Your message dated Thu, 04 Jan 2007 09:23:02 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Mail delivery failed: returning message to sender
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: eog
Version: 2.16.2-1
Severity: grave
Tags: security
Justification: user security hole
This is a user security hole only on systems where the package is
built. Sorry if this doesn't qualify it for the grave severity.
The build process of eog sets the perms of the entire eog-$VERSION
subdirectory and all its subdirectories to 777 before compilation.
This allows a local attacker to do any nastiness to the source files
or scripts that subsequently get packaged in a .deb. The attacker can
also choose to run any code as the user building the package.
Sami
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-amd64
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages eog depends on:
ii gconf2 2.16.0-3 GNOME configuration database syste
ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi
ii libc6 2.3.6.ds1-9 GNU C Library: Shared libraries
ii libexif12 0.6.13-5 library to parse EXIF files
ii libgconf2-4 2.16.0-3 GNOME configuration database syste
ii libglade2-0 1:2.6.0-4 library to load .glade files at ru
ii libglib2.0-0 2.12.6-2 The GLib library of C routines
ii libgnome-desktop-2 2.14.3-1 Utility library for loading .deskt
ii libgnome2-0 2.16.0-2 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.14.0-2 A powerful object-oriented display
ii libgnomeprint2.2-0 2.12.1-7 The GNOME 2.2 print architecture -
ii libgnomeprintui2.2-0 2.12.1-4 GNOME 2.2 print architecture User
ii libgnomeui-0 2.14.1-2+b1 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 2.14.2-4 GNOME virtual file-system (runtime
ii libgtk2.0-0 2.8.20-3 The GTK+ graphical user interface
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii liblcms1 1.15-1 Color management library
ii libpango1.0-0 1.14.8-4 Layout and rendering of internatio
ii libx11-6 2:1.0.3-4 X11 client-side library
Versions of packages eog recommends:
ii librsvg2-common 2.14.4-2 SAX-based renderer library for SVG
-- no debconf information
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Le jeudi 04 janvier 2007 à 09:17 +0100, Mail Delivery System a écrit :
> This message was created automatically by mail delivery software.
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
> [EMAIL PROTECTED]
> SMTP error from remote mailer after RCPT TO:<[EMAIL PROTECTED]>:
> host smtp.hut.fi [130.233.228.92]: 550 5.7.1 <[EMAIL PROTECTED]>...
> blackholed by RBL. See
> <URL:http://mail-abuse.org/cgi-bin/lookup?82.241.136.161>
Wrong bug report, and user can't be contacted because of a stupid DNSBL.
Closing.
--
.''`.
: :' : We are debian.org. Lower your prices, surrender your code.
`. `' We will add your hardware and software distinctiveness to
`- our own. Resistance is futile.
--- End Message ---
