Your message dated Thu, 24 Sep 2009 01:17:04 +0000
with message-id <[email protected]>
and subject line Bug#545237: fixed in mathematica-fonts 10
has caused the Debian Bug report #545237,
regarding improve checksum-test/security
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
545237: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545237
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mathematica-fonts
Version: 9
Severity: important
Hi.
I'm currently looking at some Debian packages which are downloading
(and afterwards installing) stuff from the internet.
It seems that you verify the downloaded file via MD5... may I suggest
the following in addition:
1) Don't use MD5 but something better (SHA512)... MD5 is insecure,..
(that's why I've set the priority important (to make sore to get your
attention ;) )
2) Give a more instructive warning in case of checksum mismatches,...
perhaps inform the user, that this might be a (prevented) security
incident.
3) Make the package installation fail if there was a checksum
mismatch, and delete all potentially corrupted files.
Thanks and best wishes,
Chris.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages mathematica-fonts depends on:
ii debconf [debconf-2.0] 1.5.27 Debian configuration
management sy
ii defoma 0.11.10-1 Debian Font Manager --
automatic f
ii unzip 6.0-1 De-archiver for .zip files
mathematica-fonts recommends no packages.
mathematica-fonts suggests no packages.
-- debconf information:
* mathematica-fonts/accept_license: true
* mathematica-fonts/http_proxy:
* mathematica-fonts/license:
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--- End Message ---
--- Begin Message ---
Source: mathematica-fonts
Source-Version: 10
We believe that the bug you reported is fixed in the latest version of
mathematica-fonts, which is due to be installed in the Debian FTP archive:
mathematica-fonts_10.dsc
to pool/contrib/m/mathematica-fonts/mathematica-fonts_10.dsc
mathematica-fonts_10.tar.gz
to pool/contrib/m/mathematica-fonts/mathematica-fonts_10.tar.gz
mathematica-fonts_10_all.deb
to pool/contrib/m/mathematica-fonts/mathematica-fonts_10_all.deb
ttf-mathematica4.1_10_all.deb
to pool/contrib/m/mathematica-fonts/ttf-mathematica4.1_10_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Atsuhito KOHDA <[email protected]> (supplier of updated mathematica-fonts
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 24 Sep 2009 09:57:07 +0900
Source: mathematica-fonts
Binary: mathematica-fonts ttf-mathematica4.1
Architecture: source all
Version: 10
Distribution: unstable
Urgency: low
Maintainer: Atsuhito KOHDA <[email protected]>
Changed-By: Atsuhito KOHDA <[email protected]>
Description:
mathematica-fonts - Installer of Mathematica fonts
ttf-mathematica4.1 - transitional dummy package
Closes: 537426 542181 545237 548022
Changes:
mathematica-fonts (10) unstable; urgency=low
.
* Improved checksum-test, now used sha512sum instead of md5sum.
(Closes: #545237)
* Refined postinst, prerm and Description to erase lintian's warnings.
* Changed Section from contrib/x11 to contrib/fonts.
* Updated debconf translations:
- French translation. Thanks Martin Bahier and Christian Perrier.
(Closes: #542181)
- Galician translation. Thanks Marce Villarino.
(Closes: #537426)
- Vietnamese translation. Thanks Clytie Siddall.
(Closes: #548022)
Checksums-Sha1:
44c6346aedcada13cfb175c885f4d7ffec15fb0f 771 mathematica-fonts_10.dsc
164c531091849f93e878f472a28abd3166462b3c 35757 mathematica-fonts_10.tar.gz
f594e6a2fe9392f37dd53304f051e7bb0ca77007 26302 mathematica-fonts_10_all.deb
6e3f79941495218426e37584d6ae7844dc6a61a5 2648 ttf-mathematica4.1_10_all.deb
Checksums-Sha256:
e1a0bc827c6da8a9acf00ff96c95d7c38fdb340b2f168528f7362582861d67b5 771
mathematica-fonts_10.dsc
cd953a535ab664d1ebe137a3c18a75cf8bb2b586af8cf78f44a64471ff72b781 35757
mathematica-fonts_10.tar.gz
067f3957c2c61d5de6cf310eeaec168a882fd57f3fe0d74ad888688fab3ae6f4 26302
mathematica-fonts_10_all.deb
a0fff2840f0f53832900d9f86a639f449679973dc0d0c2fd10b4212d6e84fdbb 2648
ttf-mathematica4.1_10_all.deb
Files:
80255c22f19196c00734fbacfd394e88 771 contrib/fonts extra
mathematica-fonts_10.dsc
a55355903fde4bf20d2bba2ab80bdba1 35757 contrib/fonts extra
mathematica-fonts_10.tar.gz
4f189afbabf38c94bd2b662b8eb5be9e 26302 contrib/fonts extra
mathematica-fonts_10_all.deb
de34b389271dffb8550af8dc9f817c19 2648 contrib/fonts extra
ttf-mathematica4.1_10_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkq6xnMACgkQ1IXdL1v6kOxcwgCfclaThGwepML7G7tv6ObsjT3T
Ae0An0vgMEkkaJwURNdC4rFAHsw3S/9Z
=X7ez
-----END PGP SIGNATURE-----
--- End Message ---
