[DebianGIS-dev] r1844 - packages/josm/tarballs
Author: gmascellani-guest Date: 2009-01-19 13:16:24 + (Mon, 19 Jan 2009) New Revision: 1844 Added: packages/josm/tarballs/josm_0.0.svn1137.orig.tar.gz Log: Added josm 0.0.svn1137 tarball Added: packages/josm/tarballs/josm_0.0.svn1137.orig.tar.gz === (Binary files differ) Property changes on: packages/josm/tarballs/josm_0.0.svn1137.orig.tar.gz ___ Name: svn:mime-type + application/octet-stream ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel
[DebianGIS-dev] r1845 - packages/josm-plugins/tags
Author: gmascellani-guest Date: 2009-01-19 13:32:14 + (Mon, 19 Jan 2009) New Revision: 1845 Added: packages/josm-plugins/tags/0.0.0.20080518-1/ Log: Tagging josm-plugins 0.0.0.20080518-1 Copied: packages/josm-plugins/tags/0.0.0.20080518-1 (from rev 1844, packages/josm-plugins/trunk) ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel
[DebianGIS-dev] r1847 - packages/josm/trunk/debian
Author: nd-guest Date: 2009-01-19 19:01:29 + (Mon, 19 Jan 2009) New Revision: 1847 Modified: packages/josm/trunk/debian/josm.desktop Log: it's openstreetmap.org, not .com :) Modified: packages/josm/trunk/debian/josm.desktop === --- packages/josm/trunk/debian/josm.desktop 2009-01-19 18:59:07 UTC (rev 1846) +++ packages/josm/trunk/debian/josm.desktop 2009-01-19 19:01:29 UTC (rev 1847) @@ -2,7 +2,7 @@ Version=1.0 Name=Josm GenericName=Java OpenStreetMap Editor -Comment=Editor for OpenStreetMap.com +Comment=Editor for OpenStreetMap.org Exec=josm Icon=josm-32 StartupNotify=false ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel
[DebianGIS-dev] r1848 - packages/gpsdrive/tags
Author: nd-guest Date: 2009-01-19 21:39:38 + (Mon, 19 Jan 2009) New Revision: 1848 Added: packages/gpsdrive/tags/2.10~pre4-6.dfsg-2/ Log: [svn-buildpackage] Tagging gpsdrive (2.10~pre4-6.dfsg-2) Copied: packages/gpsdrive/tags/2.10~pre4-6.dfsg-2 (from rev 1847, packages/gpsdrive/trunk) ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel
[DebianGIS-dev] Processing of gpsdrive_2.10~pre4-6.dfsg-2_i386.changes
gpsdrive_2.10~pre4-6.dfsg-2_i386.changes uploaded successfully to localhost along with the files: gpsdrive_2.10~pre4-6.dfsg-2.dsc gpsdrive_2.10~pre4-6.dfsg-2.diff.gz gpsdrive_2.10~pre4-6.dfsg-2_i386.deb gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb Greetings, Your Debian queue daemon ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel
[DebianGIS-dev] Bug#508596: marked as done (gpsdrive: weird unconditional deletion of unused temporary files)
Your message dated Mon, 19 Jan 2009 21:47:08 + with message-id e1lp1xc-0003ye...@ries.debian.org and subject line Bug#508596: fixed in gpsdrive 2.10~pre4-6.dfsg-2 has caused the Debian Bug report #508596, regarding gpsdrive: weird unconditional deletion of unused temporary files to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 508596: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508596 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: gpsdrive Version: 2.10~pre4-6.dfsg-1 Severity: minor Hello, While working on the other two bug reports I found this weird unconditional of unused files (IOW: that are not used anywhere). src/gpsdrive.c: unlink (/tmp/cammain.pid); unlink (/tmp/gpsdrivetext.out); Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part. ---End Message--- ---BeginMessage--- Source: gpsdrive Source-Version: 2.10~pre4-6.dfsg-2 We believe that the bug you reported is fixed in the latest version