Your message dated Fri, 07 Jun 2024 20:52:03 +0000
with message-id <[email protected]>
and subject line Bug#965154: fixed in maxima 5.47.0-2
has caused the Debian Bug report #965154,
regarding maxima: insecure use of /tmp
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
965154: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965154
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: maxima
Version: 5.43.2-3
Severity: grave
Tags: security
Maxima uses /tmp in an insecure way. In particular, when creating plots, files
are written to maxima_tempdir (which defaults to /tmp) with predictable names,
and there is no check that the files do not exist. An attacker could use
symlinks to redirect the writes to an arbitrary file.
--- End Message ---
--- Begin Message ---
Source: maxima
Source-Version: 5.47.0-2
Done: Camm Maguire <[email protected]>
We believe that the bug you reported is fixed in the latest version of
maxima, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Camm Maguire <[email protected]> (supplier of updated maxima package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 07 Jun 2024 16:26:20 -0400
Source: maxima
Architecture: source
Version: 5.47.0-2
Distribution: unstable
Urgency: medium
Maintainer: Camm Maguire <[email protected]>
Changed-By: Camm Maguire <[email protected]>
Closes: 965154 1019063
Changes:
maxima (5.47.0-2) unstable; urgency=medium
.
* Bug fix: "no Homepage field", thanks to Jakub Wilk (Closes: #1019063).
* Bug fix: "insecure use of /tmp", thanks to Evgeny Kapun (Closes:
#965154).
Checksums-Sha1:
ec800930723a668fac182aef9acf1fdd8b2a0936 2126 maxima_5.47.0-2.dsc
04627996d86b6f924700f7d936747fdb9b28bd6f 1773392 maxima_5.47.0-2.debian.tar.xz
12edd6230f5cd43cc2c4917f3b119f2bce1723da 9443 maxima_5.47.0-2_source.buildinfo
Checksums-Sha256:
f8cb79a7a988ee6c1c6645fa3876a7f2da89555758225717991f9b0bb3795e6f 2126
maxima_5.47.0-2.dsc
96cc618df97cbbfca7f3b2ed2ed1b1e24adc7c3a905c5dde6b093119338492d9 1773392
maxima_5.47.0-2.debian.tar.xz
ff9a74ffd1b6e031ff61f86fd46fe57f43e8331998efcdcf5998abfa036f53fc 9443
maxima_5.47.0-2_source.buildinfo
Files:
87f4e6d7c93ca98f801948dd4fbbfd23 2126 math optional maxima_5.47.0-2.dsc
4cde54e51cedce971a133d11049b88c6 1773392 math optional
maxima_5.47.0-2.debian.tar.xz
088e86b552eb02e9658c178f7c2acc38 9443 math optional
maxima_5.47.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/iFPNjaXdzJC6BbsuEXOUQ+bcU0FAmZjbR8ACgkQuEXOUQ+b
cU1PdhAAks2n1cUEqfX0AeIssCUWuzOmJnt8AJnkQEO8RDaayJicqOove+l3lbQh
MzG7KihKVI9LJx7Rt3CFuTEb1ovQcrw3tCF4wapzCGKa1EflPJlBaeRT6dYiQm5u
YEa9HRF0VDIXW/HZ6iMgtVtabHmEUcAG4fVJFN5NyrxBbq5bcGNIklFpCut9f0AI
rNFC6gc8l7pXJ3NMQySZ/6bffD9DP6vbh48cEJ2QiUxMiMF0Abm7WifLgdeufBG/
EKCEGFzAtFUWnmYwKpoA184Lb7MJA/MTipHJO9aeFfe3Azj8ylCQvJD1A0w7Te/C
qObb6C3faR8OlDJf36+r7US16l++Ue1XYrWaqNzWQZpkPyc4fWi2yXbaCQ8oow6E
drVC9f7/cnnxRrU1j03HMV8thIgqb5QsEa2AA/16c24TiOe3X3HdY5EZmpqZeug8
X2tiZDnat9m43KOvh/55BecVV1NuK06JDf3Ixln2PB58Sn8AhuVVLMFzivUwseP7
ALD3ru8yRd2K4yYzYFOdeCQfL47A//gFUeilsUM8BJe4MrJmsKwOHsfB1hdg7f1S
tU6WXAU+CTi5r7k+dI6O9uD4yKUFFFNu67u23ibqoJIvWHHwnA9nYMtBgz3UpGJP
yVgPR0zWG45B9bJhT0Uz7Kdcv/hNfmwRe0ERCTjX9WCLNP+X2Wo=
=pKi9
-----END PGP SIGNATURE-----
pgpwDAMqD6bfw.pgp
Description: PGP signature
--- End Message ---
