quassel-core creates world-readable directories

This bug was fixed in the package quassel - 0.7.3-0ubuntu2

---------------
quassel (0.7.3-0ubuntu2) oneiric; urgency=low

  * Set permissions of /var/lib/quassel and /var/log/quassel to 750.
    (LP: #846922)
  * Set permissions of /var/lib/quassel/quasselCert.pem to 640.
  * Update home dir of quasselcore user and stop the daemon before doing so.
  * Drop quasselcore-makecert script since it's completely broken since at
    least lucid and there is no need to update the self-signed certificate.
  * Drop README.source since the package has been converted to the 3.0 (quilt)
    format.
  * Update watch file so it only matches real version numbers.
  * Bump Standards-Version to 3.9.2, no changes needed.
  * Use kde debhelper buildsystem instead of calling the kubuntu l10n scripts
    manually.
  * Fix typo in quasselcore init script so it waits 5 seconds before checking
    if quasselcore started successfully. (LP: #777191)
 -- Felix Geyer <email address hidden> Mon, 12 Sep 2011 00:06:01 +0200

Attaching a fix for natty. I can generate debdiffs for lucid and maverick if this one is okay.

quassel (0.7.2-0ubuntu2.3) natty-security; urgency=low

  * SECURITY UPDATE: data and log dir are world-readable (LP: #846922)
    - Set permissions of /var/lib/quassel and /var/log/quassel to 750.
    - Set permissions of /var/lib/quassel/quasselCert.pem to 640.

 -- Felix Geyer <email address hidden> Mon, 26 Sep 2011 18:41:25 +0200

Thanks for the debdiff, Felix! It has my ack.

Once you get a chance to generate the lucid and maverick debdiffs, I'll upload them all for building.

maverick debdiff

lucid debdiff

Thanks for reviewing it.
I've attached the remaining debdiffs.

This bug was fixed in the package quassel - 0.7.2-0ubuntu2.3

---------------
quassel (0.7.2-0ubuntu2.3) natty-security; urgency=low

  * SECURITY UPDATE: data and log dir are world-readable (LP: #846922)
    - Set permissions of /var/lib/quassel and /var/log/quassel to 750.
    - Set permissions of /var/lib/quassel/quasselCert.pem to 640.
 -- Felix Geyer <email address hidden> Mon, 26 Sep 2011 18:41:25 +0200

This bug was fixed in the package quassel - 0.7.1-0ubuntu1.2

---------------
quassel (0.7.1-0ubuntu1.2) maverick-security; urgency=low

  * SECURITY UPDATE: data and log dir are world-readable (LP: #846922)
    - Set permissions of /var/lib/quassel and /var/log/quassel to 750.
    - Set permissions of /var/lib/quassel/quasselCert.pem to 640.
 -- Felix Geyer <email address hidden> Wed, 12 Oct 2011 23:48:38 +0200

This bug was fixed in the package quassel - 0.6.1-0ubuntu1.3

---------------
quassel (0.6.1-0ubuntu1.3) lucid-security; urgency=low

  * SECURITY UPDATE: data and log dir are world-readable (LP: #846922)
    - Set permissions of /var/lib/quassel and /var/log/quassel to 750.
    - Set permissions of /var/lib/quassel/quasselCert.pem to 640.
 -- Felix Geyer <email address hidden> Wed, 12 Oct 2011 23:50:47 +0200

Please backport quassel 0.7.2-0ubuntu2.3 (natty-security) to maverick and lucid.
This fixes the security issue in the existing backports.

Have you check it works (builds, installs and runs)?

Yes, I have tested it on both releases.

ok, cheers, ack from ubuntu-backporters

please backport quassel from natty-security to maverick, lucid

Unsubscribing ubuntu-security-sponsors since all packages going into the security pocket have been released.

I: Extracting quassel_0.7.2-0ubuntu2.3.dsc ... done.
I: Building backport of quassel as 0.7.2-0ubuntu2.3~maverick1 ... done.

I: Extracting quassel_0.7.2-0ubuntu2.3.dsc ... done.
I: Building backport of quassel as 0.7.2-0ubuntu2.3~lucid1 ... done.