpbb3_3.0.11-4.dsc
d6cc992d89382d081bc194f29e72a7813d92cf0221b34a0549f2540ef3823d02 120744 phpbb3_3.0.11-4.debian.tar.gz
d725a6c0248755beec482e6ded512270a2789105395ca9775b87e56a8fb604c7 2288374 phpbb3_3.0.11-4_all.deb
eb9ec67fa74c31f086a0a0b1900bf76cf6140bca149f342f6f6b96f14565ec27 8654618 phpbb3-l10n_3.0.11-4_all.deb
Files:
1f3a621f39fc3eb469391fecc011e4fe 14593 web optional phpbb3_3.0.11-4.dsc
1c47f35b444ff740fd257d5db58567ae 120744 web optional phpbb3_3.0.11-4.debian.tar.gz
b2ec4bef6ca9f105e980aa310ec95f02 2288374 web optional phpbb3_3.0.11-4_all.deb
e2f893db1cb678a4f57411c7b5633d77 8654618 localization optional phpbb3-l10n_3.0.11-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJRuiIPAAoJEAWMHPlE9r08MDcH+gJIcuB/BCW65mn94IOVEMwN
jFzVDV5WQKtzr7eBOFUPlBvuc+IMaZCRo6lRfv1EbufbMJeDz/FrHmxGIywdHrf6
GI/dKkkK+JjZkz/yt+MCAADkTlwhCy9uOijuz52e7vsZwRIQsdSoJoJh/vE7+RBu
OWU0xJvbPoeVE3XsFVeplAccDYyNrvNVii96fZQ0puBgsYmk0/+od/v8I+aWF58/
q45doMBaX+7p1kRxc/xJWCrzALheNQnl9EME6+sSL7fWLdVfKCfRuXZH/yTJDXqp
Xu15/+lsASjUx2Rm4AcR67k3DWfEgDmkHX/FZAp8TxadA5n/XUu5mVAmMxTz+2g=
=Tt67
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 12 Jul 2013 07:31:53 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Andreas Beckmann <anbe@debian.org>
to control@bugs.debian.org.
(Sun, 25 Jun 2023 13:06:06 GMT) (full text, mbox, link).
Marked as found in versions phpbb3/3.0.7-PL1-4+squeeze1.
Request was from Andreas Beckmann <anbe@debian.org>
to control@bugs.debian.org.
(Sun, 25 Jun 2023 13:06:07 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 24 Jul 2023 07:26:51 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.