Your message dated Sat, 17 Feb 2007 12:10:01 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#334350: fixed in flexbackup 1.2.1-2sarge1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: flexbackup Severity: grave Tags: security "ZATAZ Audits" has published an advisory concerning flexbackup. Based on a cursory investigation of the source package, Debian is affected as well. From: ZATAZ Audits <[EMAIL PROTECTED]> Subject: [Full-disclosure] flexbackup default config insecure temporary file creation Date: Mon, 17 Oct 2005 10:06:06 +0200 Organization: ZATAZ Audits Message-ID: <[EMAIL PROTECTED]> ######################################################### flexbackup default config insecure temporary file creation Vendor: http://flexbackup.sourceforge.net/ Advisory: http://www.zataz.net/adviso/flexbackup-09192005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low ######################################################### The vulnerabilities ared due to insecure temporary files creations due to a default config. [...]
--- End Message ---
--- Begin Message ---Source: flexbackup Source-Version: 1.2.1-2sarge1 We believe that the bug you reported is fixed in the latest version of flexbackup, which is due to be installed in the Debian FTP archive: flexbackup_1.2.1-2sarge1.diff.gz to pool/main/f/flexbackup/flexbackup_1.2.1-2sarge1.diff.gz flexbackup_1.2.1-2sarge1.dsc to pool/main/f/flexbackup/flexbackup_1.2.1-2sarge1.dsc flexbackup_1.2.1-2sarge1_all.deb to pool/main/f/flexbackup/flexbackup_1.2.1-2sarge1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kurt B. Kaiser <[EMAIL PROTECTED]> (supplier of updated flexbackup package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 7 Oct 2006 16:27:37 -0700 Source: flexbackup Binary: flexbackup Architecture: source all Version: 1.2.1-2sarge1 Distribution: stable-security Urgency: high Maintainer: Kurt B. Kaiser <[EMAIL PROTECTED]> Changed-By: Kurt B. Kaiser <[EMAIL PROTECTED]> Description: flexbackup - Flexible backup tool for small to medium sized installations Closes: 334350 Changes: flexbackup (1.2.1-2sarge1) stable-security; urgency=high . * Fix RC bug: unsafe use of temp file, CVE-2005-4802. (Closes: #334350) http://bugs.gentoo.org/show_bug.cgi?id=105000 http://bugs.gentoo.org/show_bug.cgi?id=116510 Files: 06539319d0534272e216306562677723 587 admin optional flexbackup_1.2.1-2sarge1.dsc 4955c89dbee354248f354a9bf0a480dd 80158 admin optional flexbackup_1.2.1.orig.tar.gz 3365f545bd49464f4e58bacc503f8b28 3546 admin optional flexbackup_1.2.1-2sarge1.diff.gz 240f8792a65a0d80b8ef85d4343a4827 75836 admin optional flexbackup_1.2.1-2sarge1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFYNAyXm3vHE4uyloRAvx+AJ9bbMoejBdIRB3IHA191ljBs7OmTwCeI43b 7CQ/3ZMVtoDDZHUhjjTGDQQ= =dZMt -----END PGP SIGNATURE-----
--- End Message ---
