Your message dated Fri, 18 Nov 2005 12:04:32 +0100
with message-id <[EMAIL PROTECTED]>
and subject line ser2net: package versions < 1.6-2 not compiled with libwrap
support, but the docs say so
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Nov 2002 20:59:19 +0000
>From [EMAIL PROTECTED] Thu Nov 14 14:59:18 2002
Return-path: <[EMAIL PROTECTED]>
Received: from ce06d.unt0.torres.ka0.zugschlus.de (torres.ka0.zugschlus.de)
[212.126.206.6] (mail)
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 18CR54-0000NE-00; Thu, 14 Nov 2002 14:59:18 -0600
Received: from mh by torres.ka0.zugschlus.de with local (Exim 3.35 #1)
id 18CR50-0005Ni-00; Thu, 14 Nov 2002 21:59:14 +0100
From: Marc Haber <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: ser2net: package versions < 1.6-2 not compiled with libwrap support,
but the docs say so
X-Mailer: reportbug 1.50
Date: Thu, 14 Nov 2002 21:59:14 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-0.1 required=5.0
tests=SPAM_PHRASE_01_02
version=2.41
X-Spam-Level:
Package: ser2net
Version: 1.5-2
Severity: normal
Tags: security woody
ser2net depends on libwrap support to provide security. This is
prominently mentioned in the documentation.
However, package version 1.5-2 and 1.6-1 have been compiled without
libwrap support. No information is currently available if older
versions of Debian ser2net packages have been properly built with
libwrap support.
Packages 1.6-2 and later do have proper build-depends and are built
with libwrap support.
Using vulnerable packages may result in granting world-wide access to
devices that are connected to your serial ports.
Fortunately, there is a number of workarounds available.
(1)
Use a packet filter to stop foreign systems from accessing your
ser2net ports.
(2)
Use a recompiled package. If you want to build your own package, pull
the sources from any Debian mirror (take stable or unstable whatever
pleases you), install build-essential, the Build-Depends: packages of
ser2net _AND_ (this is the important part) libwrap0-dev, and then
build the package as usual.
For woody, there are fixed packages of ser2net 1.5 (the upstream
version that was released with woody) and ser2net 1.6 (the current
upstream version) available:
deb http://q.bofh.de/~mh/debian/ ser2net-1.5/
deb-src http://q.bofh.de/~mh/debian/ ser2net-1.5/
deb http://q.bofh.de/~mh/debian/ ser2net-1.6/
deb-src http://q.bofh.de/~mh/debian/ ser2net-1.6/
Binary packages are i386 only, sorry.
The packages are signed with my official Debian key to verify their
authenticity. They are as authentic as the packages that are available
on the Debian archive.
There is a fixed version in unstable. There is currently no fixed
version available for testing, you'll have to recompile the version
from unstable yourself until 1.6-2 is promoted to testing.
I apologize.
Greetings
Marc
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux torres 2.4.19-psmp #1 Wed Aug 21 13:11:37 UTC 2002 i586
Locale: LANG=C, LC_CTYPE=de_DE
---------------------------------------
Received: (at 169136-done) by bugs.debian.org; 18 Nov 2005 11:04:37 +0000
>From [EMAIL PROTECTED] Fri Nov 18 03:04:37 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 5301d.unt0.torres.l21.ma.zugschlus.de
([217.151.83.1] helo=torres.zugschlus.de ident=Debian-exim)
by spohr.debian.org with esmtp (Exim 4.50)
id 1Ed42n-00088t-9N
for [EMAIL PROTECTED]; Fri, 18 Nov 2005 03:04:37 -0800
Received: from lefler.int.l21.ma.zugschlus.de ([192.168.130.38])
by torres.zugschlus.de with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.54)
id 1Ed42i-0000mT-NT; Fri, 18 Nov 2005 12:04:33 +0100
Received: from mh by lefler.int.l21.ma.zugschlus.de with local (Exim 4.54)
id 1Ed42i-00076i-6p; Fri, 18 Nov 2005 12:04:32 +0100
Date: Fri, 18 Nov 2005 12:04:32 +0100
From: Marc Haber <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: Marc Haber <[EMAIL PROTECTED]>
Subject: Re: ser2net: package versions < 1.6-2 not compiled with libwrap
support, but the docs say so
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.11
X-Spam-Score: (----) -4.7
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
Version: 1.6-2
ser2net (1.6-2) unstable; urgency=low
* Build-Depend: libwrap0-dev
* Now compiled with libwrap as the docs suggest
-- Marc Haber <[EMAIL PROTECTED]> Tue, 12 Nov 2002 14:34:32
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
