Your message dated Sat, 07 Apr 2007 03:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#399226: fixed in yacas 1.0.57-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: yacas
Version: 1.0.57-2.4
Severity: serious
Tags: security
Hello Gopal,
yacas includes a binary with a rpath pointing to /tmp/yacas/usr/bin/yacas.
chrpath /usr/bin/yacas
/usr/bin/yacas: RPATH=/tmp/buildd/yacas-1.0.57/debian/yacas/usr/lib
This allows an attacker with write access to that directory to
add modified libraries which will be loaded when someone
else run yacas.
Cheers,
--
Bill. <[EMAIL PROTECTED]>
Imagine a large blue swirl here.
--- End Message ---
--- Begin Message ---
Source: yacas
Source-Version: 1.0.57-3
We believe that the bug you reported is fixed in the latest version of
yacas, which is due to be installed in the Debian FTP archive:
yacas-doc_1.0.57-3_all.deb
to pool/main/y/yacas/yacas-doc_1.0.57-3_all.deb
yacas-proteus_1.0.57-3_i386.deb
to pool/main/y/yacas/yacas-proteus_1.0.57-3_i386.deb
yacas_1.0.57-3.diff.gz
to pool/main/y/yacas/yacas_1.0.57-3.diff.gz
yacas_1.0.57-3.dsc
to pool/main/y/yacas/yacas_1.0.57-3.dsc
yacas_1.0.57-3_i386.deb
to pool/main/y/yacas/yacas_1.0.57-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Muammar El Khatib <[EMAIL PROTECTED]> (supplier of updated yacas package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 27 Feb 2007 13:57:58 -0400
Source: yacas
Binary: yacas-doc yacas-proteus yacas
Architecture: source i386 all
Version: 1.0.57-3
Distribution: unstable
Urgency: low
Maintainer: Muammar El Khatib <[EMAIL PROTECTED]>
Changed-By: Muammar El Khatib <[EMAIL PROTECTED]>
Description:
yacas - Computer Algebra System
yacas-doc - Documentation for Yacas
yacas-proteus - User interface for yacas based on fltk
Closes: 266283 295413 332298 333589 338164 376634 379261 379895 382783 399226
399227 405734
Changes:
yacas (1.0.57-3) unstable; urgency=low
.
* New maintainer. (Closes: #405734)
* Bump Standards-Version to 3.7.2.
* The yacas' rpatch to /tmp/buildd/yacas-1.0.57/debian/yacas/usr/lib has
been fixed using chrpath -d. (Closes: #399227)
* The yacas' rpath to /tmp/yacas/usr/bin/yacas has been fixed using chrpath
-d. Thanks to Michael Hanke for the patch. (Closes: #399226)
* Commented lines in rules file were removed since they were useless.
* Descriptions of the package were corrected because they didn't have the
webpage of the upstream author.
* The debhelper version was changed to >= 5.
* Added Build-depends on chrpath and dpatch.
* Added patch: 02_changing_Makefile_in.diff because in old uploads
Makefile.in was changed by hand and lsdiff complained.
* Acknowledge NMUs (Closes: #376634, #382783, #379261, #379895, #295413,
#266283, #332298, #333589, #338164)
* Thanks to Steffen Joeris.
Files:
402cb7c6b22cace243115452aeaa2b9f 733 math extra yacas_1.0.57-3.dsc
7dbe2a7d60e1c9820845008786ff01e5 906728 math extra yacas_1.0.57-3.diff.gz
931a27b8864361a68bdf06f33b038828 1109970 doc extra yacas-doc_1.0.57-3_all.deb
a3e88600b283ce4839edd7c49cfc534b 1162180 math extra yacas_1.0.57-3_i386.deb
035470822abb2e66a45a38c4646c3b8a 74540 math extra
yacas-proteus_1.0.57-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGFwoD62zWxYk/rQcRAm6OAJ9K66tjPwMT6icoY/s2eODq14abVACgwgfA
jeL5Zb79Eq/0GWFjTWgh9CM=
=RRPg
-----END PGP SIGNATURE-----
--- End Message ---
