Your message dated Wed, 04 Apr 2007 20:32:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#415535: fixed in atris 1.0.7.dfsg.1-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: atris
Version: 1.0.7.dfsg.1-3
Severity: serious
[EMAIL PROTECTED]:~$ ls -l .atrisrc
-rw-rw-rw- 1 jbr games 518 2007-03-18 12:48 .atrisrc
This is a security issue, although not of the system-hijacking
variety: a world-writable file lets any local process perform a
Denial of Service by filling the partition. This on its own might
not rate a DSA, but bearing in mind that atris itself can function
as a network client/server (exposed to whatever exploits a bad loser
in a foreign country/OS might devise) I think it needs to count as
an RC bug.
I don't speak enough C to be sure where the problem is, but perhaps
where it writes out its its rcfile there should be some use of umask?
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18.hurakan
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages atris depends on:
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libsdl-ttf2.0-0 2.0.8-3+b1 ttf library for Simple DirectMedia
ii libsdl1.2debian 1.2.11-8 Simple DirectMedia Layer
ii ttf-freefont 20060501cvs-10 Freefont Serif, Sans and Mono True
atris recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: atris
Source-Version: 1.0.7.dfsg.1-5
We believe that the bug you reported is fixed in the latest version of
atris, which is due to be installed in the Debian FTP archive:
atris_1.0.7.dfsg.1-5.diff.gz
to pool/main/a/atris/atris_1.0.7.dfsg.1-5.diff.gz
atris_1.0.7.dfsg.1-5.dsc
to pool/main/a/atris/atris_1.0.7.dfsg.1-5.dsc
atris_1.0.7.dfsg.1-5_amd64.deb
to pool/main/a/atris/atris_1.0.7.dfsg.1-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pascal Giard <[EMAIL PROTECTED]> (supplier of updated atris package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 04 Apr 2007 15:52:17 -0400
Source: atris
Binary: atris
Architecture: source amd64
Version: 1.0.7.dfsg.1-5
Distribution: unstable
Urgency: low
Maintainer: Pascal Giard <[EMAIL PROTECTED]>
Changed-By: Pascal Giard <[EMAIL PROTECTED]>
Description:
atris - tetris-like game with a twist for Unix
Closes: 415535
Changes:
atris (1.0.7.dfsg.1-5) unstable; urgency=low
.
* [debian/patches/05-atris-1.0.7.atrisrc.perms.fix.diff]:
- Fixed ~/.atrisrc permissions to 644 using umask (closes: bug#415535).
Files:
1304aeede5d096aeab087e864e8e2327 649 games optional atris_1.0.7.dfsg.1-5.dsc
9b1d1890d1bd8db54351328062f08601 6836 games optional
atris_1.0.7.dfsg.1-5.diff.gz
215c0ff377d70acf092df96ad092b896 321668 games optional
atris_1.0.7.dfsg.1-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGFAWs1Lfd97FsypURAkxtAKCdKq3v7U5VWasyP8WlOzOmFJzO+ACfbcmt
RdYd48wBJtIvSMustPZHyrg=
=AWA0
-----END PGP SIGNATURE-----
--- End Message ---
