Accepted shorewall 2.0.2-4ubuntu2 (source)

Martin Pitt mpitt at debian.org
Fri Sep 10 08:30:01 CDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 10 Sep 2004 15:13:50 +0200
Source: shorewall
Binary: shorewall
Architecture: source
Version: 2.0.2-4ubuntu2
Distribution: warty
Urgency: low
Maintainer: Lorenzo Martignoni <lorenzo.martignoni at poste.it>
Changed-By: Martin Pitt <mpitt at debian.org>
Description: 
 shorewall  - Shoreline Firewall (Shorewall)
Changes: 
 shorewall (2.0.2-4ubuntu2) warty; urgency=low
 .
   * security update: insecure temporary file handling was not yet fixed in
     Warty. See http://bugs.debian.org/256377 for details.
     Applied patch from Javier Fernandez-Sanguino Pena <jfs at computer.org>,
     thanks to him.
     - patch 07.shorewall.tmpcreation: Use mktemp to create temporary files in
       order to avoid race conditions and symlink attacks when an admin runs
       'shorewall show'
     - debian/rules: Restrict access to /etc/shorewall and /var/lib/shorewall
       to only root users. This avoids providing access to local firewall
       rulesets to users which are not allowed to view them. This will only apply
       to new installations, however.
Files: 
 8b8c3688b41e26b48a76be93f9f8bd2a 662 net optional shorewall_2.0.2-4ubuntu2.dsc
 8a3810931aed6519c3ba039420c8bbdb 28883 net optional shorewall_2.0.2-4ubuntu2.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBQamcDecnbV4Fd/IRAgv7AJ4k5IFqpJp6FVsFJkSOijQ/d7aVZQCdGWGJ
tsUgSRIHaUC2o/RVpatdiPg=
=F7x0
-----END PGP SIGNATURE-----


Accepted:
shorewall_2.0.2-4ubuntu2.diff.gz
  to pool/main/s/shorewall/shorewall_2.0.2-4ubuntu2.diff.gz
shorewall_2.0.2-4ubuntu2.dsc
  to pool/main/s/shorewall/shorewall_2.0.2-4ubuntu2.dsc





More information about the warty-changes mailing list