Bug#1011651: RFS: logrotate/3.18.0-2+deb11u1 -- Log rotation utility

[Christian Göttsche <cgzones@googlemail.com>]

Package: sponsorship-requests
Severity: important
X-Debbugs-CC: team@security.debian.org


Dear mentors,

I am looking for a sponsor for my package "logrotate":

 * Package name    : logrotate
   Version         : 3.18.0-2+deb11u1
   Upstream Author : https://github.com/logrotate/logrotate/issues
 * URL             : https://github.com/logrotate/logrotate
 * License         : GPL-2, GPL-3+, BSD-3-Clause
 * Vcs             : https://salsa.debian.org/debian/logrotate
   Section         : admin

The source builds the following binary packages:

  logrotate - Log rotation utility

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/logrotate/

Alternatively, you can download the package with 'dget' using this command:

  dget -x https://mentors.debian.net/debian/pool/main/l/logrotate/logrotate_3.18.0-2+deb11u1.dsc

Changes since the last upload:

 logrotate (3.18.0-2+deb11u1) stable; urgency=medium
 .
   * d/patches: cherry-pick upstream fixes:
     - skip locking if state file is world-readable (CVE-2022-1348)
 .
     - more strict configuration parsing to avoid parsing
       parts of foreign files, e.g. core dumps, (see #1002022)
 .
     - do not use incorrect stat information when verifying an olddir
       configuration after creating the olddir
 .
     - advance pointer in full_write on incomplete write to avoid data
       corruption

See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004580
and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011644

Regards,
       Christian Göttsche