Your message dated Thu, 15 Nov 2012 20:49:03 +0000
with message-id <[email protected]>
and subject line Bug#692737: fixed in suckless-tools 39-1
has caused the Debian Bug report #692737,
regarding suckless-tools: newer slock versions prevents unwanted exposure of
passwords
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
692737: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692737
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: suckless-tools
Version: 38-2
Severity: grave
Justification: user security hole
Hey,
this package has not updated any of the tools included since two years.
Please package newer tools, especially but most important slock.
The current version of slock has no indication whatsoever that a screen lock is
active.
After a longer idle period of the display, it is therefore impossible to
distinguish between a locked
screen and an inactive screen. As a result, it is not too difficult to write
your password somewhere
you don't want to because you assumed the screen was locked.
Hence I marked this as grave, this happened to me multiple times.
Newer slock versions have a color indication once you hit the first key on the
keyboard that shows
you that the lock is active.
Kind regards
Nico
--- End Message ---
--- Begin Message ---
Source: suckless-tools
Source-Version: 39-1
We believe that the bug you reported is fixed in the latest version of
suckless-tools, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vasudev Kamath <[email protected]> (supplier of updated suckless-tools
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 15 Nov 2012 12:28:34 +0530
Source: suckless-tools
Binary: suckless-tools
Architecture: source i386
Version: 39-1
Distribution: experimental
Urgency: low
Maintainer: Vasudev Kamath <[email protected]>
Changed-By: Vasudev Kamath <[email protected]>
Description:
suckless-tools - simple commands for minimalistic window managers
Closes: 378175 610478 627662 636030 642307 650573 650574 658386 665884 667796
692737
Changes:
suckless-tools (39-1) experimental; urgency=low
.
[ Michael Stummvoll ]
* Added manpage for dmenu_run (Closes: #610478)
* Updated manpages for slock, ssid, swarp and wmname (Closes: #636030)
* Updated manpage for sselp (Closes: #378175)
* Removed st from the package. Suggests stterm now. Since st is
no longer part of this package it doesn't install st.256color.
(Closes: #642307,#665884)
* Fixed a typo in the wmname manpage
* Added some docs
.
[ Vasudev Kamath ]
* debian/control:
+ Increased minimum debhelper required to 9
+ Bumped Standards-Version to 3.9.4. This did not require any change
to package.
+ Added Michael Stummvoll as Uploader
+ Added dependency on dpkg-dev >= 1.16.1.1 to introduce hardening flags
using dpkg-buildflags.
* Set debian/compat to 9
* Created new version 39
+ Imported new version of lsw (Closes: #650573)
+ Updated dmenu (Closes: #650574, #658386)
+ Added sprop and lsx (Closes: #627662)
+ Imported new version of slock. This resolves CVE-2012-1620
(Closes: #667796, #692737)
+ Imported new version of tabbed
* debian/rules:
+ Added get-orig-source target to get upstream source tarball for included
package
* debian/patches:
+ Added patch to do setgid shadow instead of setuid root on slock Makefile
(01_fix_setuid_slock.patch).
+ Added patch to introduce hardening flags and allow
DEB_BUILD_OPTIONS=noopt
(02_dpkg-buildflags.patch).
+ Added patch to make command execution visible in Makefiles
(03_transparent-makefiles.patch).
+ Added patch to escape '-' symbol in manpage for tabbed and use temp files
in secure way (04_tabbed-manpage-hyphen-fix.patch).
* debian/README.source:
+ Updated this file with proper instruction on how to recreate the original
source tarballs required for package building.
* debian/create_orig_source shell script is added which will be invoked when
get-orig-source target in debian/rules is invoked
* debian/watch:
+ Empty watch file added with only version=3 string in it to avoid lintian
warning
* debian/README.slock.Debian:
+ This file is added giving instruction on how to use the slock command.
* debian/copyright:
+ Fixed the Copyright fields for lsw, dmenu, tabbed.
+ Changed short license name from MIT to Expat.
