Bug#832169: marked as done (dietlibc-dev: insecure default PATH)

Debian Bug Tracking System Sun, 04 Sep 2016 15:21:49 -0700

Your message dated Sun, 04 Sep 2016 22:17:09 +0000
with message-id <[email protected]>
and subject line Bug#832169: fixed in dietlibc 0.33~cvs20120325-6+deb8u1
has caused the Debian Bug report #832169,
regarding dietlibc-dev: insecure default PATH
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
832169: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832169
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: dietlibc-dev
Version: 0.33~cvs20120325-4
Severity: important
Tags: jessie sid security upstream

(Putting this in the BTS to make tracking this issue easier.)

Thorsten Glaser discovered that the default PATH in dietlibc
(if the environment variable is unset) contains the current
working directory, which is a security problem.

See also:
https://security-tracker.debian.org/tracker/TEMP-0000000-0F9220
http://news.gmane.org/find-root.php?message_id=alpine.DEB.2.20.1607181048300.24083%40tglase.lan.tarent.de

Regards,
Christian

--- End Message ---

--- Begin Message ---

Source: dietlibc
Source-Version: 0.33~cvs20120325-6+deb8u1

We believe that the bug you reported is fixed in the latest version of
dietlibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Seiler <[email protected]> (supplier of updated dietlibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 23 Jul 2016 10:41:00 +0200
Source: dietlibc
Binary: dietlibc-dev dietlibc-doc
Architecture: source all amd64
Version: 0.33~cvs20120325-6+deb8u1
Distribution: jessie
Urgency: high
Maintainer: Hector Oron <[email protected]>
Changed-By: Christian Seiler <[email protected]>
Description:
 dietlibc-dev - diet libc - a libc optimized for small size
 dietlibc-doc - diet libc documentation - a libc optimized for small size
Closes: 832169
Changes:
 dietlibc (0.33~cvs20120325-6+deb8u1) jessie; urgency=high
 .
   * Security: fix insecure default PATH. (Closes: #832169)
     Thanks to Thorsten Glaser <[email protected]> for discovering this
Checksums-Sha1:
 1d55cd0c9b94a661925898d6daef7d065ac890ab 2160 
dietlibc_0.33~cvs20120325-6+deb8u1.dsc
 a8e6d0dde3f641a8963e1a813068c29347445563 32320 
dietlibc_0.33~cvs20120325-6+deb8u1.debian.tar.xz
 9c66dd05e0efbac56a0382908c08b0e328dbf7a9 54132 
dietlibc-doc_0.33~cvs20120325-6+deb8u1_all.deb
 9802aaf850657bea555ec837a9fbe86024c01616 354036 
dietlibc-dev_0.33~cvs20120325-6+deb8u1_amd64.deb
Checksums-Sha256:
 debbeaa665b6ebbe5caadd66ccc2907a86359e8b29419308867d00d30e2144e7 2160 
dietlibc_0.33~cvs20120325-6+deb8u1.dsc
 f40ddb55510c01ef29720625607b6d3e0586da5fc9a0d42df6920480c2e7b422 32320 
dietlibc_0.33~cvs20120325-6+deb8u1.debian.tar.xz
 b01223a0063bc08984dc3e4002402aad78b938b6409073e8b42201fcf33533ac 54132 
dietlibc-doc_0.33~cvs20120325-6+deb8u1_all.deb
 9114556b7255e1af8505f7793d11461b3ee0a4688b6ba53dde690117026f6ca1 354036 
dietlibc-dev_0.33~cvs20120325-6+deb8u1_amd64.deb
Files:
 b98e2fe884b2ea3a32e56fb96106f126 2160 devel optional 
dietlibc_0.33~cvs20120325-6+deb8u1.dsc
 cd168ce5451f6a1a463c379d86e67a39 32320 devel optional 
dietlibc_0.33~cvs20120325-6+deb8u1.debian.tar.xz
 a483eb42abe150f2a67033c412108ecd 54132 doc optional 
dietlibc-doc_0.33~cvs20120325-6+deb8u1_all.deb
 7c1d28ce4cb998561443be94862ecea7 354036 libdevel optional 
dietlibc-dev_0.33~cvs20120325-6+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXzF4UAAoJEGMjNFnNz6AYJJIQAL5eSqj1zAp1OXfT/t+BVLW4
sWwaW879Rt2Vf8Q3CQuwmjn6VBOwFfrug4VTyCR9JiGHOfB2+keO7GE7g5F1+hQc
1Xl1MP7Tkry9NsSMMKo+AVbLp2mMRgHnQ+X9OlGUyDpmENi3zVZYQPAyAZM8fqpt
OJZWIM2hseywT8B61Zv9zxca53nxU+oePdlmMAiKf7HWzef34G+Lgf3fI43RIgzQ
A/zFKpX69hsDPQN/Il8L05u8LjuRP6tKGk9kwJclcG8FsiqcCy2N04MwPk7PRApB
haVVVJghDtI3lNevJ3jd1GYBv/Q89yTN2wmshfIzXClreC6P4uhnVeB9wvB/WPg3
DZcUliehzU9BOW3+6BeJwEnhwHfcznqAxmEl9A5iAx990p7YUv/uJTLvSHNy4Jj6
9P1RGO2ihrIzmexqfj3hiwyiETLGCAieSoV4ibXsgcZ1l0FFcD3hzOKs2KXL38Kv
VRTHvF1MKsILNBiK5gj5LcsPBZ/UZzlNVvkoLptXAVGQVuSJ1oNMPj/d+xKc1HAb
Nc2qdRDn0eQcjf0uQ+Fy1oxEagaJfnpEUX3Ty0QxydKqEz2rgH7WQiNoEoRJrycY
0xhlrV7D0UwQQOA+tv3JSuWgipa2jVtVEr6F5lEi7ZqNKAni+aFtJ2+vvxy/YQ+R
7LmCaMDTMs1Bzg7nFo1F
=wb5B
-----END PGP SIGNATURE-----

--- End Message ---

Bug#832169: marked as done (dietlibc-dev: insecure default PATH)

Reply via email to