Your message dated Sat, 27 Jun 2009 16:04:49 +0000
with message-id <[email protected]>
and subject line Bug#521123: fixed in screen 4.0.3-11+lenny1
has caused the Debian Bug report #521123,
regarding /tmp/screen-exchange still unsafe
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
521123: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: screen
Version: 4.0.3-3
Severity: low
Tags: security
User: [email protected]
Usertags: origin-ubuntu jaunty
Hi,
Based on the bug report[1] in Ubuntu, /tmp/screen-exchange is still being
created unsafely (lacks O_CREAT|O_EXCL, has a race, etc). Upstream has a
report open[2] as well.
-Kees
[1] https://bugs.launchpad.net/bugs/315993
[2] http://savannah.gnu.org/bugs/?25296
--
Kees Cook @debian.org
--- End Message ---
--- Begin Message ---
Source: screen
Source-Version: 4.0.3-11+lenny1
We believe that the bug you reported is fixed in the latest version of
screen, which is due to be installed in the Debian FTP archive:
screen_4.0.3-11+lenny1.diff.gz
to pool/main/s/screen/screen_4.0.3-11+lenny1.diff.gz
screen_4.0.3-11+lenny1.dsc
to pool/main/s/screen/screen_4.0.3-11+lenny1.dsc
screen_4.0.3-11+lenny1_i386.deb
to pool/main/s/screen/screen_4.0.3-11+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jan Christoph Nordholz <[email protected]> (supplier of updated
screen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 04 Apr 2009 02:10:09 +0200
Source: screen
Binary: screen
Architecture: source i386
Version: 4.0.3-11+lenny1
Distribution: stable
Urgency: high
Maintainer: Jan Christoph Nordholz <[email protected]>
Changed-By: Jan Christoph Nordholz <[email protected]>
Description:
screen - terminal multiplexor with VT100/ANSI terminal emulation
Closes: 521123
Changes:
screen (4.0.3-11+lenny1) stable; urgency=high
.
* Security upload.
* Change the fix for #433338 so symlink attacks against the
public exchange file are prevented again. Closes: #521123.
Tracked as CVE-2009-1214 and CVE-2009-1215.
Checksums-Sha1:
403a959e861176317267d262c8ba28ce2d03e0d6 1079 screen_4.0.3-11+lenny1.dsc
beb7ca2d72247fdb7bbf0f6047648bcf49d48309 130043 screen_4.0.3-11+lenny1.diff.gz
c521a8ab10f98f9599654b2c000b5dd77696c53e 604366 screen_4.0.3-11+lenny1_i386.deb
Checksums-Sha256:
5f39654dbb2759e9da97a25f58d37c212dbfaba44ef967b4c8aea46a505bbd17 1079
screen_4.0.3-11+lenny1.dsc
19130d097e9ed897c84a2c640634dd36ee3233c17b0bf5d18549ed1e064b3073 130043
screen_4.0.3-11+lenny1.diff.gz
cf40a1a96e2cc20b2fd7ee67f9d800606f3065642b2dee83027767bd788f5fbc 604366
screen_4.0.3-11+lenny1_i386.deb
Files:
42797bf22534be17ea4b9ce8f76a88d5 1079 misc optional screen_4.0.3-11+lenny1.dsc
9bacd9be1d9c57e2e0381df2775b33e0 130043 misc optional
screen_4.0.3-11+lenny1.diff.gz
6e6fc39407ee8a7971b42b52756afafd 604366 misc optional
screen_4.0.3-11+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknUpYoACgkQHYflSXNkfP/z7ACfdBoD/3E7Gpo6zXIPGSCYCXML
S1cAnAnJc279N2j5j9eSI+PucECGgaix
=FDzc
-----END PGP SIGNATURE-----
--- End Message ---
