From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <legion@altlinux.ru>
Date: Sat, 28 May 2022 17:49:43 +0200
From: Alexey Gladkov <legion@altlinux.ru>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Message-ID: <20220528154943.qdtciv6iwdrg3mmt@example.org>
References: <girar.task.300834.1.1@gyle.mskdc.altlinux.org>
 <girar.task.300834.2.1@gyle.mskdc.altlinux.org>
 <20220528153359.GB28763@altlinux.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20220528153359.GB28763@altlinux.org>
Subject: Re: [devel] [#300834] DONE (try 2) logrotate.git=3.20.1-alt1
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sat, 28 May 2022 15:49:44 -0000
Archived-At: <http://lore.altlinux.org/devel/20220528154943.qdtciv6iwdrg3mmt@example.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>

On Sat, May 28, 2022 at 06:34:00PM +0300, Dmitry V. Levin wrote:
> On Sat, May 28, 2022 at 03:16:52PM +0000, Girar pender (legion) wrote:
> > https://git.altlinux.org/tasks/archive/done/_293/300834/logs/events.2.1.log
> > 
> > 2022-May-28 15:12:50 :: task #300834 for sisyphus resumed by legion:
> > #100 build 3.20.1-alt1 from /people/legion/packages/logrotate.git fetched at 2022-May-28 15:05:28
> [...]
> > #100 logrotate 3.16.0-alt1.git35_6e8dfb8 -> 3.20.1-alt1
> >  Sat May 28 2022 Alexey Gladkov <legion@altlinux.ru> 3.20.1-alt1
> >  - New version (3.20.1).
> >  - Security fixes:
> >    - CVE-2022-1348: potential DoS from unprivileged users via the state file.
> > 2022-May-28 15:13:29 :: logrotate: mentions vulnerabilities: CVE-2022-1348
> 
> Прикольно, что в нашем пакете эта уязвимость была устранена ещё в 2000 году:
> 
> * Tue Sep 19 2000 Dmitry V. Levin <ldv@> 3.3-ipl10mdk
> - Moved %_localstatedir/logrotate.status --> %_localstatedir/logrotate/status
>   (and fixed perms).

Ну это был скорее объезд. Если использовать c другим state файлом, то
проблема оставалась.

-- 
Rgrds, legion