Bug#509487: marked as done (CVE-2008-5368: insecure temp file handling)

[Debian Bug Tracking System]

Your message dated Thu, 25 Dec 2008 22:17:04 +0000
with message-id <e1lfyvs-0004bv...@ries.debian.org>
and subject line Bug#509487: fixed in muttprint 0.72d-10
has caused the Debian Bug report #509487,
regarding CVE-2008-5368: insecure temp file handling
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
509487: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509487
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: muttprint
Severity: normal
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for muttprint.

CVE-2008-5368[0]:
| muttprint in muttprint 0.72d allows local users to overwrite arbitrary
| files via a symlink attack on the /tmp/muttprint.log temporary file.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5368
    http://security-tracker.debian.net/tracker/CVE-2008-5368

--- End Message ---

--- Begin Message ---

Source: muttprint
Source-Version: 0.72d-10

We believe that the bug you reported is fixed in the latest version of
muttprint, which is due to be installed in the Debian FTP archive:

muttprint-manual_0.72d-10_all.deb
  to pool/main/m/muttprint/muttprint-manual_0.72d-10_all.deb
muttprint_0.72d-10.diff.gz
  to pool/main/m/muttprint/muttprint_0.72d-10.diff.gz
muttprint_0.72d-10.dsc
  to pool/main/m/muttprint/muttprint_0.72d-10.dsc
muttprint_0.72d-10_all.deb
  to pool/main/m/muttprint/muttprint_0.72d-10_all.deb
ospics_0.72d-10_all.deb
  to pool/main/m/muttprint/ospics_0.72d-10_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 509...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rene Engelhard <r...@debian.org> (supplier of updated muttprint package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 25 Dec 2008 22:32:04 +0100
Source: muttprint
Binary: muttprint muttprint-manual ospics
Architecture: source all
Version: 0.72d-10
Distribution: unstable
Urgency: high
Maintainer: Rene Engelhard <r...@debian.org>
Changed-By: Rene Engelhard <r...@debian.org>
Description: 
 muttprint  - Pretty printing of mails
 muttprint-manual - Manual for muttprint
 ospics     - Some images of operating system logos/mascots
Closes: 509487
Changes: 
 muttprint (0.72d-10) unstable; urgency=high
 .
   * backport fix for 15_CVE 15_2008-5368 from upstrem (closes: #509487)
   * fix up lintian warnings
Checksums-Sha1: 
 fdbef747187f434292430a94f8e8262df6694fa3 1046 muttprint_0.72d-10.dsc
 e3ce615402c9f7468a34eee197ae0dd8474a3b46 219094 muttprint_0.72d-10.diff.gz
 061652218156166f95fb79f9990065cf084916f4 97326 muttprint_0.72d-10_all.deb
 b6756ed01ad1ec8dd8c395105955a078b1723077 836452 
muttprint-manual_0.72d-10_all.deb
 03bd2ee5151732de9dd72bf4c320616765b946b5 238208 ospics_0.72d-10_all.deb
Checksums-Sha256: 
 0913954b97a929a52a2c018362448ae9d285eee01c8e4c78705c656aac625069 1046 
muttprint_0.72d-10.dsc
 c948929fb830a6e094844940e467adee7a3d46f733199090fe26e8739163bb1b 219094 
muttprint_0.72d-10.diff.gz
 71b93061b171fe1ec119315890a8aa56e0a329c122868513137c35cc8bd664c8 97326 
muttprint_0.72d-10_all.deb
 cb19aca732177bd0bb904e9f43394a44551b613c3b260280884448f01a165c0e 836452 
muttprint-manual_0.72d-10_all.deb
 6bf3a661e9850d188fb982fc8e40d912d6da4dcf2ba5482e24779816099b899d 238208 
ospics_0.72d-10_all.deb
Files: 
 5db3d4612964f5b3e2be001ed6c6333c 1046 mail optional muttprint_0.72d-10.dsc
 890ebb4443bbe167b139df5192b683d4 219094 mail optional 
muttprint_0.72d-10.diff.gz
 0c74b9813270769bb83ac17be4141772 97326 mail optional muttprint_0.72d-10_all.deb
 ddd9adec663c62e627eca970f6a8363f 836452 doc optional 
muttprint-manual_0.72d-10_all.deb
 f02ca4dd1a5e139a5dcd456ed457edcb 238208 graphics optional 
ospics_0.72d-10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJU/5++FmQsCSK63MRAjLPAJ0bW6qZE66rtbRWC1LU5sUI6+2lHwCfYmKN
817CIVj+jGg/N26YkIF2pFQ=
=yABt
-----END PGP SIGNATURE-----

--- End Message ---