Your message dated Mon, 18 Jun 2012 16:47:24 +0000
with message-id <[email protected]>
and subject line Bug#668710: fixed in gajim 0.15-1.1
has caused the Debian Bug report #668710,
regarding gajim: CVE-2012-2093 insecure temporary file creation in LaTeX support
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
668710: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668710
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gajim
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gajim.
CVE-2012-2093[0]:
It was discovered that gajim is insecurely creating predictable file names
when converting LaTeX to png images. An attacker can exploit this flaw to
overwrite files of the user with a symlink attack.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2093
http://security-tracker.debian.org/tracker/CVE-2012-2093
--
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
pgpWCXFIfAbuD.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: gajim
Source-Version: 0.15-1.1
We believe that the bug you reported is fixed in the latest version of
gajim, which is due to be installed in the Debian FTP archive:
gajim_0.15-1.1.diff.gz
to main/g/gajim/gajim_0.15-1.1.diff.gz
gajim_0.15-1.1.dsc
to main/g/gajim/gajim_0.15-1.1.dsc
gajim_0.15-1.1_all.deb
to main/g/gajim/gajim_0.15-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <[email protected]> (supplier of updated gajim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 16 Jun 2012 18:22:00 +0200
Source: gajim
Binary: gajim
Architecture: source all
Version: 0.15-1.1
Distribution: unstable
Urgency: high
Maintainer: Yann Leboulanger <[email protected]>
Changed-By: Luk Claes <[email protected]>
Description:
gajim - Jabber client written in PyGTK
Closes: 668710
Changes:
gajim (0.15-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix CVE-2012-2093: insecure use of temporary files when convering LaTeX
IM messages to png images. Closes: #668710
Checksums-Sha1:
50926c2a09be62e9c1673aa36e4ff6716ea258b3 1184 gajim_0.15-1.1.dsc
b1fd6a568c4ecd98dc4aa9258f4325bc7f01b681 6265 gajim_0.15-1.1.diff.gz
e9f3014e7e5fb6980e12024990084d7815aeb768 4663126 gajim_0.15-1.1_all.deb
Checksums-Sha256:
7d73e83b9a21c802979b1322f3ae9030c063373c764ad971cacb80e787d31400 1184
gajim_0.15-1.1.dsc
33078b7857e196928cd97e6b3dd8ed21ae3ef055b9a0a8721d5b620220acbdbe 6265
gajim_0.15-1.1.diff.gz
3ac7ae2337c3b9f218ba1a6fc6a5727f64c8fc7549703187dc46a178d1646b6b 4663126
gajim_0.15-1.1_all.deb
Files:
e1f57efb428016afd9f7c47db2303365 1184 net optional gajim_0.15-1.1.dsc
c74757cd427334740bc01a3fef7778e9 6265 net optional gajim_0.15-1.1.diff.gz
c837201ff31a87346fbd230f81386f1b 4663126 net optional gajim_0.15-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk/ctH8ACgkQ5UTeB5t8Mo2EUACgrI5a6igReIO1oAbGhSXRwf5D
VxQAn0+1HE43ri7ouJJT8ts9qHeuKf2t
=S/Je
-----END PGP SIGNATURE-----
--- End Message ---
