[Pkg-mysql-commits] r2252 - mysql-5.5/branches/unstable/debian

James Downing Page jamespage at moszumanska.debian.org
Fri Jan 17 17:20:34 UTC 2014


tags 711600 pending
thanks

Author: jamespage
Date: 2014-01-17 17:20:34 +0000 (Fri, 17 Jan 2014)
New Revision: 2252

Modified:
   mysql-5.5/branches/unstable/debian/changelog
   mysql-5.5/branches/unstable/debian/mysql-server-5.5.postinst
Log:
SECURITY UPDATE:
- CVE-2013-2162: Insecure creation of the credential file debian.cnf.
Set umask to 066 before creating debian.cnf file. (Closes: #711600)
(LP: #1185573)

Modified: mysql-5.5/branches/unstable/debian/changelog
===================================================================
--- mysql-5.5/branches/unstable/debian/changelog	2014-01-17 17:17:17 UTC (rev 2251)
+++ mysql-5.5/branches/unstable/debian/changelog	2014-01-17 17:20:34 UTC (rev 2252)
@@ -29,6 +29,10 @@
   * Sync changes from NMU 5.5.33+dfsg-0+wheezy1:
     - d/NEWS: Add NEWS file to document changes needed to existing databases
       to drop insecure database permissions.
+    SECURITY UPDATE:
+     - CVE-2013-2162: Insecure creation of the credential file debian.cnf.
+       Set umask to 066 before creating debian.cnf file. (Closes: #711600)
+       (LP: #1185573)
 
  -- Clint Byrum <spamaps at debian.org>  Thu, 26 Sep 2013 18:51:57 -0700
 

Modified: mysql-5.5/branches/unstable/debian/mysql-server-5.5.postinst
===================================================================
--- mysql-5.5/branches/unstable/debian/mysql-server-5.5.postinst	2014-01-17 17:17:17 UTC (rev 2251)
+++ mysql-5.5/branches/unstable/debian/mysql-server-5.5.postinst	2014-01-17 17:20:34 UTC (rev 2252)
@@ -173,7 +173,9 @@
     else
 	pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
         if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
+	umask 066
         cat /dev/null > $dc
+	umask 022
         echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
         echo "[client]"                                                    >>$dc
         echo "host     = localhost"                                        >>$dc




More information about the Pkg-mysql-commits mailing list