Bug#682826: marked as done (ilisp: creates world writable directory /usr/lib/ilisp)

Mon, 01 Jul 2013 02:24:34 -0700 

Your message dated Mon, 01 Jul 2013 09:20:29 +0000
with message-id <[email protected]>
and subject line Bug#682826: fixed in ilisp 5.12.0+cvs.2004.12.26-18
has caused the Debian Bug report #682826,
regarding ilisp: creates world writable directory /usr/lib/ilisp
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
682826: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682826
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ilisp
Version: 5.12.0+cvs.2004.12.26-17
Severity: grave
Tags: security
Justification: user security hole
User: [email protected]
Usertags: piuparts

Hi,

ilisp creates the following directory

  drwxrwxrwx 2 root root 300 Jul 22 22:03 /usr/lib/ilisp

with this postinst snippet:

  chmod 777 /usr/lib/ilisp # Required so that users can build .fasl files

That directory contains symlinks to various *.lisp files
which may now be replaced by any local user...

I don't use ilisp, I don't speak lisp, I just wrote the piuparts check
for world writable directories :-)


Andreas

--- End Message ---
--- Begin Message --- 
Source: ilisp
Source-Version: 5.12.0+cvs.2004.12.26-18

We believe that the bug you reported is fixed in the latest version of
ilisp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Barak A. Pearlmutter <[email protected]> (supplier of updated ilisp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 01 Jul 2013 09:48:08 +0100
Source: ilisp
Binary: ilisp ilisp-doc
Architecture: source all
Version: 5.12.0+cvs.2004.12.26-18
Distribution: unstable
Urgency: low
Maintainer: Barak A. Pearlmutter <[email protected]>
Changed-By: Barak A. Pearlmutter <[email protected]>
Description: 
 ilisp      - Emacs interface to LISP implementations
 ilisp-doc  - Documentation for ILISP package
Closes: 680646 682826 688888
Changes: 
 ilisp (5.12.0+cvs.2004.12.26-18) unstable; urgency=low
 .
   * add emacs24 support (closes: #680646)
   * update some constructs that annoy the elisp compiler
   * stop making /etc/ilisp/ilisp-keybindings.el a conf file (closes: #688888)
   * restrict writes in global .fasl directory to group ilisp (closes: #682826)
Checksums-Sha1: 
 387490153b8f78cc2f6ac862b8f7e053a49e2571 1396 
ilisp_5.12.0+cvs.2004.12.26-18.dsc
 d656b6cdb0a9bcbaaeb0f56bac8bc74ccf0e3773 103662 
ilisp_5.12.0+cvs.2004.12.26-18.debian.tar.gz
 145aa5ca44879921706aae43139a06ab4cc9fbbc 268574 
ilisp_5.12.0+cvs.2004.12.26-18_all.deb
 7c5b95a442906a3a1aa0dfe7bcef1488fd02f6c9 357968 
ilisp-doc_5.12.0+cvs.2004.12.26-18_all.deb
Checksums-Sha256: 
 1412858a9c52d2b525470df6c4355fcade9b61388e18d22a6bebf82fe12b3761 1396 
ilisp_5.12.0+cvs.2004.12.26-18.dsc
 eb504e5b99a2081d30a87226ceeb0fa259a466ac64812daddb57e957c13f0025 103662 
ilisp_5.12.0+cvs.2004.12.26-18.debian.tar.gz
 9b281a875c938c6e2700047da187dfa3ad0577be62976b8c49922872c9c74690 268574 
ilisp_5.12.0+cvs.2004.12.26-18_all.deb
 d9304b5e12957ca3cada98c73564933b003120486f8252695478caff2f3b307b 357968 
ilisp-doc_5.12.0+cvs.2004.12.26-18_all.deb
Files: 
 5d4dd882ac481c6efc4fe521c4d18dda 1396 devel optional 
ilisp_5.12.0+cvs.2004.12.26-18.dsc
 257fcf4750023e14af72e9114a8561c2 103662 devel optional 
ilisp_5.12.0+cvs.2004.12.26-18.debian.tar.gz
 aae2b66c4ad4bcfde0e8d13f684f13d3 268574 devel optional 
ilisp_5.12.0+cvs.2004.12.26-18_all.deb
 75fb8b2baf67a47d06418498a1dbe12c 357968 doc optional 
ilisp-doc_5.12.0+cvs.2004.12.26-18_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlHRSAIACgkQLz4Gnv7CP7IoDgCfQ+Ru13kF37I8w5+tfrARAtm/
2CkAnjy46Ep22hyR/m/ya9sz7V+D88ma
=RIhm
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to