Your message dated Mon, 13 Apr 2015 12:30:12 +0000 with message-id <e1yhdve-000299...@franck.debian.org> and subject line Bug#780716: fixed in flightgear-data 3.4.0+dfsg-0~exp2 has caused the Debian Bug report #780716, regarding flightgear-data: nasal scripts can ready any file to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780716: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780716 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: flightgear-data Version: 3.0.0-1 Severity: grave Tags: security Upstream has reported two related security issues in how FlightGear restricts what files Nasal (its built-in scripting language for aircraft) can access. This bug is tracking the portion related to the flightgear-data package. -The allowed directories for reading include FG_SCENERY, which can be changed from Nasal via /sim/terrasync/scenery-dir. Effect: Can read any file as the user. Fix: fgdata 60da2094252cee1a5cdfe737f29becd5c6800549 Regards Markus Wanner
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: flightgear-data Source-Version: 3.4.0+dfsg-0~exp2 We believe that the bug you reported is fixed in the latest version of flightgear-data, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Wanner <mar...@bluegap.ch> (supplier of updated flightgear-data package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 13 Apr 2015 11:40:10 +0200 Source: flightgear-data Binary: flightgear-data-base flightgear-data-ai flightgear-data-aircrafts flightgear-data-models flightgear-data-all Architecture: source all Version: 3.4.0+dfsg-0~exp2 Distribution: experimental Urgency: medium Maintainer: Debian FlightGear Crew <pkg-fgfs-c...@lists.alioth.debian.org> Changed-By: Markus Wanner <mar...@bluegap.ch> Description: flightgear-data-ai - FlightGear Flight Simulator -- standard AI data flightgear-data-aircrafts - FlightGear Flight Simulator -- standard aircraft flightgear-data-all - FlightGear Flight Simulator - virtual package flightgear-data-base - FlightGear Flight Simulator -- base files flightgear-data-models - FlightGear Flight Simulator -- standard models Closes: 780716 Changes: flightgear-data (3.4.0+dfsg-0~exp2) experimental; urgency=medium . [ Rebecca N. Palmer ] * Add f14fix.diff from upstream. * Remove FG_SCENERY/* and /tmp/*.xml from allowed Nasal paths. Closes: #780716. Checksums-Sha1: 52ab44212a4b92b23387bae4ff0444e5048fe889 3061 flightgear-data_3.4.0+dfsg-0~exp2.dsc 90c95016bdf9fbe4da2c62799dbc0e2530d0336d 15288 flightgear-data_3.4.0+dfsg-0~exp2.debian.tar.xz d0fd5e5fafa7040cb60ea23615771c38431d53c8 579406756 flightgear-data-base_3.4.0+dfsg-0~exp2_all.deb 3822ce43362684a66094301f53c0c11f87dc44cb 191262554 flightgear-data-ai_3.4.0+dfsg-0~exp2_all.deb eb2be400cad89f268ef9440eb89b8eceb2ba8f0f 162279754 flightgear-data-aircrafts_3.4.0+dfsg-0~exp2_all.deb 36743a1f40a39e99434009f7322ac97f7a068a1a 135582398 flightgear-data-models_3.4.0+dfsg-0~exp2_all.deb f641ddfbcd25e8840f018cbf3269c964893ccfae 6384 flightgear-data-all_3.4.0+dfsg-0~exp2_all.deb Checksums-Sha256: