[Bug 1171882] New: mgetty: probably long dead directory /var/spool/fax/outgoing/locks in permissions profiles
http://bugzilla.suse.com/show_bug.cgi?id=1171882 Bug ID: 1171882 Summary: mgetty: probably long dead directory /var/spool/fax/outgoing/locks in permissions profiles Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: sbrabec@suse.com Reporter: matthias.gerstner@suse.com QA Contact: qa-bugs@suse.de CC: dmueller@suse.com, security-team@suse.de Found By: --- Blocker: --- The security team is currently sanity checking the profiles in the Base:System/permissions package. In this context we've come across the following entries related to the mgetty package: permissions.paranoid: /var/spool/fax/outgoing/locks fax:trusted 0755 permissions.easy: /var/spool/fax/outgoing/locks fax:root 0755 permissions.secure: /var/spool/fax/outgoing/locks fax:root 0755 This directory doesn't seem to be part of mgetty (sendfax) for a long time any more. Upstream commit bac8e5efeeb19ef5bef44ff1d76b73816218936b seems to have removed this in the year 2002 (upstream git repository is at git://github.greenie.net/mgetty/). If you can confirm this I'd like to remove the entries listed above from all permissions profiles. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1171882 https://bugzilla.suse.com/show_bug.cgi?id=1171882#c1 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1172227 Status|NEW |IN_PROGRESS --- Comment #1 from Matthias Gerstner <matthias.gerstner@suse.com> --- Since nobody protested for a long time I'm going to remove these entries. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1171882 https://bugzilla.suse.com/show_bug.cgi?id=1171882#c2 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #2 from Matthias Gerstner <matthias.gerstner@suse.com> --- Removal of entries is through. Closing as FIXED. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1171882 https://bugzilla.suse.com/show_bug.cgi?id=1171882#c4 --- Comment #4 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2021:1520-1: An update that solves three vulnerabilities and has 27 fixes is now available. Category: security (moderate) Bug References: 1028975,1029961,1093414,1133678,1148788,1150345,1150366,1151190,1157498,1160285,1160764,1161335,1161779,1163588,1167163,1169614,1171164,1171173,1171569,1171580,1171686,1171879,1171882,1173221,1174504,1175720,1175867,1178475,1178476,1183669 CVE References: CVE-2019-3687,CVE-2019-3688,CVE-2020-8013 JIRA References: Sources used: openSUSE Leap 15.3 (src): permissions-20200127-lp153.24.3.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com