Your message dated Thu, 07 Jul 2016 13:19:11 +0000
with message-id <[email protected]>
and subject line Bug#829210: Removed package(s) from unstable
has caused the Debian Bug report #771458,
regarding netenv: insecure use of /var/tmp in config/postinst
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
771458: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771458
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: netenv
Version: 0.94.3-30
Tags: security
postinst does this:
if [ -f /var/tmp/netenv_upgrade_restored-symlinks ]; then
# if there were stale links, this means there should be links. We configure
# with the link method
config_current_onboard
fi
with the assumption that the file was created by the config script. But
/var/tmp is world-writable, so the file could have been created by any
(malicious) local user.
--
Jakub Wilk
--- End Message ---
--- Begin Message ---
Version: 0.94.3-30+rm
Dear submitter,
as the package netenv has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/829210
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
