Your message dated Sat, 25 Feb 2023 17:51:09 +0000
with message-id <e1pvyhr-00cvwv...@fasolo.debian.org>
and subject line Bug#1031744: fixed in httpdirfs-fuse 1.2.5-1
has caused the Debian Bug report #1031744,
regarding httpdirfs: usage of ubsan might introduce vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1031744: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031744
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: httpdirfs
Version: 1.2.4-1
Severity: serious
Tags: security
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Package: httpdirfs
Version: 1.2.4-2
Depends: ..., libubsan1 (>= 8), ...
This is a bad idea not only due to slower execution,
but might even introduce vulnerabilities:
https://www.openwall.com/lists/oss-security/2016/02/17/9
While there are safe usages of ubsan, httpdirfs being the
only package in the archive that uses ubsan but not asan
is something that sounds wrong and underreviewed.
--- End Message ---
--- Begin Message ---
Source: httpdirfs-fuse
Source-Version: 1.2.5-1
Done: Jérôme Charaoui <jer...@riseup.net>
We believe that the bug you reported is fixed in the latest version of
httpdirfs-fuse, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1031...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jérôme Charaoui <jer...@riseup.net> (supplier of updated httpdirfs-fuse package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 25 Feb 2023 12:29:09 -0500
Source: httpdirfs-fuse
Architecture: source
Version: 1.2.5-1
Distribution: unstable
Urgency: medium
Maintainer: Jérôme Charaoui <jer...@riseup.net>
Changed-By: Jérôme Charaoui <jer...@riseup.net>
Closes: 1031744
Changes:
httpdirfs-fuse (1.2.5-1) unstable; urgency=medium
.
* New upstream version 1.2.5 (Closes: #1031744)
* d/control: bump debhelper-compat to 13
* d/rules: ubsan is not used anymore
* d/watch: fix filenamemangle
Checksums-Sha1:
f50cc469848b3d0ba3f62a9f89a864ce94d3897a 1498 httpdirfs-fuse_1.2.5-1.dsc
ee080d40573c2826a42cedb49359929364d58cc8 76724 httpdirfs-fuse_1.2.5.orig.tar.gz
bb83029e865619c18b46e7fd448dded27d904ae6 3164
httpdirfs-fuse_1.2.5-1.debian.tar.xz
a6bc4a993d3bdc5eb6705ce353e995fe7a76cb10 6631
httpdirfs-fuse_1.2.5-1_amd64.buildinfo
Checksums-Sha256:
7b62d902cd2ded82ab5fccde7037ed9b8b75460fb56f35b7dec0d8ab238dd67a 1498
httpdirfs-fuse_1.2.5-1.dsc
d0a85600c3813064ba3cad9491b66fcf458151a49d3926818f5458ab6f615038 76724
httpdirfs-fuse_1.2.5.orig.tar.gz
3a133df3665835e9b693b7a84e47178a89a2311822c282e4884e52a818640ffe 3164
httpdirfs-fuse_1.2.5-1.debian.tar.xz
8ced794a367f9ca4a6a934e1639bef7cc7069073195e3c92892e2eea8d7dd5eb 6631
httpdirfs-fuse_1.2.5-1_amd64.buildinfo
Files:
1384d81aad29d81f2c845d5505fc649a 1498 utils optional httpdirfs-fuse_1.2.5-1.dsc
77910de057b196ed7b3714f7a0698203 76724 utils optional
httpdirfs-fuse_1.2.5.orig.tar.gz
1c293662fb568f6020195eac9e02a2a4 3164 utils optional
httpdirfs-fuse_1.2.5-1.debian.tar.xz
6ff3deebdf13565511504846ff6557b7 6631 utils optional
httpdirfs-fuse_1.2.5-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQTAq04Rv2xblqv/eu5pxS9ljpiFQgUCY/pGgQAKCRBpxS9ljpiF
Qmr+AQCHMo2obL61fedl/kc7/3WYwuw3MchnU0jmFRhWM3kkpgD9H+pxB96em72q
I5sN5X7EBF2IsHQ4Cxdkws7u2DqUtg0=
=ahf7
-----END PGP SIGNATURE-----
--- End Message ---
