publicfile-installer 0.11-1 source package in Ubuntu
Changelog
publicfile-installer (0.11-1) unstable; urgency=low
* New upstream. No longer ships install-publicfile, no longer uses /tmp.
This fixes a serious security issue: a local privilage escalation
security hole due to insecure use of /tmp. "This [...] package downloads
the source code for DJB's publicfile, builds it, and then puts the
output in a predictable location in a world-writable directory, using an
existing directory of that name if it already exists, then (either
automatically or by telling the admin to run another script) installs
whatever happens to be in that directory. This can be exploited by
malicious local users to get arbitrary installscripts executed as root."
Thanks Justin B Rye. Closes: #795062.
+ debian/templates: adjusted.
+ debian/control: Depends: add sudo.
* debian/changelog: fix spelling error.
-- Joost van Baal-Ilić <email address hidden> Sun, 06 Sep 2015 07:23:33 +0200
Upload details
- Uploaded by:
- Joost van Baal
- Uploaded to:
- Sid
- Original maintainer:
- Joost van Baal
- Architectures:
- all
- Section:
- misc
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Xenial | release | multiverse | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| publicfile-installer_0.11-1.dsc | 1.5 KiB | ec50bac4902c8730bd6b95d59e5e87d0b735968dd3eae54abf72f0ec8baf4c2f |
| publicfile-installer_0.11.orig.tar.gz | 18.4 KiB | b7b4897473006da7fbef6ace95f817e6073f85e26a331d236774fd11b80382bd |
| publicfile-installer_0.11-1.debian.tar.xz | 4.8 KiB | 7611358999414f05f58c1c7a52726f3ccf9ed488c0573c71d2360149982ee572 |
Available diffs
- diff from 0.10-1 to 0.11-1 (5.1 KiB)
No changes file available.
Binary packages built by this source
- publicfile-installer: installer package for the publicfile http and ftp server
Publicfile is a http and ftp server, written by Daniel J. Bernstein in
1999; it didn't change a lot after that. Modern features are not
supported. However, if you're looking for a small, simple and secure
webserver, which integrates with the runit and daemontools UNIX service
managers, publicfile will suit your needs.
.
This installer package downloads the publicfile .tar.gz file from
the upstream website, combines it with Debian packaging information
from the package maintainer's website; then builds a publicfile Debian
package, and installs that. When installing this installer package,
one is given the option to postpone downloading and installing
publicfile.