of gpsdrive, which is due to be installed in the Debian FTP archive: gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb to pool/main/g/gpsdrive/gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb to pool/main/g/gpsdrive/gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb gpsdrive_2.10~pre4-6.dfsg-2.diff.gz to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2.diff.gz gpsdrive_2.10~pre4-6.dfsg-2.dsc to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2.dsc gpsdrive_2.10~pre4-6.dfsg-2_i386.deb to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 508...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Putzo andr...@putzo.net (supplier of updated gpsdrive package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 29 Dec 2008 16:08:22 + Source: gpsdrive Binary: gpsdrive gpsdrive-data gpsdrive-scripts Architecture: source i386 all Version: 2.10~pre4-6.dfsg-2 Distribution: unstable Urgency: low Maintainer: Debian GIS Project pkg-grass-devel@lists.alioth.debian.org Changed-By: Andreas Putzo andr...@putzo.net Description: gpsdrive - Car navigation system gpsdrive-data - Car navigation system gpsdrive-scripts - Various scripts for gpsdrive Closes: 508596 508597 Changes: gpsdrive (2.10~pre4-6.dfsg-2) unstable; urgency=low . * Remove example script gpssmswatch. Prone to symlink attacks and removed upstream. * Added 101-signalposreq.dpatch to remove signalposreq() from gpsdrive to fix a potential symlink vulnerability. Removed unused unlinks of temporary files (Closes: #508597,#508596). * Added 102-unittest.dpatch to use mkdtemp in src/unit_test.c to fix a symlink vulnerability. * Updated patch for geo-code to avoid a potential race condition (CVE-2008-5380). Checksums-Sha1: bbe259716dfd75dd011edf77a485b373e3cb911f 1579 gpsdrive_2.10~pre4-6.dfsg-2.dsc 2a90ad8bef2f7714d58ccb25e6a605bb26866fca 55332 gpsdrive_2.10~pre4-6.dfsg-2.diff.gz e3c77ad451d56e231bdeb230d0a90bca762a9eb6 273176 gpsdrive_2.10~pre4-6.dfsg-2_i386.deb ba84ead1c165029934b60cf1bd1b02770f1ec045 2576832 gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb b6c8ed24604d67d0696d5f84c51717ae71d247ea 150964 gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb Checksums-Sha256: f783d9f5d360d0d0782acbfde261b5268a89c05ebd6895ce592faa0fc24127f5 1579 gpsdrive_2.10~pre4-6.dfsg-2.dsc a37c463dd7321433d5b9a5d6e2b001c644db2d640d65abfa5a3f586e87d59c47 55332 gpsdrive_2.10~pre4-6.dfsg-2.diff.gz 8f3264f930b0d400a65883029415560bce9e7e308a277dc422e9ce7f306b86db 273176 gpsdrive_2.10~pre4-6.dfsg-2_i386.deb b731cf1beb59332f09be6b9b9c983156ec34b03d001007a561207a840223281f 2576832 gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb 76af7541235838a1fb9d895c96e524942106bde4e7e75c8beb73747ef690b9fa 150964 gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb Files: ad9910d8b340782a3f321c669ab3b30b 1579 utils optional gpsdrive_2.10~pre4-6.dfsg-2.dsc c907aecb4d70e4cfbeb28a6d7d353322 55332 utils optional gpsdrive_2.10~pre4-6.dfsg-2.diff.gz 97b10dbf5d7bf2df87538f44332f59ed 273176 utils optional
[DebianGIS-dev] Bug#508597: marked as done (gpsdriver: allows local users to overwrite arbitrary files via a symlink attack)
