Your message dated Fri, 26 Jul 2019 23:13:04 +0000
with message-id <[email protected]>
and subject line Bug#933140: fixed in patch 2.7.6-6
has caused the Debian Bug report #933140,
regarding patch: Temporary file leaked on failed ed-style patch
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
933140: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933140
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: patch
Version: 2.7.6-2
Severity: normal
Tags: upstream
Forwarded: https://savannah.gnu.org/bugs/?53820
Control: found -1 2.7.5-1+deb9u1
Control: found -1 2.7.6-3
Control: found -1 2.7.6-5
Hi
The bugfix for CVE-2018-1000156 did introduce a file leak when
applying ed-style patches. This was reported in SuSE as [1] and
upstream at [2]. There are two followup commits needed to address the
issue [3] and [4].
Regards,
Salvatore
[1] https://bugzilla.suse.com/show_bug.cgi?id=1092500
[2] https://savannah.gnu.org/bugs/?53820
[3]
http://git.savannah.gnu.org/cgit/patch.git/commit/?id=19599883ffb6a450d2884f081f8ecf68edbed7ee
[4]
http://git.savannah.gnu.org/cgit/patch.git/commit/?id=369dcccdfa6336e5a873d6d63705cfbe04c55727
--- End Message ---
--- Begin Message ---
Source: patch
Source-Version: 2.7.6-6
We believe that the bug you reported is fixed in the latest version of
patch, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated patch package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jul 2019 22:10:00 +0000
Source: patch
Architecture: source
Version: 2.7.6-6
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 933140
Changes:
patch (2.7.6-6) unstable; urgency=high
.
* Fix CVE-2018-1000156 regression, temporary file leak on failed ed-style
patches (closes: #933140).
Checksums-Sha1:
4dadb672611dec38d57e8174d6bad5d6927f5a9d 1699 patch_2.7.6-6.dsc
4855e6ee1ff71094497718694663b2586bab546c 14464 patch_2.7.6-6.debian.tar.xz
Checksums-Sha256:
ad31c243b982ad8dede14f7b4dfe5bb798bb1dc6d4e28c51a797c3af58477c13 1699
patch_2.7.6-6.dsc
75ea94b265763b65005381f1eceeaf3351a70ec5c3243bc161d702776414db02 14464
patch_2.7.6-6.debian.tar.xz
Files:
11f7ff9d8c7c6c4b8efd018db2a5a83b 1699 vcs optional patch_2.7.6-6.dsc
75a120e828c70ddc33a93bf1a66433b3 14464 vcs optional patch_2.7.6-6.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl07gakACgkQ3OMQ54ZM
yL8rQg/+Kh8uSwHduE43+Td6h17k6dMayBLr7vkxOiT8eMV2AJWiaYqLes6wSU5d
R7fLYqOaPi/9SS8VbWg000bquSnd4UaN9Ahnl+VlG0OX05+5W/fxK2GkzhsWlKlJ
jzQjz9E5DSx9E6OJcXPbTsPfctfUrqd6Df5TYCePY1m5azYVTA65vCe5oR1tMlGR
uTLy6K/dDWmhf6/sKbmVflTZYYaSqNOPgjDe490oGzVm+1V06b696eCE86XRwb6s
IKBMxEv7jRe4LhP6XSkaoOhuZ/IZ6XaaNlIb2/S6zp7ej37rMyyHLE8Z5pOuImcG
FIlTErBr0A7ZM1HmSOoYw/+DhOc9fjpSbVLrdJD+be3kS8n/iYTDQnNVaEmpBnlT
/LUscaTGhrS3NeXRLMPbgsTDh6312Xvf/PdjtsSqex3DKm6njNxKNtjJxwymEQk0
SKd0ELLJM1EDq0HFOKsSQ4tvRr+UqrjF39sOkZFK7SLZ7+CKdEY+eB/ZIaLLSQdK
CBPwKTMsa+NYY+vyOu0ToC86kolcPktepc9/JBoWDWahcrt8d3TF6GwI1aB6VqEp
JU9etrs98b1cFe8AHTn6MT0T8NlH8O6PIM7FwB57a44pek48Y+l2ogM9+fXUvG4n
HzTRt0qOjY24Fv8Wf4LDZsR1YhY1GwOCGQCm69ImcS3ZycP3IrQ=
=qIHw
-----END PGP SIGNATURE-----
--- End Message ---
