tmpreaper 1.6.13+nmu1+deb9u1build0.18.04.1 source package in Ubuntu


tmpreaper (1.6.13+nmu1+deb9u1build0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Sync from Debian
    - fixes CVE-2019-3461.

tmpreaper (1.6.13+nmu1+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * There was a race condition when tmpreaper was testing for a (bind) mount,
    which was done via rename() which could potentially lead to a file being
    placed elsewhere on the filesystem hierarchy (e.g. /etc/cron.d/) if the
    directory being cleaned up was on the same physical filesystem.
    This has been fixed by using an alternative way of looking for bind mounts
    using code from mountpoint (from the util-linux package).

 -- Eduardo Barretto <email address hidden>  Wed, 24 Jul 2019 14:53:53 -0300

Upload details

Uploaded by:
Eduardo dos Santos Barretto on 2019-07-29
Uploaded to:
Original maintainer:
Paul Slootman
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates on 2019-07-29 universe admin
Bionic security on 2019-07-29 universe admin


File Size SHA-256 Checksum
tmpreaper_1.6.13+nmu1+deb9u1build0.18.04.1.tar.gz 155.4 KiB 62284661c4b7b2532b3e2330fd791bf4c702585b2c55644f6b432c186f410220
tmpreaper_1.6.13+nmu1+deb9u1build0.18.04.1.dsc 1.5 KiB 7ac7d857748f91e89232a698ae2df7d68e358105a0a26c0dc73ab2d050721f90

View changes file

Binary packages built by this source

tmpreaper: cleans up files in directories based on their age

 This package provides a program that can be used to clean out temporary-file
 directories. It recursively searches the directory, refusing to chdir()
 across symlinks, and removes files that haven't been accessed in a
 user-specified amount of time. You can specify a set of files to protect
 from deletion with a shell pattern. It will not remove files owned by the
 process EUID that have the `w' bit clear, unless you ask it to, much like
 `rm -f'. `tmpreaper' will not remove symlinks, sockets, fifos, or special
 files unless given a command line option enabling it to.
 WARNING: Please do not run `tmpreaper' on `/'. There are no protections
 against this written into the program, as that would prevent it from
 functioning the way you'd expect it to in a `chroot(8)' environment.
 The daily tmpreaper run can be configured through /etc/tmpreaper.conf .

tmpreaper-dbgsym: debug symbols for tmpreaper