Your message dated Mon, 19 Jan 2009 21:47:08 + with message-id e1lp1xc-0003yg...@ries.debian.org and subject line Bug#508597: fixed in gpsdrive 2.10~pre4-6.dfsg-2 has caused the Debian Bug report #508597, regarding gpsdriver: allows local users to overwrite arbitrary files via a symlink attack to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 508597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: gpsdrive Version: 2.10~pre4-6.dfsg-1 Tags: security Severity: important Hi, I have found three other attack vectors: /usr/share/doc/gpsdrive/examples/gpssmswatch: FILE=/tmp/.smswatch while [ 1 = 1 ] do gnokii --getsms SM 1 $FILE if [ $? = 0 ];then gnokii --deletesms SM 1 fi grep PLSSENDPOS $FILE if [ $? = 0 ];then echo -e position request found\n NUMBER=`grep Sender /tmp/.smswatch|awk '{print $2}'` killall -USR1 gpsdrive echo sending cat /tmp/gpsdrivepos echo -e to number $NUMBER\n gnokii --sendsms $NUMBER /tmp/gpsdrivepos src/splash.c f = fopen (/tmp/gpsdrivepos, w); if (f == NULL) { perror (/tmp/gpsdrivepos); return; } time (t); ts = localtime (t); fprintf (f, asctime (ts)); fprintf (f, POS %f %f\n, coords.current_lat, coords.current_lon); fclose (f); src/unit_test.c: g_snprintf (dir_proc, sizeof (dir_proc), /tmp/gpsdrive-unit-test); g_snprintf (dir_proc, sizeof (dir_proc), /tmp/gpsdrive-unit-test/proc); Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part. ---End Message--- ---BeginMessage--- Source: gpsdrive Source-Version: 2.10~pre4-6.dfsg-2 We believe that the bug you reported is fixed in the latest version of gpsdrive, which is due to be installed in the Debian FTP archive: gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb to pool/main/g/gpsdrive/gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb to pool/main/g/gpsdrive/gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb gpsdrive_2.10~pre4-6.dfsg-2.diff.gz to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2.diff.gz gpsdrive_2.10~pre4-6.dfsg-2.dsc to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2.dsc gpsdrive_2.10~pre4-6.dfsg-2_i386.deb to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 508...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Putzo andr...@putzo.net (supplier of updated gpsdrive package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 29 Dec 2008 16:08:22 + Source: gpsdrive Binary: gpsdrive gpsdrive-data gpsdrive-scripts Architecture: source i386 all Version: 2.10~pre4-6.dfsg-2 Distribution: unstable Urgency: low Maintainer: Debian GIS Project pkg-grass-devel@lists.alioth.debian.org Changed-By: Andreas Putzo andr...@putzo.net Description: gpsdrive - Car navigation system gpsdrive-data - Car navigation system gpsdrive-scripts - Various scripts for gpsdrive Closes: 508596 508597 Changes: gpsdrive (2.10~pre4-6.dfsg-2) unstable; urgency=low . * Remove example script gpssmswatch. Prone to symlink attacks and removed upstream. * Added 101-signalposreq.dpatch to remove signalposreq() from gpsdrive to fix a potential symlink vulnerability. Removed unused unlinks of temporary files (Closes: #508597,#508596). * Added 102-unittest.dpatch to use mkdtemp in src/unit_test.c to fix a symlink vulnerability. * Updated patch for geo-code to avoid a potential race condition (CVE-2008-5380). Checksums-Sha1: bbe259716dfd75dd011edf77a485b373e3cb911f 1579 gpsdrive_2.10~pre4-6.dfsg-2.dsc 2a90ad8bef2f7714d58ccb25e6a605bb26866fca 55332 gpsdrive_2.10~pre4-6.dfsg-2.diff.gz e3c77ad451d56e231bdeb230d0a90bca762a9eb6 273176 gpsdrive_2.10~pre4-6.dfsg-2_i386.deb ba84ead1c165029934b60cf1bd1b02770f1ec045 2576832 gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb b6c8ed24604d67d0696d5f84c51717ae71d247ea 150964 gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb Checksums-Sha256: