Ubuntu
syslog-ng package

Please sync syslog-ng 2.0.9-4.1 (universe) from Debian unstable (main).

Bug #254055 reported by Daniel Hahler
8
Affects Status Importance Assigned to Milestone
syslog-ng (Debian)
Fix Released
Unknown
syslog-ng (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/syslog-ng
 status confirmed
 importance wishlist
 subscribe ubuntu-archive

Please sync syslog-ng 2.0.9-4 (universe) from Debian unstable (main).

Explanation of the Ubuntu delta and why it can be dropped:

The Ubuntu changes have been adopted by Debian. Thanks!

Changelog since current intrepid version 2.0.9-3ubuntu1:

syslog-ng (2.0.9-4) unstable; urgency=low

  * Fixed init script to check /usr/sbin/syslog-ng instead of /sbin/syslog-ng. (Closes: #492363)
  * Added /dev/xconsole creation into restart and reload too. (Closes: #492585)
  * Added missing last paragraph to the README. (Closes: #477224)
  * Fixed documentation build problem. (Closes: #477223)

 -- SZALAY Attila <email address hidden> Sun, 27 Jul 2008 23:19:03 +0200

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQFIk2VxfAK/hT/mPgARArDmAJ9IQ105LYqw5HE9dprTWRqi3rCqdACeJU9h
trx0AHNmhyCCsX6fVeDuTQo=
=QuYK
-----END PGP SIGNATURE-----

CVE References

Revision history for this message
Albin Tonnerre (lutin) wrote :

The path to the DTD in the debian package is wrong. Marking as invalid for sync as a result, we'll sync it when it's really fixed in debian

Changed in syslog-ng:
status: Confirmed → Invalid
Albin Tonnerre (lutin)
Changed in syslog-ng:
status: Invalid → Incomplete
Bug Watch Updater (bug-watch-updater)
Changed in syslog-ng:
status: Unknown → New
Revision history for this message
Thierry Carrez (ttx) wrote :

We probably want to sync with 2.0.9-4.1 which fixes the DTD path, together with two other issues:

syslog-ng (2.0.9-4.1) unstable; urgency=high

  * Non-maintainer upload; high priority due to the following security fix.
  * Add chdir() before chroot(), and exit if either fails. (Closes: #505791)
  * Fix typo in postrm. (Closes: #505797)
  * Fix path to DocBook XML DTD. (Closes: #477223)

Revision history for this message
Thierry Carrez (ttx) wrote :

Please sync syslog-ng 2.0.9-4.1 (universe) from Debian unstable (main).

All of the Ubuntu delta was merged in Debian so it can be dropped:
* doc/reference/syslog-ng.xml: Fix reference to docbookx.dtd
* debian/control: Build-Depend on docbook-xml
* doc/reference/README.syslog-ng-anon: Add missing last sample and link to sample config file
* debian/syslog-ng.init: Fix syslog-ng new path
In particular 2.0.9-4.1 fixes the DTD path that was incorrectly merged in 2.0.9-4.

Changelog since current jaunty version 2.0.9-3ubuntu1:

syslog-ng (2.0.9-4.1) unstable; urgency=high

  * Non-maintainer upload; high priority due to the following security fix.
  * Add chdir() before chroot(), and exit if either fails. (Closes: #505791)
  * Fix typo in postrm. (Closes: #505797)
  * Fix path to DocBook XML DTD. (Closes: #477223)

 -- Ben Hutchings <email address hidden> Sun, 23 Nov 2008 20:26:06 +0000

syslog-ng (2.0.9-4) unstable; urgency=low

  * Fixed init script to check /usr/sbin/syslog-ng instead of /sbin/syslog-ng. (Closes: #492363)
  * Added /dev/xconsole creation into restart and reload too. (Closes: #492585)
  * Added missing last paragraph to the README. (Closes: #477224)
  * Fixed documentation build problem. (Closes: #477223)

 -- SZALAY Attila <email address hidden> Sun, 27 Jul 2008 23:19:03 +0200

Changed in syslog-ng:
status: Incomplete → New
status: New → Confirmed
Revision history for this message
James Westby (james-w) wrote :

ACK from me.

Thanks,

James

Revision history for this message
Steve Kowalik (stevenk) wrote :

[Updating] syslog-ng (2.0.9-3ubuntu1 [Ubuntu] < 2.0.9-4.1 [Debian])
 * Trying to add syslog-ng...
  - <syslog-ng_2.0.9-4.1.diff.gz: downloading from http://ftp.debian.org/debian/>
  - <syslog-ng_2.0.9-4.1.dsc: downloading from http://ftp.debian.org/debian/>
  - <syslog-ng_2.0.9.orig.tar.gz: already in distro - downloading from librarian>
I: syslog-ng [universe] -> syslog-ng_2.0.9-3ubuntu1 [universe].

Changed in syslog-ng:
status: Confirmed → Fix Released
Revision history for this message
Thierry Carrez (ttx) wrote :

The "Add chdir() before chroot(), and exit if either fails" fix in Debian 2.0.9-4.1 is CVE-2008-5110

Bug Watch Updater (bug-watch-updater)
Changed in syslog-ng:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.