Your message dated Wed, 16 Apr 2008 03:21:56 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#476313: fixed has caused the Debian Bug report #476313, regarding RM: tss -- RoM: security problems, never part of release to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 476313: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476313 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: ftp.debian.org Due to security vulernabilities of this package and upstream not being able to correctly fix them. Please refer to the following chat log: 15:06 >jcristau< AnAnt: the code is broken 15:07 >nion< AnAnt: it does not tell you the password is invalid it does tell you I need to be SUID for VT locking.\n 15:07 <nion> because the effective user id is not 0 (root) if(geteuid() != 0){ 15:07 <AnAnt> nion: yes, I removed the geteuid() != 0 check 15:08 >nion< AnAnt: why do tell me this _now_? 15:08 <AnAnt> nion: if getpwuid does not need suid, then I don't need this geteuid check, do I ? 15:08 <nion> args 15:08 <jcristau> it tries to read /etc/shadow 15:08 <jcristau> to get your password 15:08 <nion> lol 15:09 <jcristau> seriously that my_getpwuid function is full of crap 15:09 <AnAnt> jcristau: what do you suggest ? 15:10 <nion> oh it uses getspnam() 15:10 <jcristau> nion: yeah 15:10 >jcristau< AnAnt: i suggest to stop distributing that in debian 15:11 <nion> ACK looking at the fact that the upstream also doesn't seem to know what he is doing i think it makes no sense to fix this cause we would have to check every new upload. sadly vulnerable people stay vulnerable this way -- أحمد المحمودي (Ahmed El-Mahmoudy) Digital design engineer GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net) GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C 156E D325 C3C8 9DCA 0B27
--- End Message ---
--- Begin Message ---We believe that the bug you reported is now fixed; the following package(s) have been removed from unstable: tss | 0.8.1-3 | source, alpha, amd64, arm, armel, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc Note that the package(s) have simply been removed from the tag database and may (or may not) still be in the pool; this is not a bug. The package(s) will be physically removed automatically when no suite references them (and in the case of source, when no binary references it). Please also remember that the changes have been done on the master archive (ftp-master.debian.org) and will not propagate to any mirrors (ftp.debian.org included) until the next cron.daily run at the earliest. Packages are never removed from testing by hand. Testing tracks unstable and will automatically remove packages which were removed from unstable when removing them from testing causes no dependency problems. Bugs which have been reported against this package are not automatically removed from the Bug Tracking System. Please check all open bugs and close them or re-assign them to another package if the removed package was superseded by another one. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED] This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED] Debian distribution maintenance software pp. Anthony Towns (the ftpmaster behind the curtain)
--- End Message ---