* Switched to source format 3.0 (quilt)
Checksums-Sha1:
afc13dceb1d911bd994718570e74e80113c9bc64 4657 suckless-tools_39-1.dsc
70c1a13b950b7b0cb1bc35e30c6e861a78359953 11543
suckless-tools_39.orig-dmenu.tar.gz
ae32c246216094b748cb2c3edd5ec1a4612a5434 2946 suckless-tools_39.orig-lsw.tar.gz
7a9f311873b0b1bd9d5f2b0772f64a2f15c68a9a 2130 suckless-tools_39.orig-lsx.tar.gz
3eb71d2ddabdfc9d7d6d4d6fbd39d2f83fad351e 4604
suckless-tools_39.orig-slock.tar.gz
aef9f869c9760152c745b8405a751460842394ac 2750
suckless-tools_39.orig-sprop.tar.gz
8a89cb11388f09458d7e9c549cdf394c8abada04 2562
suckless-tools_39.orig-sselp.tar.gz
f73e203aa6105b1288376758b7ced16f1cad4306 2072
suckless-tools_39.orig-ssid.tar.gz
0d602b971f3d9fe0197143a9106a5c2e5044fd01 2277
suckless-tools_39.orig-swarp.tar.gz
7529360b088df30b66f05aa960712f1feda46e91 9868
suckless-tools_39.orig-tabbed.tar.gz
7bce60306ccc9c9a5fc60d9874e81a013efa8871 2512
suckless-tools_39.orig-wmname.tar.gz
e1b9c9fbf43afc7ba3b7177dd25bf33cc7a25108 119 suckless-tools_39.orig.tar.gz
871f961b3750a5347eff0bc2b0c7a4080d70de8d 12268
suckless-tools_39-1.debian.tar.gz
e29d64e5aa936e01a57d0f7ad5babe97af0faec1 47914 suckless-tools_39-1_i386.deb
Checksums-Sha256:
b879864b776a37566caf9ceb5c6e2478d999272e6cf3118c2c2101a86554e871 4657
suckless-tools_39-1.dsc
082cd698d82125ca0b3989006fb84ac4675c2a5585bf5bb8af0ea09cfb95a850 11543
suckless-tools_39.orig-dmenu.tar.gz
307dcb49d5fd814ca58e3c7cae06008a0c68343b69847e59ddf0e34a555d5f60 2946
suckless-tools_39.orig-lsw.tar.gz
b30f8282f2de25bd59edb2dfdc033320539adf56199351a6b5d80e05965add94 2130
suckless-tools_39.orig-lsx.tar.gz
e04ae5070c646c78251780d386e14d16fd100367e877dd5cf616dc7aedd0e0e4 4604
suckless-tools_39.orig-slock.tar.gz
c1b786d9fbd81a57addd7e21a34c5a121543cbf9f38fe309e7b452ba94b69ab5 2750
suckless-tools_39.orig-sprop.tar.gz
cd0f95ec0eb571a6dd3c48ba3aa931080eb33bc81805bd72832cc04c01b8b822 2562
suckless-tools_39.orig-sselp.tar.gz
a4c477e58743ed04a7a68a76cd5863bf1919545d5a0fc5db6c6ccfa15134d1e6 2072
suckless-tools_39.orig-ssid.tar.gz
ef5730fe8ee00879cbec1e91e22a7f0f7817a63375d790d775f5b7427886d45f 2277
suckless-tools_39.orig-swarp.tar.gz
f6feeff380725b74482ffdb2aad5be632ecd9b5fa67c4a869debc4b71875f2f6 9868
suckless-tools_39.orig-tabbed.tar.gz
559ad188b2913167dcbb37ecfbb7ed474a7ec4bbcb0129d8d5d08cb9208d02c5 2512
suckless-tools_39.orig-wmname.tar.gz
