Your message dated Fri, 09 May 2008 12:02:02 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#476321: fixed in cecilia 2.0.5-2.1 has caused the Debian Bug report #476321, regarding cecilia: CVE-2008-1832 insecure tmp file usage to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 476321: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476321 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: cecilia Version: 2.0.5-2 Severity: grave Tags: security Justification: user security hole lib/prefs.tcl does, at line 185: catch {exec $csound >& /tmp/csvers} set f [open /tmp/csvers r] A malicious user could create /tmp/csvers as a symlink to another file, and when cecilia is started, that data would get destroyed. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages cecilia depends on: ii csound 1:5.08.0.dfsg2-1 powerful and versatile sound synth ii tk8.4 8.4.18-1 Tk toolkit for Tcl and X11, v8.4 - cecilia recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: cecilia Source-Version: 2.0.5-2.1 We believe that the bug you reported is fixed in the latest version of cecilia, which is due to be installed in the Debian FTP archive: cecilia_2.0.5-2.1.diff.gz to pool/main/c/cecilia/cecilia_2.0.5-2.1.diff.gz cecilia_2.0.5-2.1.dsc to pool/main/c/cecilia/cecilia_2.0.5-2.1.dsc cecilia_2.0.5-2.1_all.deb to pool/main/c/cecilia/cecilia_2.0.5-2.1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Steffen Joeris <[EMAIL PROTECTED]> (supplier of updated cecilia package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 09 May 2008 11:47:07 +0000 Source: cecilia Binary: cecilia Architecture: source all Version: 2.0.5-2.1 Distribution: unstable Urgency: high Maintainer: Free Ekanayaka <[EMAIL PROTECTED]> Changed-By: Steffen Joeris <[EMAIL PROTECTED]> Description: cecilia - graphic user interface for CSound Closes: 476321 Changes: cecilia (2.0.5-2.1) unstable; urgency=high . * Non-maintainer upload by the security team * Include 13CVE-2008-1832.dpatch to fix insecure tmp file handling, which allows a symlink attack (Closes: #476321) Fixes: CVE-2008-1832 Checksums-Sha1: 40ee3ffde9ed450ed198041b854d4692971894bf 1023 cecilia_2.0.5-2.1.dsc 4054cf14f8dd530825958ed993fa938a63c8ffa8 13397 cecilia_2.0.5-2.1.diff.gz f9518a463de806a428f6563fb64835db7e220534 1654124 cecilia_2.0.5-2.1_all.deb Checksums-Sha256: 21b43c87f7f855fc454251677b130df9800e52b2e3bfc2c3e50ebce0027b2729 1023 cecilia_2.0.5-2.1.dsc 67af098abfe27b2d0a04b9f8531e1656c07642943fef89240c3cddd9da0ad0a1 13397 cecilia_2.0.5-2.1.diff.gz c7240af8be18ca79621bcfb560a5dd2f46bd107084a0fca57455a7bd14f4d708 1654124 cecilia_2.0.5-2.1_all.deb Files: 7adbf654c3055a6d0ca42739c4ca6679 1023 sound optional cecilia_2.0.5-2.1.dsc cb3a02fc51b07fb218b18405466657bd 13397 sound optional cecilia_2.0.5-2.1.diff.gz b6d6b071b6708f22cb218c42ecedaef3 1654124 sound optional cecilia_2.0.5-2.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIJDvU62zWxYk/rQcRAoSkAKC2ebqLKOt2rldCWTfcfWjpHGnQIACeKCgE tiwhodasJnEi6GLSyu/nUaQ= =BeHD -----END PGP SIGNATURE-----
--- End Message ---
