Your message dated Sat, 03 Jan 2009 19:52:22 +0000
with message-id <[email protected]>
and subject line Bug#506496: fixed in tkman 2.2-2etch1
has caused the Debian Bug report #506496,
regarding CVE-2008-5137: allows local users to overwrite arbitrary files via a
symlink attack
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
506496: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506496
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tkman
Version: 2.2-1
Severity: important
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for
tkman.
CVE-2008-5137[1]:
> tkman in tkman 2.2 allows local users to overwrite arbitrary files via a
> symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.
If you fix the vulnerability please also make sure to include the CVE id in
the changelog entry.
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5137
http://security-tracker.debian.net/tracker/CVE-2008-5137
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: tkman
Source-Version: 2.2-2etch1
We believe that the bug you reported is fixed in the latest version of
tkman, which is due to be installed in the Debian FTP archive:
tkman_2.2-2etch1.diff.gz
to pool/main/t/tkman/tkman_2.2-2etch1.diff.gz
tkman_2.2-2etch1.dsc
to pool/main/t/tkman/tkman_2.2-2etch1.dsc
tkman_2.2-2etch1_all.deb
to pool/main/t/tkman/tkman_2.2-2etch1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Maximiliano Curia <[email protected]> (supplier of updated tkman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 15 Dec 2008 14:55:05 -0200
Source: tkman
Binary: tkman
Architecture: source all
Version: 2.2-2etch1
Distribution: stable
Urgency: low
Maintainer: Maximiliano Curia <[email protected]>
Changed-By: Maximiliano Curia <[email protected]>
Description:
tkman - A graphical, hypertext manual page and Texinfo browser
Closes: 506496
Changes:
tkman (2.2-2etch1) stable; urgency=low
.
* Fixed CVE-2008-5137, by calling mktemp.
(+ debian/patches/07_use-mktemp.dpatch) (Closes: #506496)
Files:
d6905c1a7326fdecaca57313da801730 581 doc optional tkman_2.2-2etch1.dsc
8e021e87d63cfb75fa67af1dadd61273 14219 doc optional tkman_2.2-2etch1.diff.gz
e9ed7d37c7d9e6e1734d85d462e9b25a 196426 doc optional tkman_2.2-2etch1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklGj1gACgkQIntwtlWVB0rx/QCffeCiYfsC7Rh0g6UHHjrN0ZWm
qJ4AmQFpFBDB0HOJQFhuWtZhjcziLw8S
=Ck3R
-----END PGP SIGNATURE-----
--- End Message ---