79e67ac460a86dc11861ac8e0cc682134d5730d7a8e8d33d4f7aecb457a2d6e0 119
suckless-tools_39.orig.tar.gz
32a62726aa57d72a70a153b239b9942c576bce786fd7ddc6bdb9cddae0d708c8 12268
suckless-tools_39-1.debian.tar.gz
6148a7e7bfb739c300f05fd144fab08447a473d020f8469ddb4924b13e45d276 47914
suckless-tools_39-1_i386.deb
Files:
7d9e953ba0e5439151fb37badeea3003 4657 x11 optional suckless-tools_39-1.dsc
9c46169ed703732ec52ed946c27d84b4 11543 x11 optional
suckless-tools_39.orig-dmenu.tar.gz
5ddd61d04ff084a39494b2aa06c00b65 2946 x11 optional
suckless-tools_39.orig-lsw.tar.gz
d48fdce9868b13bf5ef3e7834768f89f 2130 x11 optional
suckless-tools_39.orig-lsx.tar.gz
e3b25abdfd54c81562de4d63d3565be7 4604 x11 optional
suckless-tools_39.orig-slock.tar.gz
7586fc99580a1f79194f2e83f9ef3e9e 2750 x11 optional
suckless-tools_39.orig-sprop.tar.gz
b74d6558790d8df897db40bca90bc0f6 2562 x11 optional
suckless-tools_39.orig-sselp.tar.gz
8740013208d79ef4d7ce7fe0c1f12e87 2072 x11 optional
suckless-tools_39.orig-ssid.tar.gz
b674dd2f33c45cbd789e4b6e09b7b55e 2277 x11 optional
suckless-tools_39.orig-swarp.tar.gz
855ee1245386193a17af3fb3fedf1281 9868 x11 optional
suckless-tools_39.orig-tabbed.tar.gz
6903d299f84d335e529fbd2c1d6e49fe 2512 x11 optional
suckless-tools_39.orig-wmname.tar.gz
cb587a38758f88c32eaa1d0fd6bb9be1 119 x11 optional suckless-tools_39.orig.tar.gz
ffa66a44df42bf0c2913bbd5e2db2662 12268 x11 optional
suckless-tools_39-1.debian.tar.gz
6d02a8705d2ed487383a226bbf6d00ca 47914 x11 optional
suckless-tools_39-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQpUTkAAoJEC1Os6YBVHX1uBMQAKpVp4JvSzOuIZA7/1W3Jkah
SJ4akfBKzPbVTFgnLOlXxpsDIU6O37VtfV1Jfx82CUG5AQUbrmdbojSVBWlxC9Qa
QlWm5otQkcppXPMwGIAQ3JMAQMw7roMp9ZAyA88kDiTmAsJ6I95EwUTDJjVkucCM
NKvCtH5kWrGLWj6zXfxdkiVmbTuDwzZF4R+hwIoypJT4tnmgfeWszSVlA2cjBYy4
ZTf/PzUyOZetzsru+iSjZLN4DGOh1U3ePjePzSEhPa7S/19IDL+20aAU+dim4edc
k3ra3NVUvW4RAB7rzhdJ0mZ0lt2sTzCmGGv42gxbGMtHPnnGsZfrqeh4g4as011m
iUOZsaOp6oDEMWqV74Q/9TkKYvpQHgirL/g4hn+im/m/0g17KiP+GSV1LilLs+fe
Oadin/lXvoc0pV0KBj/FSrlx9RHGdVOiOMi7ldIP99Yq9XqaLMORNVVHavn5/Rfy
80g00cYYW174v3P+4N99AJjAGZQnrgaNt8Myh7OAG8dyOAme9Eeo/6fuxiFT9Xdk
niAF7Kv/Cp3MyWEOVD1xd69viXz+RUzbXFLQIsvjySQAh2jO7qBDqzvZPHRcZM8w
DB/NBrO5HUPKQ3evj6LfjXrI7OGUJm/GPbaIc0bV0iT1j2u1RtCwGagC+9D120QH
Vvt2Fumkmfra2ZRGiYEB
=cYxB
-----END PGP SIGNATURE-----
--- End Message ---
