Your message dated Mon, 18 Jul 2005 18:36:25 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#314464: fixed in mysql-ocaml 1.0.3-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 29 May 2005 20:15:49 +0000
>From [EMAIL PROTECTED] Sun May 29 13:15:49 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DcUCL-0007p8-00; Sun, 29 May 2005 13:15:49 -0700
Received: from p54893b55.dip.t-dialin.net ([84.137.59.85]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DcU9g-0002yV-R7
for [EMAIL PROTECTED]; Sun, 29 May 2005 22:13:07 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DcUBY-0002zh-2N; Sun, 29 May 2005 22:15:00 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: shtool: Insecure tempfile generation
X-Mailer: reportbug 3.12
Date: Sun, 29 May 2005 22:14:55 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.59.85
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: shtool
Severity: important
Tags: security
shtool creates temporary files in an insecure manner, which can be
exploited through symlink attacks. Please see these URLs for details:
http://www.zataz.net/adviso/shtool-05252005.txt
http://bugs.gentoo.org/show_bug.cgi?id=93782
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 314464-close) by bugs.debian.org; 18 Jul 2005 22:38:13 +0000
>From [EMAIL PROTECTED] Mon Jul 18 15:38:13 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DueFZ-00028e-00; Mon, 18 Jul 2005 15:38:13 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DueDp-0006j9-00; Mon, 18 Jul 2005 18:36:25 -0400
From: Samuel Mimram <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#314464: fixed in mysql-ocaml 1.0.3-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 18 Jul 2005 18:36:25 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: mysql-ocaml
Source-Version: 1.0.3-6
We believe that the bug you reported is fixed in the latest version of
mysql-ocaml, which is due to be installed in the Debian FTP archive:
libmysql-ocaml-dev_1.0.3-6_i386.deb
to pool/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.3-6_i386.deb
libmysql-ocaml_1.0.3-6_i386.deb
to pool/main/m/mysql-ocaml/libmysql-ocaml_1.0.3-6_i386.deb
mysql-ocaml_1.0.3-6.diff.gz
to pool/main/m/mysql-ocaml/mysql-ocaml_1.0.3-6.diff.gz
mysql-ocaml_1.0.3-6.dsc
to pool/main/m/mysql-ocaml/mysql-ocaml_1.0.3-6.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Samuel Mimram <[EMAIL PROTECTED]> (supplier of updated mysql-ocaml package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 18 Jul 2005 23:27:28 +0200
Source: mysql-ocaml
Binary: libmysql-ocaml-dev libmysql-ocaml
Architecture: source i386
Version: 1.0.3-6
Distribution: unstable
Urgency: low
Maintainer: Samuel Mimram <[EMAIL PROTECTED]>
Changed-By: Samuel Mimram <[EMAIL PROTECTED]>
Description:
libmysql-ocaml - OCaml bindings for MySql
libmysql-ocaml-dev - OCaml bindings for MySql
Closes: 314464
Changes:
mysql-ocaml (1.0.3-6) unstable; urgency=low
.
* Patched shtool's vulnerability CAN-2005-1751, closes: #314464.
* Using dpatch to handle patches.
* Updated standards version to 3.6.2.
Files:
eabb2a019c1574ffc616cecbcb8060ce 664 devel optional mysql-ocaml_1.0.3-6.dsc
5200015e2978e77c7da63dfca8b93a57 3059 devel optional
mysql-ocaml_1.0.3-6.diff.gz
d8d9b40bf1034080403bbd8ea2680407 9630 libs optional
libmysql-ocaml_1.0.3-6_i386.deb
c3ef66e91c804ed33af18d71fcf7ef2c 51940 libdevel optional
libmysql-ocaml-dev_1.0.3-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC3CqpIae1O4AJae8RAj1xAJ4tJCd92jHBv5nPMEbNaW8qiFo5YACfbwZY
xmL2DQsIWaaKYi6cgf2Z9fw=
=DRc7
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
