Bug#495756: marked as done (ecl has rpath to insecure location (/tmp/buildd/ecl-0.9j-20080306/build/))

Tue, 09 Sep 2008 18:41:50 -0700 

Your message dated Wed, 10 Sep 2008 01:17:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#495756: fixed in ecl 0.9j-20080306-5
has caused the Debian Bug report #495756,
regarding ecl has rpath to insecure location 
(/tmp/buildd/ecl-0.9j-20080306/build/)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
495756: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495756
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: ecl
Version: 0.9j-20080306-4
Severity: serious
Tags: security

Hello Debian Common Lisp Team,
ecl includes a ELF file /usr/lib/ecl/asdf.fas with a rpath pointing to
/tmp/buildd/ecl-0.9j-20080306/build/.

This allows an attacker with write access to that directory to
add modified libraries which will be loaded when someone
else run ecl.

Cheers,
-- 
Bill. <[EMAIL PROTECTED]>

Imagine a large red swirl here.

--- End Message ---
--- Begin Message --- 
Source: ecl
Source-Version: 0.9j-20080306-5

We believe that the bug you reported is fixed in the latest version of
ecl, which is due to be installed in the Debian FTP archive:

ecl-doc_0.9j-20080306-5_all.deb
  to pool/main/e/ecl/ecl-doc_0.9j-20080306-5_all.deb
ecl_0.9j-20080306-5.diff.gz
  to pool/main/e/ecl/ecl_0.9j-20080306-5.diff.gz
ecl_0.9j-20080306-5.dsc
  to pool/main/e/ecl/ecl_0.9j-20080306-5.dsc
ecl_0.9j-20080306-5_amd64.deb
  to pool/main/e/ecl/ecl_0.9j-20080306-5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luca Capello <[EMAIL PROTECTED]> (supplier of updated ecl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 09 Sep 2008 21:54:43 +0200
Source: ecl
Binary: ecl ecl-doc
Architecture: source all amd64
Version: 0.9j-20080306-5
Distribution: unstable
Urgency: low
Maintainer: Debian Common Lisp Team 
<[email protected]>
Changed-By: Luca Capello <[EMAIL PROTECTED]>
Description: 
 ecl        - Embeddable Common-Lisp: has an interpreter and can compile to C
 ecl-doc    - documentation for Embeddable Common-Lisp
Closes: 495756
Changes: 
 ecl (0.9j-20080306-5) unstable; urgency=low
 .
   * debian/control:
     + Build-Depends: on chrpath to remove unnecessary rpath headers
       from binaries in /usr/lib/ecl/, thanks to Bill Allombert
       <[EMAIL PROTECTED]> (Closes: #495756).
     + Depends: on gcc, it's required at installation and everytime
       you want to produce a loadable object file.
 .
   * debian/rules:
     + add chrpath call to 'install' target.
Checksums-Sha1: 
 d592bea4c6c43cc5a70205514e14da0ea8c69e3f 1573 ecl_0.9j-20080306-5.dsc
 b8e07c40d5d68549c38ca8c5fa07bbf276f4e8df 154308 ecl_0.9j-20080306-5.diff.gz
 6cbeb068f1f3030e10e4d25aba35af4c0304ca6a 65118 ecl-doc_0.9j-20080306-5_all.deb
 a3f0013787a3444a7ae145e92a1dcd1bfe526f5f 1586750 ecl_0.9j-20080306-5_amd64.deb
Checksums-Sha256: 
 71997860b4d69db18b669151423bf589896fee2572e45a946850bddf292950be 1573 
ecl_0.9j-20080306-5.dsc
 2124f8fbba3e4604d06d7c2b28dc8ea7109441fde48cb55368b4f13bb6a86e57 154308 
ecl_0.9j-20080306-5.diff.gz
 38c57bf8625019d6d6cfaddb3ff08f29e995ea380a82549cac2347f3592f1ffc 65118 
ecl-doc_0.9j-20080306-5_all.deb
 bdb37b2b93a109db37b3ec44a1fe62b3c6d9e0986acca6b2494dcc86b9156a74 1586750 
ecl_0.9j-20080306-5_amd64.deb
Files: 
 ebcee6b3afbf68aded6bd8a0966018e3 1573 devel optional ecl_0.9j-20080306-5.dsc
 0e6066196d95a74605611ad5c2dfcbe2 154308 devel optional 
ecl_0.9j-20080306-5.diff.gz
 fd17aeaf7aff07e2539d8c4671accd76 65118 doc optional 
ecl-doc_0.9j-20080306-5_all.deb
 78f1af52e573fcb5b9901c6804b99c66 1586750 devel optional 
ecl_0.9j-20080306-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iJwEAQECAAYFAkjG9HoACgkQZwOMsWhEDTOpNQP/ZBCtCEOCwD0/W3uPXZtBDcdl
DAJHiG/6XJhjFTWst50nCSPTcDdBk/WG+aY8C0tl3kSFerN6Bl2PclHmLHafQwpf
mvBj1pl73UQu7GEiwmqOONHEQ9qgbgifyxQOP0hRjuSh4yxKUb8BXUY6pGhhX5qy
c1NTbFI/Z6xbr8s6Cfc=
=mrs8
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
pkg-common-lisp-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-common-lisp-devel

Reply via email to