Your message dated Sun, 22 May 2005 14:06:21 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#309045: fixed in unrar-free 1:0.0.1-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 14 May 2005 02:47:04 +0000
>From [EMAIL PROTECTED] Fri May 13 19:47:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newmail.brainfood.com [146.82.138.14] (Debian-exim)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DWmgC-0002yj-00; Fri, 13 May 2005 19:47:04 -0700
Received: from brown.brainfood.com ([146.82.138.61]
helo=gradall.private.brainfood.com)
by newmail.brainfood.com with esmtp
(TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24)
(Exim 4.31)
id 1DWmgA-0002qo-Ed
for [EMAIL PROTECTED]; Fri, 13 May 2005 21:47:02 -0500
Date: Fri, 13 May 2005 21:47:01 -0500 (CDT)
From: Adam Heath <[EMAIL PROTECTED]>
X-X-Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: SECURITY: unrar opens /tmp/debug_unrar.txt
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
package: unrar
tags: security
severity: serious
version: 1:0.0.1-1
[EMAIL PROTECTED]:/bt/incoming/Star.Trek.Enterprise.S04E21.HDTV.XviD-LOL$
ltrace unrar -t *.nfo 2>&1|grep /tmp
strcpy(0x8050e60, "/tmp/debug_unrar.txt") = 0x8050e60
fopen("/tmp/debug_unrar.txt", "w") = 0x80540b0
fopen("/tmp/debug_unrar.txt", "a") = 0x8054a68
fopen("/tmp/debug_unrar.txt", "a") = 0x8054a68
<insert standard symlink attack here>
---------------------------------------
Received: (at 309045-close) by bugs.debian.org; 22 May 2005 18:08:01 +0000
>From [EMAIL PROTECTED] Sun May 22 11:08:01 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DZurp-0007lj-00; Sun, 22 May 2005 11:08:01 -0700
Received: from joerg by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DZuqD-0008Vb-00; Sun, 22 May 2005 14:06:21 -0400
From: Jeroen van Wolffelaar <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: lisa $Revision: 1.30 $
Subject: Bug#309045: fixed in unrar-free 1:0.0.1-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Joerg Jaspert <[EMAIL PROTECTED]>
Date: Sun, 22 May 2005 14:06:21 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: unrar-free
Source-Version: 1:0.0.1-2
We believe that the bug you reported is fixed in the latest version of
unrar-free, which is due to be installed in the Debian FTP archive:
unrar-free_0.0.1-2.diff.gz
to pool/main/u/unrar-free/unrar-free_0.0.1-2.diff.gz
unrar-free_0.0.1-2.dsc
to pool/main/u/unrar-free/unrar-free_0.0.1-2.dsc
unrar-free_0.0.1-2_i386.deb
to pool/main/u/unrar-free/unrar-free_0.0.1-2_i386.deb
unrar-free_0.0.1.orig.tar.gz
to pool/main/u/unrar-free/unrar-free_0.0.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeroen van Wolffelaar <[EMAIL PROTECTED]> (supplier of updated unrar-free
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 22 May 2005 19:22:21 +0200
Source: unrar-free
Binary: unrar-free
Architecture: source i386
Version: 1:0.0.1-2
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <[EMAIL PROTECTED]>
Changed-By: Jeroen van Wolffelaar <[EMAIL PROTECTED]>
Description:
unrar-free - Unarchiver for .rar files
Closes: 265045 288398 292945 309045
Changes:
unrar-free (1:0.0.1-2) unstable; urgency=low
.
* QA Upload orphaning package
* Rename source & binary to unrar-free, because this package isn't yet near
to functional equivalence of 'unrar', also rename binary to 'unrar-free',
because policy says no two files in the archive may have the same name
while not being drop in replacements (c.f. #270751, closes: #265045)
* Be realistic in the README.Debian, encourage people to participate in
upstream development
* Fix incorrect display of "failed" in some cases, thanks to Niklas Vainio
for the patch (Closes: #292945)
* Security fix: Disable debugging (unconditional write to
/tmp/debug_unrar.txt) (Closes: #309045)
* Exit with non-zero exit code when something went wrong, again thanks for
Niklas Vainio for his work (Closes: #288398)
Files:
eee95ac299b442f263b075274883bc32 677 utils optional unrar-free_0.0.1-2.dsc
ac284a6739e3b8c794e7f9e8c20ed8f8 315463 utils optional
unrar-free_0.0.1.orig.tar.gz
d353ec43b2609922b38f7a089a49d31c 9053 utils optional unrar-free_0.0.1-2.diff.gz
0bbd9397dfdda007bb52dfaabaf1d79b 15834 utils optional
unrar-free_0.0.1-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Signed by Jeroen van Wolffelaar <[EMAIL PROTECTED]>
iD8DBQFCkMLpl2uISwgTVp8RAqkbAJ9PWv7SrL7O1Ek0Kl/FcoULvBLxyACg0o8w
lhZEz6hG32dZVnNfovMNu1E=
=7kHa
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
