Bug#413658: marked as done (CVE-2007-1444 netserver logs to insecure temporary file)
Your message dated Wed, 17 Oct 2007 07:47:03 + with message-id [EMAIL PROTECTED] and subject line Bug#413658: fixed in netperf 2.4.3-7 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: netperf Version: 2.4.3-2 Severity: wishlist Hello, I've been confronted to this inconvenience, so I guess it could help others too On lunch netperf's server creates the file /tmp/netperf.debug with user's ownership (default root) And this can cause trouble if serveral users start netserver (on different port of course). Maybe this can be workarounded by adding port number in debug filename Also when deamon is stopped, the file is still here, which may lock users uage of netserver Last Wishes : * '--version' option on client and server * csv output is welcome too Regards -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20-k7-amiloa-rt Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages netperf depends on: ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries netperf recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: netperf Source-Version: 2.4.3-7 We believe that the bug you reported is fixed in the latest version of netperf, which is due to be installed in the Debian FTP archive: netperf_2.4.3-7.diff.gz to pool/non-free/n/netperf/netperf_2.4.3-7.diff.gz netperf_2.4.3-7.dsc to pool/non-free/n/netperf/netperf_2.4.3-7.dsc netperf_2.4.3-7_i386.deb to pool/non-free/n/netperf/netperf_2.4.3-7_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Erik Wenzel [EMAIL PROTECTED] (supplier of updated netperf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 17 Oct 2007 04:39:28 + Source: netperf Binary: netperf Architecture: source i386 Version: 2.4.3-7 Distribution: unstable Urgency: low Maintainer: Erik Wenzel [EMAIL PROTECTED] Changed-By: Erik Wenzel [EMAIL PROTECTED] Description: netperf- Network performance benchmark Closes: 413658 438146 Changes: netperf (2.4.3-7) unstable; urgency=low . * misleading changelog.gz (Closes: #438146) * moved examples list from rules to examples * CVE-2007-1444 netserver logs to insecure temporary file (Closes: #413658) Thanks Nico Golde [EMAIL PROTECTED] for the hotfix Files: c5126df9f3ca88a4efb255c628af0817 603 non-free/net optional netperf_2.4.3-7.dsc f28a5271da7ff0e268ff6e2462c27ede 7893 non-free/net optional netperf_2.4.3-7.diff.gz 2e83723284bd88961cbee04e3df43524 349164 non-free/net optional netperf_2.4.3-7_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHFbyQmMmei9uJhBARAmDKAJ4h4xodjWs4paN6PwYQAeSe91WIdACg3UGG DuUR5lR+qT/weblgSDk8Eg4= =Qtbq -END PGP SIGNATURE- ---End Message---
Bug#413658: marked as done (CVE-2007-1444 netserver logs to insecure temporary file)
Your message dated Wed, 17 Oct 2007 09:17:08 + with message-id [EMAIL PROTECTED] and subject line Bug#413658: fixed in netperf 2.4.3-8 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: netperf Version: 2.4.3-2 Severity: wishlist Hello, I've been confronted to this inconvenience, so I guess it could help others too On lunch netperf's server creates the file /tmp/netperf.debug with user's ownership (default root) And this can cause trouble if serveral users start netserver (on different port of course). Maybe this can be workarounded by adding port number in debug filename Also when deamon is stopped, the file is still here, which may lock users uage of netserver Last Wishes : * '--version' option on client and server * csv output is welcome too Regards -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20-k7-amiloa-rt Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages netperf depends on: ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries netperf recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: netperf Source-Version: 2.4.3-8 We believe that the bug you reported is fixed in the latest version of netperf, which is due to be installed in the Debian FTP archive: netperf_2.4.3-8.diff.gz to pool/non-free/n/netperf/netperf_2.4.3-8.diff.gz netperf_2.4.3-8.dsc to pool/non-free/n/netperf/netperf_2.4.3-8.dsc netperf_2.4.3-8_i386.deb to pool/non-free/n/netperf/netperf_2.4.3-8_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Erik Wenzel [EMAIL PROTECTED] (supplier of updated netperf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 17 Oct 2007 08:55:57 + Source: netperf Binary: netperf Architecture: source i386 Version: 2.4.3-8 Distribution: unstable Urgency: low Maintainer: Erik Wenzel [EMAIL PROTECTED] Changed-By: Erik Wenzel [EMAIL PROTECTED] Description: netperf- Network performance benchmark Closes: 413658 Changes: netperf (2.4.3-8) unstable; urgency=low . * CVE-2007-1444 netserver logs to insecure temporary file (Closes: #413658) Thanks to Nico Golde [EMAIL PROTECTED] for the hotfix Files: 177fb019431c5be89ac7474e04e52b94 603 non-free/net optional netperf_2.4.3-8.dsc be439c4c9d48cd4a070567168f8e7745 7918 non-free/net optional netperf_2.4.3-8.diff.gz 7d92d07530bdb826a7b587c5dc3ab0ba 349162 non-free/net optional netperf_2.4.3-8_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHFc60mMmei9uJhBARAoGQAJ9CUdtalI4AoNx0WxSpTaHEzbh0qQCg3fph 5DrfxawewQz3XiBknif/Tag= =TRRI -END PGP SIGNATURE- ---End Message---