Bug#340079: marked as done (insecure tempfiles)

Tue, 20 Dec 2005 08:50:12 -0800 

Your message dated Tue, 20 Dec 2005 08:32:06 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#340079: fixed in libjpeg6b 6b-11
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Nov 2005 19:12:04 +0000
>From [EMAIL PROTECTED] Sun Nov 20 11:12:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from atlas.informatik.uni-freiburg.de ([132.230.150.3])
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1Edubc-0001iv-Eq
        for [EMAIL PROTECTED]; Sun, 20 Nov 2005 11:12:04 -0800
Received: from juno.informatik.uni-freiburg.de ([132.230.151.45])
        by atlas.informatik.uni-freiburg.de with esmtp (Exim 4.54)
        id 1Edubb-0005Fc-1Q
        for [EMAIL PROTECTED]; Sun, 20 Nov 2005 20:12:03 +0100
Received: from juno.informatik.uni-freiburg.de (localhost [127.0.0.1])
        by juno.informatik.uni-freiburg.de (8.12.11/8.12.11) with ESMTP id 
jAKJBvHk015406
        for <[EMAIL PROTECTED]>; Sun, 20 Nov 2005 20:11:57 +0100 (MET)
Received: (from [EMAIL PROTECTED])
        by juno.informatik.uni-freiburg.de (8.12.11/8.12.11/Submit) id 
jAKJBvW2015405
        for [EMAIL PROTECTED]; Sun, 20 Nov 2005 20:11:57 +0100 (MET)
Date: Sun, 20 Nov 2005 20:17:17 +0100
From: Uwe Zeisberger <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: insecure tempfiles
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.17
X-Debbugs-Cc: [EMAIL PROTECTED], Debian Security Team <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.9i
Organization: Universitaet Freiburg, Institut f. Informatik
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: libjpeg-progs
Version: 6b-10
Severity: grave
File: /usr/bin/exifautotran
Tags: security patch

Hello,

exifautotran just uses a file named "tempfile" for temporarly saving
the result of jpegtran.

With the attached patch applied, it uses mktemp for their creation.

Best regards
Uwe

-- System Information:
Debian Release: testing/unstable
  APT prefers testing-proposed-updates
  APT policy: (900, 'testing-proposed-updates'), (900, 'testing'), (300, 
'unstable'), (1, 'proposed-updates'), (1, 'oldstable'), (1, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libjpeg-progs depends on:
ii  libc6                         2.3.5-6    GNU C Library: Shared libraries an
ii  libjpeg62                     6b-10      The Independent JPEG Group's JPEG 

libjpeg-progs recommends no packages.

-- no debconf information


---------------------------------------
Received: (at 340079-close) by bugs.debian.org; 20 Dec 2005 16:40:53 +0000
>From [EMAIL PROTECTED] Tue Dec 20 08:40:53 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
        id 1EokPG-00022I-O7; Tue, 20 Dec 2005 08:32:06 -0800
From: Bill Allombert <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#340079: fixed in libjpeg6b 6b-11
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 20 Dec 2005 08:32:06 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: libjpeg6b
Source-Version: 6b-11

We believe that the bug you reported is fixed in the latest version of
libjpeg6b, which is due to be installed in the Debian FTP archive:

libjpeg-progs_6b-11_i386.deb
  to pool/main/libj/libjpeg6b/libjpeg-progs_6b-11_i386.deb
libjpeg62-dev_6b-11_i386.deb
  to pool/main/libj/libjpeg6b/libjpeg62-dev_6b-11_i386.deb
libjpeg62_6b-11_i386.deb
  to pool/main/libj/libjpeg6b/libjpeg62_6b-11_i386.deb
libjpeg6b_6b-11.diff.gz
  to pool/main/libj/libjpeg6b/libjpeg6b_6b-11.diff.gz
libjpeg6b_6b-11.dsc
  to pool/main/libj/libjpeg6b/libjpeg6b_6b-11.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bill Allombert <[EMAIL PROTECTED]> (supplier of updated libjpeg6b package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 20 Nov 2005 20:57:07 +0100
Source: libjpeg6b
Binary: libjpeg62 libjpeg62-dev libjpeg-progs
Architecture: source i386
Version: 6b-11
Distribution: unstable
Urgency: high
Maintainer: Bill Allombert <[EMAIL PROTECTED]>
Changed-By: Bill Allombert <[EMAIL PROTECTED]>
Description: 
 libjpeg-progs - Programs for manipulating JPEG files
 libjpeg62  - The Independent JPEG Group's JPEG runtime library
 libjpeg62-dev - Development files for the IJG JPEG library
Closes: 340079
Changes: 
 libjpeg6b (6b-11) unstable; urgency=high
 .
   * The "Silencio" release
   * exifautotran: Apply patch by Uwe Zeisberger to fix bad temporary file
     handling.  closes: #340079
Files: 
 c42a351af0d6ab1396d7a63ae24349be 620 graphics optional libjpeg6b_6b-11.dsc
 4dc00b8d78bb70716393a0833dbfe1a4 85808 graphics optional 
libjpeg6b_6b-11.diff.gz
 9c9b0b894026226e38baff569d8e77bc 84304 libs optional libjpeg62_6b-11_i386.deb
 32d8f0e2089f948c1ac4d60dd257a729 186662 libdevel optional 
libjpeg62-dev_6b-11_i386.deb
 d59508b2267b65e3fec67f5bf51e71fe 77246 graphics optional 
libjpeg-progs_6b-11_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDpsQBeDPs8bVESBURAoYEAJ9RNeM1IvFtnvkmCsjeWxiWB4eFwgCeJCw5
9SKx4Ij6wWFboJEWLkpnzjg=
=JWnx
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to