Your message dated Fri, 18 Nov 2011 13:00:42 +0000
with message-id
<20111118130042.26610.qm...@170ebc940cdb32.315fe32.mid.smarden.org>
and subject line Re: Bug#649159: proposed upload: git/1:1.7.8~rc3-1
has caused the Debian Bug report #649159,
regarding proposed upload: git/1:1.7.8~rc3-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
649159: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649159
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: git
Version: 1:1.7.8~rc2-1
Severity: important
Tags: upstream fixed-upstream
Hi Gerrit and Anders,
v1.7.8-rc3 fixes a security hole for installations that enable remote
update-archive access (regression introduced by v1.7.8-rc1~12^2~1,
upload-archive: use start_command instead of fork, 2011-10-24).
[1] has details.
Luckily sid is not affected. I have prepared an upload for
experimental at
git://git.debian.org/~jrnieder-guest/git.git debian-experimental
(commit bd4c77e0, candidate+patches at b5a4997e). This is not too
urgent because installing experimental git in a public-facing
installation with --enable=upload-archive would be a little insane.
Hopefully it can save you time.
Sincerely,
Jonathan
[1] http://thread.gmane.org/gmane.comp.version-control.git/185489/focus=185491
--- End Message ---
--- Begin Message ---
Uploaded. Thank you, Jonathan.
On Fri, Nov 18, 2011 at 05:11:12AM -0600, Jonathan Nieder wrote:
> Package: git
> Version: 1:1.7.8~rc2-1
> Severity: important
> Tags: upstream fixed-upstream
>
> Hi Gerrit and Anders,
>
> v1.7.8-rc3 fixes a security hole for installations that enable remote
> update-archive access (regression introduced by v1.7.8-rc1~12^2~1,
> upload-archive: use start_command instead of fork, 2011-10-24).
> [1] has details.
>
> Luckily sid is not affected. I have prepared an upload for
> experimental at
>
> git://git.debian.org/~jrnieder-guest/git.git debian-experimental
>
> (commit bd4c77e0, candidate+patches at b5a4997e). This is not too
> urgent because installing experimental git in a public-facing
> installation with --enable=upload-archive would be a little insane.
>
> Hopefully it can save you time.
>
> Sincerely,
> Jonathan
>
> [1] http://thread.gmane.org/gmane.comp.version-control.git/185489/focus=185491
>
>
--- End Message ---
