Bug#357702: marked as done (axiom: Some binaries statically linked with old libXpm.a)

Wed, 29 Mar 2006 14:41:57 -0800 

Your message dated Wed, 29 Mar 2006 14:02:39 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#357702: fixed in axiom 20050901-5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: axiom
Version: 20050201-1
Severity: grave
Tags: security
Justification: user security hole

The following binaries were statically linked agains libXpm.a from
a version of libxpm-dev predating 4.3.0.dfsg.1-14.

/usr/lib/axiom-20050201/bin/hypertex
/usr/lib/axiom-20050201/lib/view2D

As such, they exhibit behavior described in Bug #308783, which breaks
the display of images in the HyperDoc system and is a possible security
problem. I'm giving this report the same severity as #308783.

The fix is simple. It only requires a recompile against a newer version
of libxpm-dev. Strangely enough, the view3D binary, located in the same
directory as the view2D one is unaffected since it is dynamically linked
against libXpm.so. No other binaries in the axiom packages seem to
statically link with libXpm.a.

Igor


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.7-1-386
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)

Versions of packages axiom depends on:
ii  axiom-databases             20050201-1   A general purpose computer algebra
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libgmp3                     4.1.4-6      Multiprecision arithmetic library
ii  libncurses5                 5.4-4        Shared libraries for terminal hand
ii  libreadline4                4.3-11       GNU readline and history libraries

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: axiom
Source-Version: 20050901-5

We believe that the bug you reported is fixed in the latest version of
axiom, which is due to be installed in the Debian FTP archive:

axiom-databases_20050901-5_all.deb
  to pool/main/a/axiom/axiom-databases_20050901-5_all.deb
axiom-doc_20050901-5_all.deb
  to pool/main/a/axiom/axiom-doc_20050901-5_all.deb
axiom-graphics-data_20050901-5_all.deb
  to pool/main/a/axiom/axiom-graphics-data_20050901-5_all.deb
axiom-graphics_20050901-5_i386.deb
  to pool/main/a/axiom/axiom-graphics_20050901-5_i386.deb
axiom-hypertex-data_20050901-5_all.deb
  to pool/main/a/axiom/axiom-hypertex-data_20050901-5_all.deb
axiom-hypertex_20050901-5_i386.deb
  to pool/main/a/axiom/axiom-hypertex_20050901-5_i386.deb
axiom-source_20050901-5_all.deb
  to pool/main/a/axiom/axiom-source_20050901-5_all.deb
axiom-test_20050901-5_all.deb
  to pool/main/a/axiom/axiom-test_20050901-5_all.deb
axiom-tex_20050901-5_all.deb
  to pool/main/a/axiom/axiom-tex_20050901-5_all.deb
axiom_20050901-5.diff.gz
  to pool/main/a/axiom/axiom_20050901-5.diff.gz
axiom_20050901-5.dsc
  to pool/main/a/axiom/axiom_20050901-5.dsc
axiom_20050901-5_i386.deb
  to pool/main/a/axiom/axiom_20050901-5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Camm Maguire <[EMAIL PROTECTED]> (supplier of updated axiom package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 28 Mar 2006 21:20:17 +0000
Source: axiom
Binary: axiom-hypertex-data axiom-doc axiom axiom-tex axiom-hypertex 
axiom-graphics-data axiom-databases axiom-graphics axiom-source axiom-test
Architecture: source i386 all
Version: 20050901-5
Distribution: unstable
Urgency: low
Maintainer: Camm Maguire <[EMAIL PROTECTED]>
Changed-By: Camm Maguire <[EMAIL PROTECTED]>
Description: 
 axiom      - A general purpose computer algebra system: main binary and module
 axiom-databases - A general purpose computer algebra system: generated text 
databas
 axiom-doc  - A general purpose computer algebra system: documentation
 axiom-graphics - A general purpose computer algebra system: graphics subsystem
 axiom-graphics-data - A general purpose computer algebra system: graphics 
subsystem
 axiom-hypertex - A general purpose computer algebra system: hypertex subsystem
 axiom-hypertex-data - A general purpose computer algebra system: hypertex 
subsystem
 axiom-source - A general purpose computer algebra system: source files
 axiom-test - A general purpose computer algebra system: regression test inputs
 axiom-tex  - A general purpose computer algebra system: style file for TeX
Closes: 344346 346717 347199 349502 349901 357130 357702 358548
Changes: 
 axiom (20050901-5) unstable; urgency=low
 .
   * Patch src/doc/book.pamphlet to remove erroneous monospace type,
     Closes: #347199.
   * Fix xlibs-deb dependency for xorg transition, Closes: #346717.
   * Fix editing script to conditionally run sman, Closes: #344346.
   * Fix native-reloc code in Makefile patch (patch.merge), Closes:
     #358548.
   * Rebuild against latest libxpm-dev, Closes: 357702.
   * Fix axiom-databases source version dependency, Closes: 349502.
   * latest source (20050901) fixes htsearch, Closes: #357130.
   * Fix manpage formatting, Closes: #349901.
Files: 
 dd5b0e197f142e1044fc2334be605062 884 math optional axiom_20050901-5.dsc
 2eb696b92e0dd9fe68cbf55bcb7413b2 1435934 math optional axiom_20050901-5.diff.gz
 edcdb023abe8654eab747a6b3195afad 1261664 math optional 
axiom-source_20050901-5_all.deb
 7b74127762858aa2ef364c04ea96cd55 463752 math optional 
axiom-test_20050901-5_all.deb
 bce5d20c84f3933a850f4921b3520c4e 8698224 math optional 
axiom-doc_20050901-5_all.deb
 5579cb63eb9abf8dc0ddc1eca3523253 966668 math optional 
axiom-databases_20050901-5_all.deb
 7f552f3d99e3e173206f3860610493bf 26818 math optional 
axiom-tex_20050901-5_all.deb
 1e7d62abcaa7844c97a7792692a86524 2967186 math optional 
axiom-graphics-data_20050901-5_all.deb
 3ff0e5636d98827ed441b84bd21798d0 3680998 math optional 
axiom-hypertex-data_20050901-5_all.deb
 d97f1fa811a1f00ea0cdc984a7577c8c 13287122 math optional 
axiom_20050901-5_i386.deb
 b676a9b6d7e45501cc844faf7a3725bf 161454 math optional 
axiom-graphics_20050901-5_i386.deb
 71bb456bb378f6d89553b22e7b1835dc 128212 math optional 
axiom-hypertex_20050901-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEKc6dczG1wFfwRdwRAqgvAJ0b42BFqJDkN3Y75d8tpVDHOXRKaACgtRCi
Kihq/IIqfHixpLbLXgoEat4=
=9jqq
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to