Your message dated Tue, 04 Dec 2007 16:02:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#454073: fixed in zsh 4.3.4-dev-3-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: zsh
Version: 4.3.4-26
Severity: important
Tags: security
Hi,
referring to https://bugs.gentoo.org/show_bug.cgi?id=201022
the difflog.pl script shipped by zsh is prone to a symlink
attack. I verified this is also the case in the Debian
package of zsh.
I am waiting for a CVE id for this.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpaKl3AvRvAp.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: zsh
Source-Version: 4.3.4-dev-3-2
We believe that the bug you reported is fixed in the latest version of
zsh, which is due to be installed in the Debian FTP archive:
zsh-doc_4.3.4-dev-3-2_all.deb
to pool/main/z/zsh/zsh-doc_4.3.4-dev-3-2_all.deb
zsh_4.3.4-dev-3-2.diff.gz
to pool/main/z/zsh/zsh_4.3.4-dev-3-2.diff.gz
zsh_4.3.4-dev-3-2.dsc
to pool/main/z/zsh/zsh_4.3.4-dev-3-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Clint Adams <[EMAIL PROTECTED]> (supplier of updated zsh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 04 Dec 2007 10:17:27 -0500
Source: zsh
Binary: zsh zsh-dev zsh-static zsh-dbg zsh-doc
Architecture: source all
Version: 4.3.4-dev-3-2
Distribution: unstable
Urgency: high
Maintainer: Clint Adams <[EMAIL PROTECTED]>
Changed-By: Clint Adams <[EMAIL PROTECTED]>
Description:
zsh - A shell with lots of features
zsh-dbg - A shell with lots of features (debugging symbols)
zsh-dev - A shell with lots of features (development files)
zsh-doc - zsh documentation - info/HTML format
zsh-static - A shell with lots of features (static link)
Closes: 454073
Changes:
zsh (4.3.4-dev-3-2) unstable; urgency=high
.
* Stop shipping difflog.pl in the binary package. closes: #454073.
[CVE-2007-6209].
Files:
1e3d3ac6b030ed6b0c356360dd55184e 787 shells optional zsh_4.3.4-dev-3-2.dsc
0ebced284faee620e4bc2b65589191da 175148 shells optional
zsh_4.3.4-dev-3-2.diff.gz
22d92bc56400fa5e54ecd73745fb438a 2113812 shells optional
zsh-doc_4.3.4-dev-3-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Debian!
iD8DBQFHVXb25m0u66uWM3ARAtsHAKCz/OoUGb1SuOiivFCM9WXt9R3hTgCg23nN
G5EWHgpwwUakrss2PjbgrNg=
=hkvY
-----END PGP SIGNATURE-----
--- End Message ---
