Your message dated Sun, 21 Dec 2008 16:02:10 +0000
with message-id <[email protected]>
and subject line Bug#509336: fixed in pvpgn 1.8.1-2
has caused the Debian Bug report #509336,
regarding CVE-2008-5370: insecure temp file handling
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
509336: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509336
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pvpgn
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pvpgn.
CVE-2008-5370[0]:
| pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite
| arbitrary files via a symlink attack on the
| /tmp/pvpgn-support-1.0.tar.gz temporary file.
The problem appears to be in line 104 in pvpgn-support-installer.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5370
http://security-tracker.debian.net/tracker/CVE-2008-5370
--- End Message ---
--- Begin Message ---
Source: pvpgn
Source-Version: 1.8.1-2
We believe that the bug you reported is fixed in the latest version of
pvpgn, which is due to be installed in the Debian FTP archive:
pvpgn_1.8.1-2.diff.gz
to pool/contrib/p/pvpgn/pvpgn_1.8.1-2.diff.gz
pvpgn_1.8.1-2.dsc
to pool/contrib/p/pvpgn/pvpgn_1.8.1-2.dsc
pvpgn_1.8.1-2_i386.deb
to pool/contrib/p/pvpgn/pvpgn_1.8.1-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Radu Spineanu <[email protected]> (supplier of updated pvpgn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 21 Dec 2008 17:42:01 +0200
Source: pvpgn
Binary: pvpgn
Architecture: source i386
Version: 1.8.1-2
Distribution: unstable
Urgency: low
Maintainer: Radu Spineanu <[email protected]>
Changed-By: Radu Spineanu <[email protected]>
Description:
pvpgn - Gaming server that emulates Battle.net(R)
Closes: 509336
Changes:
pvpgn (1.8.1-2) unstable; urgency=low
.
* Move the downloaded archive to /var/lib/pvpgn instead of /tmp.(doh)
- CVE-2008-5370 (closes: #509336)
* Added LSB data to the init.d script.
Checksums-Sha1:
eb5a7131086188734c4bf07c5d5e798ad02b9449 1043 pvpgn_1.8.1-2.dsc
95e78245050ebab4477a1d247749b76295e60d39 7100 pvpgn_1.8.1-2.diff.gz
33741a7dafc6ed483a84e6f31402f3fd67290f8a 753708 pvpgn_1.8.1-2_i386.deb
Checksums-Sha256:
cf43e35e041e2cd2ed1d9cf84469c322c25ab3020246ae9d906e48b10e2f02dd 1043
pvpgn_1.8.1-2.dsc
1218588b4027f9816d88d8ea4212d6f971d28e8c6b4be7e6bf007e99403109e1 7100
pvpgn_1.8.1-2.diff.gz
b67c59c6c083f03e38f1c329b6571d9f6e24502e17d56a7e4c9e1312c3526495 753708
pvpgn_1.8.1-2_i386.deb
Files:
ee14bdf45af3c816f356ab0abccad9c7 1043 contrib/net optional pvpgn_1.8.1-2.dsc
0a8c19a13f03fda554d4def599cddec0 7100 contrib/net optional
pvpgn_1.8.1-2.diff.gz
fd09a8dcd73c99b40d6342d49c136262 753708 contrib/net optional
pvpgn_1.8.1-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklOZdQACgkQJkMZOMmr+9NtBQCfaIPiRO6xRcPsbHy3WGHNLUmb
jE4Anixu/QJ1WtqE2EgKEFsZGkePierJ
=TPrm
-----END PGP SIGNATURE-----
--- End Message ---
