tmpreaper 1.6.13+nmu1+deb9u1build0.16.04.1 source package in Ubuntu

Changelog

tmpreaper (1.6.13+nmu1+deb9u1build0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Sync from Debian
    - fixes CVE-2019-3461.

tmpreaper (1.6.13+nmu1+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * There was a race condition when tmpreaper was testing for a (bind) mount,
    which was done via rename() which could potentially lead to a file being
    placed elsewhere on the filesystem hierarchy (e.g. /etc/cron.d/) if the
    directory being cleaned up was on the same physical filesystem.
    This has been fixed by using an alternative way of looking for bind mounts
    using code from mountpoint (from the util-linux package).

 -- Eduardo Barretto <email address hidden>  Wed, 24 Jul 2019 15:25:43 -0300

Upload details

Uploaded by:
Eduardo Barretto
Uploaded to:
Xenial
Original maintainer:
Paul Slootman
Architectures:
any
Section:
admin
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates universe admin
Xenial security universe admin

Downloads

File Size SHA-256 Checksum
tmpreaper_1.6.13+nmu1+deb9u1build0.16.04.1.tar.gz 159.4 KiB c8c8a3539e57fe2e35a953705dee945ffc2cf33aabd2ab1bcfae84cb3f6d4669
tmpreaper_1.6.13+nmu1+deb9u1build0.16.04.1.dsc 1.5 KiB 0b91b0d4840793548d5963bb9e07aef2027d21cdc34bf2ca788caee8042b9b95

View changes file

Binary packages built by this source

tmpreaper: cleans up files in directories based on their age

 This package provides a program that can be used to clean out temporary-file
 directories. It recursively searches the directory, refusing to chdir()
 across symlinks, and removes files that haven't been accessed in a
 user-specified amount of time. You can specify a set of files to protect
 from deletion with a shell pattern. It will not remove files owned by the
 process EUID that have the `w' bit clear, unless you ask it to, much like
 `rm -f'. `tmpreaper' will not remove symlinks, sockets, fifos, or special
 files unless given a command line option enabling it to.
 .
 WARNING: Please do not run `tmpreaper' on `/'. There are no protections
 against this written into the program, as that would prevent it from
 functioning the way you'd expect it to in a `chroot(8)' environment.
 .
 The daily tmpreaper run can be configured through /etc/tmpreaper.conf .

tmpreaper-dbgsym: debug symbols for package tmpreaper

 This package provides a program that can be used to clean out temporary-file
 directories. It recursively searches the directory, refusing to chdir()
 across symlinks, and removes files that haven't been accessed in a
 user-specified amount of time. You can specify a set of files to protect
 from deletion with a shell pattern. It will not remove files owned by the
 process EUID that have the `w' bit clear, unless you ask it to, much like
 `rm -f'. `tmpreaper' will not remove symlinks, sockets, fifos, or special
 files unless given a command line option enabling it to.
 .
 WARNING: Please do not run `tmpreaper' on `/'. There are no protections
 against this written into the program, as that would prevent it from
 functioning the way you'd expect it to in a `chroot(8)' environment.
 .
 The daily tmpreaper run can be configured through /etc/tmpreaper.conf .