Your message dated Tue, 13 May 2014 16:49:16 +0000
with message-id <[email protected]>
and subject line Bug#565341: fixed in xfig 1:3.2.5.c-2
has caused the Debian Bug report #565341,
regarding Fix for CVE-2009-1962 misses one hunk
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
565341: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565341
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xfig
Version: 1:3.2.5.b-1
X-Debbugs-CC: [email protected]
Hello. Both patch found in Debian and fix in xfig.3.2.5b miss hunk for
u_print.c:
sprintf(tmp_fig_file, "%s/%s%06d", TMPDIR, "xfig-fig", getpid());
(noticed by Tomas Hoger:
https://bugzilla.redhat.com/show_bug.cgi?id=505257#c1)
and thus insecure use of temporary files is still possible. I failed to
find fix and thus I've recreated it from scratch:
http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-gfx/xfig/files/xfig-3.2.5b-mkstemp.patch?rev=1.1&view=markup
Please, check patch and if it's correct apply both in Debian and upstream.
Thanks,
--
Peter.
--- End Message ---
--- Begin Message ---
Source: xfig
Source-Version: 1:3.2.5.c-2
We believe that the bug you reported is fixed in the latest version of
xfig, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <[email protected]> (supplier of updated xfig package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 13 May 2014 18:04:18 +0200
Source: xfig
Binary: xfig xfig-doc xfig-libs
Architecture: source amd64 all
Version: 1:3.2.5.c-2
Distribution: unstable
Urgency: low
Maintainer: Roland Rosenfeld <[email protected]>
Changed-By: Roland Rosenfeld <[email protected]>
Description:
xfig - Facility for Interactive Generation of figures under X11
xfig-doc - XFig on-line documentation and examples
xfig-libs - XFig image libraries and examples
Closes: 296703 494790 565341
Changes:
xfig (1:3.2.5.c-2) unstable; urgency=low
.
* Remove archive Libraries/Fasteners/Fasteners.tar from xfig-libs.
* 40_XAW3D1_5E_notlocal: Don't use local SimpleMenu.c with XAW3D1_5E
(Closes: #296703). Thanks to Vladislav Zavjalov.
* 41_mkstemp: Missed hunk noticed
https://bugzilla.redhat.com/show_bug.cgi?id=505257#c1 is recreated.
(Closes: #565341).
* 42_xfig.desktop: Install modified xfig.desktop (Closes: #494790).
* Complete rewrite of debian/rules.
* Now uses hardening via debhelper.
* Use hardening=+all.
* Update to Standards-Version 3.9.5 (no changes).
* Use iceweasel as default www-browser.
* Remove xfig-www-browser and man page from source tree.
* Update list of PDF viewers in xfig-pdf-viewer and man page.
Checksums-Sha1:
50810f164463e86dfa8332d1a6ee58e9376fcbc6 1290 xfig_3.2.5.c-2.dsc
f3af4694d8f2b8a1efbb70bb445998cfac47e898 37612 xfig_3.2.5.c-2.debian.tar.xz
858b3ac95f7a0bf853f79887a5cda7152efd2a24 682476 xfig_3.2.5.c-2_amd64.deb
604280b63ac2d850ed40eccdeaf81b9fd3ab98fb 3406820 xfig-doc_3.2.5.c-2_all.deb
47c957e8522a25591245993bcf071a29225d2042 1124128 xfig-libs_3.2.5.c-2_all.deb
Checksums-Sha256:
97288b8542c51510b2ac678415384e69820e3f8f9bef7c8b7141d24c77d81081 1290
xfig_3.2.5.c-2.dsc
4c626a5373a8fc91e36e8879bb8447751611ba63d97cfc981ae0e70b97bb89ba 37612
xfig_3.2.5.c-2.debian.tar.xz
881750665681203de8de0a54bc7728da7f622ae32f56e06e7b7fd866fe64ed74 682476
xfig_3.2.5.c-2_amd64.deb
6b85fda37c0ac6a72ae83830c5ebae39b295252ad60c036914a379d611b1f276 3406820
xfig-doc_3.2.5.c-2_all.deb
19ef345482091f43528731e27a8484e2882bb215e227f880ce6dade67f9995f5 1124128
xfig-libs_3.2.5.c-2_all.deb
Files:
1c06af7a64afcb54931c7555a8cc0dcb 682476 graphics optional
xfig_3.2.5.c-2_amd64.deb
8e9aef9778b8c57c29ac69f199fd643d 3406820 doc optional
xfig-doc_3.2.5.c-2_all.deb
cd5a93bf4e9c18c178a50b931ffff56a 1124128 graphics optional
xfig-libs_3.2.5.c-2_all.deb
ce1fc39e8987b91e4d69d489e8a6c35d 1290 graphics optional xfig_3.2.5.c-2.dsc
288c8ad89f4b0eac6620a82ba36d8b47 37612 graphics optional
xfig_3.2.5.c-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlNySGsACgkQO7/Pd72LBQ1Q2QCgr6qE1T9SElH33hop2DL36KDc
IV4AniFtjD59ik6CpmfReVA5Q+IvYHFs
=LNDo
-----END PGP SIGNATURE-----
--- End Message ---
