Your message dated Thu, 14 Mar 2002 11:53:41 +0100
with message-id <[EMAIL PROTECTED]>
and subject line fixed in 3.0.4-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Mar 2002 09:17:00 +0000
>From [EMAIL PROTECTED] Tue Mar 12 03:17:00 2002
Return-path: <[EMAIL PROTECTED]>
Received: from rhenium.btinternet.com [194.73.73.93]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 16kiOx-0001El-00; Tue, 12 Mar 2002 03:17:00 -0600
Received: from host217-35-25-97.in-addr.btopenworld.com ([217.35.25.97]
helo=arborlon.lab.dotat.at)
by rhenium.btinternet.com with esmtp (Exim 3.22 #8)
id 16kiOs-0003hh-00; Tue, 12 Mar 2002 09:16:54 +0000
Received: from cjwatson by arborlon.lab.dotat.at with local (Exim 3.35 #1
(Debian))
id 16kiOE-0005ls-00; Tue, 12 Mar 2002 09:16:14 +0000
Date: Tue, 12 Mar 2002 09:16:13 +0000
From: Colin Watson <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: fastjar: static link to insecure zlib
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.27i
X-Reportbug-Version: 1.44
Sender: Colin Watson <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Package: fastjar
Version: 1:3.0.4-2
Severity: grave
Justification: user security hole
Tags: security
fastjar and grepjar both appear to link statically to zlib, so need to
be rebuilt against a zlib1g-dev not vulnerable to the recently announced
security hole.
(Actually, when I configured gcc-3.0 on auric it seemed to end up with
'ZLIBS = $(top_builddir)/../zlib/libz.a -L$(here)/../zlib/', despite the
use of --with-system-zlib. Perhaps src/zlib should be patched to be on
the safe side; diffing zlib_1.1.3-19.diff.gz and zlib_1.1.3-19.1.diff.gz
produces the patch.)
Thanks,
--
Colin Watson [EMAIL PROTECTED]
---------------------------------------
Received: (at 137973-done) by bugs.debian.org; 14 Mar 2002 10:54:17 +0000
>From [EMAIL PROTECTED] Thu Mar 14 04:54:17 2002
Return-path: <[EMAIL PROTECTED]>
Received: from mail.cs.tu-berlin.de [130.149.17.13] (root)
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 16lSsD-0000Pz-00; Thu, 14 Mar 2002 04:54:17 -0600
Received: from bolero.cs.tu-berlin.de ([EMAIL PROTECTED] [130.149.19.1])
by mail.cs.tu-berlin.de (8.9.3/8.9.3) with ESMTP id LAA09021
for <[EMAIL PROTECTED]>; Thu, 14 Mar 2002 11:53:41 +0100 (MET)
Received: (from [EMAIL PROTECTED])
by bolero.cs.tu-berlin.de (8.11.6+Sun/8.9.3) id g2EArfu08437;
Thu, 14 Mar 2002 11:53:41 +0100 (MET)
From: Matthias Klose <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 14 Mar 2002 11:53:41 +0100
To: [EMAIL PROTECTED]
Subject: fixed in 3.0.4-4
X-Mailer: VM 7.00 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
Delivered-To: [EMAIL PROTECTED]
fixed in 3.0.4-4
