Your message dated Sat, 15 Dec 2007 18:02:05 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#450754: fixed in vfu 4.06-4.1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: vfu Severity: grave Tags: security Justification: user security hole vfu embeds a copy of pcre. There's been a recent security update for pcre (DSA-1399). (I'm not sure if vfu's pcre processes untrusted regexps or if it's all user-controlled. In that case it's not a security problem, but should still be fixed for cleanliness): You should fix the vfu package to link against a shared library version of PCRE. (The packaging also appears a bit messy, e.g. the old binaries in the source package: drwxr-xr-x 2 jmm jmm 4.0K Jun 5 2005 .OBJ.libvscon.a drwxr-xr-x 2 jmm jmm 4.0K Jun 5 2005 .OBJ.libvslib.a drwxr-xr-x 2 jmm jmm 4.0K Jun 5 2005 .OBJ.test ) Cheers, Moritz -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core) Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---Source: vfu Source-Version: 4.06-4.1 We believe that the bug you reported is fixed in the latest version of vfu, which is due to be installed in the Debian FTP archive: vfu_4.06-4.1.diff.gz to pool/main/v/vfu/vfu_4.06-4.1.diff.gz vfu_4.06-4.1.dsc to pool/main/v/vfu/vfu_4.06-4.1.dsc vfu_4.06-4.1_i386.deb to pool/main/v/vfu/vfu_4.06-4.1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cyril Brulebois <[EMAIL PROTECTED]> (supplier of updated vfu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 15 Dec 2007 17:32:36 +0100 Source: vfu Binary: vfu Architecture: source i386 Version: 4.06-4.1 Distribution: unstable Urgency: low Maintainer: William Vera <[EMAIL PROTECTED]> Changed-By: Cyril Brulebois <[EMAIL PROTECTED]> Description: vfu - A versatile text-based filemanager Closes: 450754 Changes: vfu (4.06-4.1) unstable; urgency=low . * Non-maintainer upload as requested by the security team. * No longer use embedded code copy of pcre (Closes: #450754): - Delete -I and -L items pointing to the embedded code copy from the CCFLAGS_1, CCFLAGS_2, and LDFLAGS variables in the following files: + vfu/Makefile + vfu/mm.conf + vslib/makefile - Make sure that the vslib/pcre directory isn't descended into, by replacing the related make calls with “true” in vslib/Makefile. - Add a build dependency on libpcre3-dev. * Menu transition: move the menu section from “Apps/Tools” to “Applications/File Management”. * Bump Standards-Version to 3.7.3 (no change needed). * Add a Homepage field. * Remove unnedeed dpatch build dependency (there are no dpatch patches) and associated instructions in rules files. Files: ee104ab30b78fa67fd67e4d9147d9c73 615 utils optional vfu_4.06-4.1.dsc 04ad6d5500c607abdc23ebab200e900d 8828 utils optional vfu_4.06-4.1.diff.gz 34639b884caf2730ae32d4a877899ed2 166330 utils optional vfu_4.06-4.1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHZBO2HYflSXNkfP8RAocTAJwM/GJeuZKSITPaqnoD7TROY8VRzACfWA8p nOA9nz5PNEEpKSteSE7VMq4= =bn4u -----END PGP SIGNATURE-----
--- End Message ---
