Your message dated Wed, 31 Aug 2005 17:02:05 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#325106: fixed in cvs 1:1.12.9-15
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Aug 2005 07:18:31 +0000
>From [EMAIL PROTECTED] Fri Aug 26 00:18:31 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 148.red-213-96-98.pooles.rima-tde.net (javifsp.no-ip.org)
[213.96.98.148] (Debian-exim)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E8YTu-0004oI-00; Fri, 26 Aug 2005 00:18:30 -0700
Received: from jfs by javifsp.no-ip.org with local (Exim 4.52)
id 1E8YTs-0001cM-8E
for [EMAIL PROTECTED]; Fri, 26 Aug 2005 09:18:28 +0200
Date: Fri, 26 Aug 2005 09:18:28 +0200
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: cvs: cvsbug temporary file bug CAN-2005-2693
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="xgyAXRrhYN0wYx8y"
Content-Disposition: inline
User-Agent: Mutt/1.5.10i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
--xgyAXRrhYN0wYx8y
Content-Type: multipart/mixed; boundary="7AUc2qLy4jB3hD7Z"
Content-Disposition: inline
--7AUc2qLy4jB3hD7Z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Package: cvs
Version: 1:1.12.9-14
Priority: wishlist
Tags: patch
Cvsbug has a temporary file handling issue as reported by Fedora [1]
even though this bug does not apply to the Debian package (cvsbug
is not distributed) it would be nice if it where applied anyway
to the sources (to avoid people from picking up this script with
this vulnerability, like gcvs seems to have done).
Attached is the patch based on the Bugzilla report [2]
Also, note that even if cvsbug is not installed its manpage is. You
might want to remove it.
Regards
Javier
[1] http://lwn.net/Alerts/148865/
[2] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366
--7AUc2qLy4jB3hD7Z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="cvsbug.in.diff"
Content-Transfer-Encoding: quoted-printable
--- cvsbug.in.orig 2005-08-26 09:12:22.000000000 +0200
+++ cvsbug.in 2005-08-26 09:12:55.000000000 +0200
@@ -109,14 +109,14 @@
/usr/bin/ypcat passwd 2>/dev/null | cat - /etc/passwd | grep "^$LOGNAM=
E:" |
cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
ORIGINATOR=3D"`cat $TEMP`"
- rm -f $TEMP
+ > $TEMP
fi
fi
=20
if [ "$ORIGINATOR" =3D "" ]; then
grep "^$LOGNAME:" /etc/passwd | cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
ORIGINATOR=3D"`cat $TEMP`"
- rm -f $TEMP
+ > $TEMP
fi
=20
if [ -n "$ORGANIZATION" ]; then
--7AUc2qLy4jB3hD7Z--
--xgyAXRrhYN0wYx8y
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDDsJEsandgtyBSwkRArptAJ9RooibYIn0LjVAWYSOvc7VKVbmJQCcDU/T
mqZ8qbfu9auucmDeB+ulLlY=
=d+wa
-----END PGP SIGNATURE-----
--xgyAXRrhYN0wYx8y--
---------------------------------------
Received: (at 325106-close) by bugs.debian.org; 1 Sep 2005 00:13:21 +0000
>From [EMAIL PROTECTED] Wed Aug 31 17:13:21 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EAcWr-0003oW-00; Wed, 31 Aug 2005 17:02:05 -0700
From: Steve McIntyre <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#325106: fixed in cvs 1:1.12.9-15
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 31 Aug 2005 17:02:05 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 3
Source: cvs
Source-Version: 1:1.12.9-15
We believe that the bug you reported is fixed in the latest version of
cvs, which is due to be installed in the Debian FTP archive:
cvs_1.12.9-15.diff.gz
to pool/main/c/cvs/cvs_1.12.9-15.diff.gz
cvs_1.12.9-15.dsc
to pool/main/c/cvs/cvs_1.12.9-15.dsc
cvs_1.12.9-15_alpha.deb
to pool/main/c/cvs/cvs_1.12.9-15_alpha.deb
cvs_1.12.9-15_hppa.deb
to pool/main/c/cvs/cvs_1.12.9-15_hppa.deb
cvs_1.12.9-15_i386.deb
to pool/main/c/cvs/cvs_1.12.9-15_i386.deb
cvs_1.12.9-15_ia64.deb
to pool/main/c/cvs/cvs_1.12.9-15_ia64.deb
cvs_1.12.9-15_mips.deb
to pool/main/c/cvs/cvs_1.12.9-15_mips.deb
cvs_1.12.9-15_powerpc.deb
to pool/main/c/cvs/cvs_1.12.9-15_powerpc.deb
cvs_1.12.9-15_sparc.deb
to pool/main/c/cvs/cvs_1.12.9-15_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve McIntyre <[EMAIL PROTECTED]> (supplier of updated cvs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 31 Aug 2005 23:06:00 +0100
Source: cvs
Binary: cvs
Architecture: alpha hppa i386 ia64 mips powerpc source sparc
Version: 1:1.12.9-15
Distribution: unstable
Urgency: low
Maintainer: Steve McIntyre <[EMAIL PROTECTED]>
Changed-By: Steve McIntyre <[EMAIL PROTECTED]>
Description:
cvs - Concurrent Versions System
Closes: 168163 324965 325106
Changes:
cvs (1:1.12.9-15) unstable; urgency=low
.
* Print a clearer message if ~/.cvspass does not exist when cvs login is
called. Closes: #168163.
* Updated debconf dependency to allow debconf-2.0 also.
* Make sure we don't install the cvsbug man page. Closes: #324965
* Patch for a tmp race in cvsbug (in the source package; we don't ship
the script as part of the package). Closes: #325106
Files:
149b7347400ff690c8ecb67ced05f8ba 1450712 devel optional cvs_1.12.9-15_sparc.deb
3088558c76677247ab843ca956ebaf01 1489000 devel optional cvs_1.12.9-15_hppa.deb
393df85fdf5836bee5438a8d7de41eea 1538396 devel optional cvs_1.12.9-15_alpha.deb
462fe4241cfe7a2bce3cb9adba20e666 1655770 devel optional cvs_1.12.9-15_ia64.deb
4a46e89884402e7c26e075d282f4cd5e 1481782 devel optional cvs_1.12.9-15_mips.deb
5fd3275aec401d726220501aab64e344 1469674 devel optional
cvs_1.12.9-15_powerpc.deb
6d8d5cf7fb9029ec558b1b2102dd3c9f 1444564 devel optional cvs_1.12.9-15_i386.deb
790544575f9c54dabbead723437ccf5b 68346 devel optional cvs_1.12.9-15.diff.gz
4ae97aee67fe59a702b1af0f89e01f29 710 devel optional cvs_1.12.9-15.dsc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDFj1afDt5cIjHwfcRAt1wAJ9hRtGC6aolN1KB8D+6VlrvqfNHbACfSrJK
qo57HyKaU6FQTfdPOtLecTo=
=nkfX
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
