Your message dated Sun, 09 Jun 2013 09:19:56 +0000 with message-id <[email protected]> and subject line Bug#708202: fixed in safe-rm 0.10-1 has caused the Debian Bug report #708202, regarding [safe-rm] Insecure {IFS} to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 708202: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708202 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: safe-rm Version: 0.8-6 Severity: normal Tags: patch --- Please enter the report below this line. --- Hi, Francois! I've been able to reproduce this bug since the squeeze days, and have applied the attached patch locally. Now that I'm on wheezy I figured I should have reported this before: Now and then I get the following error while doing different tasks, but I could reproduce it easily by running `mk-build-deps' from the package devscripts: Insecure $ENV{IFS} while running with -t switch at /usr/bin/rm line 110. Insecure dependency in system while running with -t switch at /usr/bin/rm line 110. The patch is simple, but it makes safe-rm use the default value for IFS: $ set | grep ^IFS= Regards! Teresa e Junior --- System information. --- Architecture: i386 Kernel: Linux 3.8-13.dmz.1-liquorix-686 Debian Release: 7.0 500 unstable liquorix.net 500 stable www.deb-multimedia.org 500 stable security.debian.org 500 stable ftp.debian.org 500 stable deb.opera.com 500 precise ppa.launchpad.net 200 wheezy-backports ftp.debian.org --- Package information. --- Depends (Version) | Installed ==========================-+-=========== debconf (>= 0.5) | 1.5.49 OR debconf-2.0 | Package's Recommends field is empty. Package's Suggests field is empty.--- /usr/bin/safe-rm~ 2010-05-20 00:00:00.000000000 -0300 +++ /usr/bin/safe-rm 2011-05-28 19:34:25.218844678 -0300 @@ -107,6 +107,7 @@ } # Run the real rm command, returning with the same error code +$ENV{IFS} = " \t\n"; my $status = system $real_rm, @allowed_args; my $errcode = $status >> 8; exit $errcode;
--- End Message ---
--- Begin Message ---Source: safe-rm Source-Version: 0.10-1 We believe that the bug you reported is fixed in the latest version of safe-rm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier <[email protected]> (supplier of updated safe-rm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 09 Jun 2013 19:45:48 +1200 Source: safe-rm Binary: safe-rm Architecture: source all Version: 0.10-1 Distribution: unstable Urgency: low Maintainer: Francois Marier <[email protected]> Changed-By: Francois Marier <[email protected]> Description: safe-rm - wrapper around the rm command to prevent accidental deletions Closes: 708202 Changes: safe-rm (0.10-1) unstable; urgency=low . * New upstream release (closes: #708202) * Bump Standards-Version up to 3.9.4 * Use canonical VCS URLs in debian/control Checksums-Sha1: bc8c9598a8131ce0c6629be1b27560721412aa48 1839 safe-rm_0.10-1.dsc 6b829ae68e1fa3c8016e15ab37fcc08caef7712f 15974 safe-rm_0.10.orig.tar.gz cb7e761d87b07ce398fb96c309c37def3ab5452b 13715 safe-rm_0.10-1.debian.tar.gz 299787d039512a1468776e17e04291abde07219d 18246 safe-rm_0.10-1_all.deb Checksums-Sha256: 3d938583dabb2cb99f039fdd915dc6331216efe8ae69ced6363989684edbc0a0 1839 safe-rm_0.10-1.dsc be561121f98c3fef45ce2456455b45bfe33116a8e763b667d167bcb0e9ab5576 15974 safe-rm_0.10.orig.tar.gz a6015c63200b97753669b6a844c12dae93ada4eaa1a9d94ecda5b57c48777666 13715 safe-rm_0.10-1.debian.tar.gz b7ed83f45a5961d534877abcd53c6ff11802f3cd5cb560f93b992a7df04b90fc 18246 safe-rm_0.10-1_all.deb Files: 2451c09d548a7ab4d0745d22d96b07cc 1839 utils optional safe-rm_0.10-1.dsc 0fc2e556a74c96ff0d3a828a58b6c960 15974 utils optional safe-rm_0.10.orig.tar.gz 83603ca5b72e357c9266492e2940802b 13715 utils optional safe-rm_0.10-1.debian.tar.gz 6771d5d709450be13c687fef36407d41 18246 utils optional safe-rm_0.10-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRtDNuAAoJEBYoHy4AfJjR11cQALVw7qgtT+6H3WtTkyfXDgf2 vKxqo+p4JEgWFFCZrwedyN/p21JNtcxDgB8JHrVqnbvGOCiCEKEHDqQLeksWyP33 uxdNLcF0RLMrp4GTJ+ZJczL/n6IPhHJL/cZsRX9V2j/7m05dsFUdSuJnaDOMSttZ 7+rSTfFL3cjYNg8ONuexMOdnvQCEZGx+faovndEJirFFhDxkwSeydawGkBJ+kJhL g3xyf3kX7DdiIq+wpsXPNN6POC/8iTVHtGBXJfmSiOMSCutxQoCh2X0A6LVP6Vgx kgdjLfGICk2Vq+w+7lflpc5xf0esUIv6LQqlKz3V9e6iWLK7ru+Tn35I1ZkSbBKJ GZg0FIH+oEbes+Vy4oBPb3MhTNXyw8FwqGQDvsweUydFJ7c+2xxojc9AIyCOh7+p n6n98qmZaBTAx4fEx3e0VkDWi5ogDD/bFwe6S28EP+EKP4xzSeuPWJxC4EhUR8HT +FF5Xcl4+mhMSvSjkiyYD4AH/SQFxEmD2RISgzgoLHyI9RJ0I+XjYWjgN/FmO48v 2ZXoykIQBRDOOKlhfGj3fcq+3gDVg6iDmnaCnVBRBo+KSPSP3blWn0n3cQP6ju94 CaIx3MRAr+XDu/oEH1m+TNrKLLCcDhEtYUo1yN4RhP6y1ZikqUGnUdVtt0XFw3IT 9+GxGODwXT8/YjxTQVHc =QVCA -----END PGP SIGNATURE-----
--- End Message ---