d25e6eade611769aa8073cdba3df79b1f5a73130c3e6af8a099e65964b90ddb1 3061 flightgear-data_3.4.0+dfsg-0~exp2.dsc c60b2d64af830ff0818203a2aa22668daec479029e78e77eaf01cff78d1a33b6 15288 flightgear-data_3.4.0+dfsg-0~exp2.debian.tar.xz 7d3b2b7367301292d3e15caf660c3a4c51a6034273b64bda8c066fb21712d054 579406756 flightgear-data-base_3.4.0+dfsg-0~exp2_all.deb 24e71ff241cbe9f013f6edf0a12702f77566c1d0089c07dc812fc080fd2a76be 191262554 flightgear-data-ai_3.4.0+dfsg-0~exp2_all.deb c23614889a791a4c965a267def08f72471e1fe1469f6fe0584db82c084a024b8 162279754 flightgear-data-aircrafts_3.4.0+dfsg-0~exp2_all.deb fcaf2f01207df7a07eebc71b0a0b7693aa3a12135f8b95d8d83432a712993bfc 135582398 flightgear-data-models_3.4.0+dfsg-0~exp2_all.deb 08e52b7df695941210d3b5a9cf48a7ee817a7465d9844ed273801555fe1eec9a 6384 flightgear-data-all_3.4.0+dfsg-0~exp2_all.deb Files: 2630af0460d585625f22e3cefd019421 3061 games extra flightgear-data_3.4.0+dfsg-0~exp2.dsc cf4d13ef81231953371333f9a6b563f1 15288 games extra flightgear-data_3.4.0+dfsg-0~exp2.debian.tar.xz e931edde86ad11a3d1996f4233a75c88 579406756 games extra flightgear-data-base_3.4.0+dfsg-0~exp2_all.deb 81b3bd176d29421ee62fcf05d80fd309 191262554 games extra flightgear-data-ai_3.4.0+dfsg-0~exp2_all.deb be216635f3accd60d21118e1785e815d 162279754 games extra flightgear-data-aircrafts_3.4.0+dfsg-0~exp2_all.deb 037227a8aad9b80a505ab7ccfd617643 135582398 games extra flightgear-data-models_3.4.0+dfsg-0~exp2_all.deb 560b1a21a82a0c3719cc144edc1e8c5d 6384 games extra flightgear-data-all_3.4.0+dfsg-0~exp2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQQcBAEBCgAGBQJVK5OdAAoJEOhoLRs/MemzQq4f/AreqXd7D/0StfTT9z+V5+gK qg7n/JaCCKWkfMsqzumohTOgVvWJFl4ZKsytydvgEE7y7eknCBCoEolqywMkopn2 XaK8qQD9Ss7nQgVoZOdMS4c5Ns7ZEDLgBc/q3ZbOgSiGkYwvE7uGmv0V/DPpqW2z kSl2hETVzZq1Apg9wE0oVSFB0EjQq8xSTqYXqGwaO+hqVvWaVJrbcBNvDLeTE/qG 3ZfI0sFB6O/J+oxBinkk+Enron0FhiHWCkG5hvfjTshJgJ8L65dcEINvPcTJjv0d nwS/Gu/YjeGKwDtv727sWF2G4Mi+KUpk5qDVDVcdqxdVvvFU3yl36Z5gYxOugE4S gNORjyPYFRCpU0mfihPeMUOwZMMhUV78rS55kyau0AAzHjhJDZ0A0b8tv2GUIuNW 7M7iUkM/x0zTUflXZCM9CEXzyxfqja9+BopR+8aDjCVXXvlSFD75F4PtBVUtCkwd vmYtfUOtW5nPeGKNFjkmsUmalGPtUO15QODH5qlJMKS12KMYT0IePWRnMyNyY4yL zAsbWGMtXW4Bb8qJQTGzlUS+eF/4ELXBlTvbwhdOjtChowqhK+fpiyu4QFXITamI d0ZQbYVhPczIK7utS+We/QtL9+/jzKNyZSm4cMo4Xv2hKk02b/HtKqn4BoBtF/w2 P/CoPpu4FgG6ipmnRxyn1ZfjSimM2uGDmbu8clPQbde8yfe7rrNkJnqkkpjoEsRv P5tIRolsYkxf0epKnHZpEMCQ0GWMKdYXHXZ6wmsUOooWG/Np+Ccy6Eotmy4KszS5 ecupIZYOWmCnT5Btf8oogtyt9S8oxf16qMhUkQIzVBh+7sMOxXxsZK+u0PD/QDtL 1RcvlgKiDTin+wpFZKV/Z0HHc5shK7BaV6LVUvEDhjgUku3XU1TUvP9eCnN1kYnN uYVu7oSbDat45OdxUiJJ9CqD/HjJ46nMNHLVMuJP2BSVMP6BcMnqFuQTrns0yx4A u879Hu1AITw1nuRNjm8kHVUvGOEgGiElYRTNaF73QxyWc/ukBMhHsv0H5oxE59Wh cjoI774jmtoCW61NeDhQHCOP4t3moXXi4p5oCTEebhS1gx9KzIkh2d9SQBHh672m 43xG6iOZutnpwQfOK0kRugBSgW4TZXJIxqjWdfvC6AfTHl8bNrt0tJCSXhutBCKd IQlrhMfPCDGS3hPU1SmTBTEvYYVj2YjaaXYI+Fkbs/GgQZNnWFri7gertIUCXaEr asc6b36sGbYSi3acLs/jh6fLsRjSAUUsxCjjFGT978ck/AjKjaIBzNkehO+xOSSx D/cfZrkgfDWuWPqp2Is1QgQtSY8ftWduQ6qmcM5NR3vDfG0a+1F/BIkEutyAAXc= =B4wH -----END PGP SIGNATURE-----
--- End Message ---
