Your message dated Sat, 5 Nov 2005 12:33:48 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Processed: Fixed in sid
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Nov 2005 13:54:21 +0000
>From [EMAIL PROTECTED] Fri Nov 04 05:54:21 2005
Return-path: <[EMAIL PROTECTED]>
Received: from egg.area.ba.cnr.it [150.145.80.53]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EY21N-0005Kk-00; Fri, 04 Nov 2005 05:54:21 -0800
Received: from localhost (localhost [127.0.0.1])
by egg.area.ba.cnr.it (8.13.1/8.13.1/SuSE Linux 0.7) with ESMTP id
jA4DsJ6b018754;
Fri, 4 Nov 2005 14:54:19 +0100
Received: from klecker (klecker.ba.issia.cnr.it [150.145.84.32])
by egg.area.ba.cnr.it (8.13.1/8.13.1/SuSE Linux 0.7) with ESMTP id
jA4Ds7PK018736;
Fri, 4 Nov 2005 14:54:07 +0100
Received: from frankie by klecker with local (Exim 4.54)
id 1EY217-0004MQ-SO; Fri, 04 Nov 2005 14:54:05 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Francesco Paolo Lovergine <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: tempfile security issue
X-Mailer: reportbug 3.17
Date: Fri, 04 Nov 2005 14:54:05 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20041222+Sophos at egg.area.ba.cnr.it
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: smb4k
Version: 0.5.2
Severity: grave
Tags: security
See http://smb4k.berlios.de/ and thread already reported to stable secteam.
Fixed in 0.6.4 due in a few.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 337471-done) by bugs.debian.org; 5 Nov 2005 11:34:03 +0000
>From [EMAIL PROTECTED] Sat Nov 05 03:34:03 2005
Return-path: <[EMAIL PROTECTED]>
Received: from egg.area.ba.cnr.it [150.145.80.53]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EYMJ8-0003vu-00; Sat, 05 Nov 2005 03:34:03 -0800
Received: from localhost (localhost [127.0.0.1])
by egg.area.ba.cnr.it (8.13.1/8.13.1/SuSE Linux 0.7) with ESMTP id
jA5BY1hJ022684;
Sat, 5 Nov 2005 12:34:01 +0100
Received: from klecker (klecker.ba.issia.cnr.it [150.145.84.32])
by egg.area.ba.cnr.it (8.13.1/8.13.1/SuSE Linux 0.7) with ESMTP id
jA5BXv0g022680;
Sat, 5 Nov 2005 12:33:58 +0100
Received: from adsl-ull-253-109.49-151.net24.it ([151.49.109.253]
helo=localhost)
by klecker with esmtpa (Exim 4.54)
id 1EYMJ2-0008PY-FU; Sat, 05 Nov 2005 12:33:56 +0100
Received: from frankie by localhost with local (Exim 4.54)
id 1EYMIu-0002UB-MB; Sat, 05 Nov 2005 12:33:48 +0100
Date: Sat, 5 Nov 2005 12:33:48 +0100
From: Francesco Paolo Lovergine <[EMAIL PROTECTED]>
To: Filipus Klutiero <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Processed: Fixed in sid
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL
PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
X-GPG-Fingerprint: 92E4 2D44 336F DF91 5508 23D5 A453 5199 E9F2 C747
X-GPG-Info: finger [EMAIL PROTECTED]
X-Advocacy: Who uses non-free software empoisons you too. Say him to stop.
User-Agent: Mutt/1.5.11
X-Virus-Scanned: by amavisd-new-20041222+Sophos at egg.area.ba.cnr.it
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by egg.area.ba.cnr.it id
jA5BY1hJ022684
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: smb4k
Version: 0.6.4-1
On Sat, Nov 05, 2005 at 05:06:17AM -0500, Filipus Klutiero wrote:
> Francesco Paolo Lovergine a =E9crit :
>=20
> >
> >The sarge tag is superfluous because version numbering is already
> >reporting all needed information, i.e. 0.5.2 (stable) is broken, while
> >0.6.4+ is ok.=20
> >
> Hi again Francesco,
> I'm sorry to argue about a dull thing like that, but, since we already=20
> started...
> Please check the explanation about the new meaning of the distributions=
=20
> tags in the BTS version tracking announcement. Distribution-specific=20
> tags are now basically unrelated to the version tracking information=20
> (except of course that if a bug isn't in sarge, you're still not going=20
> to tag it sarge).
>=20
> >If you tried to use the bug search form you would see what I say.
> >=20
> >
> I'm not sure what you're proposing to try with the bug search form. I=20
> tried checking smb4k 0.6.4-1's bugs. This brought me to the following=20
> URL=20
> http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=3Dpkg&data=3Dsmb4k&a=
rchive=3Dno&version=3D0.6.4-1&dist=3Dunstable=20
> which lists the bug without giving any clue that it's fixed in any vers=
ion.
>=20
http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=3Dpkg&data=3Dsmb4k&arc=
hive=3Dno&version=3D&dist=3Dstable&sev-inc=3Dgrave
http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=3Dpkg&data=3Dsmb4k&arc=
hive=3Dno&version=3D&dist=3Dstable&sev-inc=3Dgrave
Anyway yes, I missed a 'done' to fix the bug in latest sid, now done.
> >The initial 'found 337471' marks ALL versions as buggy. It's
> >the current way to reopen a bug properly.
> >
> You're right.
>=20
> >Than, I pointed 0.6.4-1 as
> >the fixed version. Check better BTS doc, thanks. Those are all the
> >instructions needed to properly close a bug not closed in changelog (n=
ot=20
> >done
> >due to long delay in BTS ack and assignment or mailing).=20
> >=20
> >
> This is where you must miss something. There is currently no fixed=20
> version recorded for this bug. Consequently, the bug is *not* closed.=20
> Using bugs.d.o should let you realize that. I'm quoting Colin's mail to=
=20
> let you see that clearly : "By default, pkgreport.cgi will show as open=
=20
> all bugs that have no recorded fixed versions." Now if you do a quite=20
> safe deduction and conclude that bugs that have a fixed version recorde=
d=20
> should be closed, and take a look at=20
> http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=3Dsmb4k you'll see tha=
t=20
> the bug is open, while it should be closed.
>=20
Now that should be done.
> >BTW archiving facility is currently disabled, and someone should untag
> >'sarge' manually after secteam fixing, to avoid confusion.
> >
> >=20
> >
> I'm not sure I understand...I did tag the bug sarge, but you untagged i=
t=20
> sarge, and now you're discussing to untag it sarge? Does that mean you=20
> agree it should be tagged sarge? :) Anyway, I don't think that untaggin=
g=20
> sarge is needed if this gets fixed in sarge. "the sarge tag now means=20
> "don't archive this bug until it has been fixed in a version in sarge".=
"=20
> That means nothing should keep the bug from being archived after it got=
=20
> a fixed version recorded for sarge. Whatever we do about that bug,=20
> archival will not happen before someone rewrites it.
> Oh, I just thought...maybe you're confusing bug archival with the fact=20
> of being closed? If that's the case, closing bugs is currently working,=
=20
> only archival isn't it. Bug archival happens some time after a bug is=20
> closed.
>=20
Just sarge is supefluous IMHO. Versioning is more powerful in doing
searches.
> Thanks again for your time
You too.
--=20
Francesco P. Lovergine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
