Your message dated Wed, 16 Mar 2016 16:49:38 +0000 with message-id <[email protected]> and subject line Bug#679323: fixed in manpages 4.05-1 has caused the Debian Bug report #679323, regarding clearenv(3): implies that it's a security tool to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 679323: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679323 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: manpages-dev Severity: normal I was researching ways to securely purge environment variables, e.g. where they're used to pass credentials. clearenv(3) says in the NOTES section: Used in security-conscious applications. If it is unavailable the assignment environ = NULL; will probably do. The implementation in glibc just frees the memory and sets the environ pointer to NULL. Neither this, nor environ = NULL will actually overwrite the memory used for the environment, so it's misleading to say that it's used in security-conscious applications. The environment needs to be zeroed out in order to be securely cleared. -- - mdz
--- End Message ---
--- Begin Message ---Source: manpages Source-Version: 4.05-1 We believe that the bug you reported is fixed in the latest version of manpages, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dr. Tobias Quathamer <[email protected]> (supplier of updated manpages package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 16 Mar 2016 17:23:06 +0100 Source: manpages Binary: manpages manpages-dev Architecture: source all Version: 4.05-1 Distribution: unstable Urgency: medium Maintainer: Martin Schulze <[email protected]> Changed-By: Dr. Tobias Quathamer <[email protected]> Description: manpages - Manual pages about using a GNU/Linux system manpages-dev - Manual pages about using GNU/Linux for development Closes: 285444 679323 756599 780544 794876 797479 Changes: manpages (4.05-1) unstable; urgency=medium . * Imported Upstream version 4.05 - write.2: Document behaviour on tty devices. (Closes: #797479) - clearenv.3: Clarify the use and effect of clearenv(). (Closes: #679323) - perror.3: Suggest use of strerror(3) in place of deprecated 'sys_errlist'. (Closes: #794876) - printf.3: Remove stray asterisk in "NAN*". (Closes: #756599) - unicode.7: Document "Private Use Areas". (Closes: #285444) * Do not install sk98lin.4 (Closes: #780544) * Refresh patches * Remove obsolete installation script * Update d/copyright and d/watch Checksums-Sha1: 85e65694045ac087c6c417b7cd55c7d997613572 1954 manpages_4.05-1.dsc 629065a7d408bb272f6d605943341746e2cea3d9 1452936 manpages_4.05.orig.tar.xz d2d0096332f9f58b0eeb88a579071f74483dde54 74596 manpages_4.05-1.debian.tar.xz 8a77706f318e19f9635dedccd5be4c5b8ae22727 2076882 manpages-dev_4.05-1_all.deb c8d4b68da8404413f5fdbcd42c19879bed8451ed 1133302 manpages_4.05-1_all.deb Checksums-Sha256: 80ec7e5a27ebb9825faf60de2486cd18463a5953dbf73ef479d014c1234b7820 1954 manpages_4.05-1.dsc 460051b94c2a0a4d158276e5d3f68e7114cb5782a050d878645e33b81f56a60d 1452936 manpages_4.05.orig.tar.xz 70a6261ff6c9f05c00597e1a1534f89f6e681a828ec8532cccca95dea0831807 74596 manpages_4.05-1.debian.tar.xz a83b79f56d1a7bea87b9699bc6dc31040a79b4c24823648712e8e747d5df1ea5 2076882 manpages-dev_4.05-1_all.deb 68829d17643e3d2beba2c3b12d754a901489438d2e1986d70362e41e8f836bf1 1133302 manpages_4.05-1_all.deb Files: d3540f8a126aaa0eda7e88de3a55b966 1954 doc standard manpages_4.05-1.dsc 9c32c8487d753f5894f6fba425b12add 1452936 doc standard manpages_4.05.orig.tar.xz e8dbb5b1ffbf90e0cf813aa80013131e 74596 doc standard manpages_4.05-1.debian.tar.xz a3096a735d46d56aed8184be1eccb9b1 2076882 doc optional manpages-dev_4.05-1_all.deb ed97fa7858e548a82a95f1b1bfbfeedf 1133302 doc standard manpages_4.05-1_all.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJW6Y2VAAoJEBMC8fA26+sZ6hQP/ijEV8x4vCE/QIOaEL6Y1PA1 uEUQduS/H1u+rHBUckAet3+Oe+51Kl+Y8W5LbuuMJqvA+Mc2dr2w3ZtWANy2H13M vHNoeLCFXgDW3j5vOF4l6v26Sar4S8AWxNHJDB5PABy7/YGpiZXCMCNxR9xZ3JsV /mUv5RTymeamWUu5P9uZHxgz/atrxsnEpxbOdb/4jIaAjXi0A4CGy0sU6fbetAtr W9vdXT6iGZg3jmqBcXPVeW8akAzTHaDl/9/CXpPpntGdjvlA16pOxpafaj2pGEP8 6bG55hg3KXcixB08dahem9lqhzzXU/GtZFRcdlwkiYTM6DKUT9oc6EMvN/KG+q8o SACRGWdLdtM430Dp9cYGKrVLgj1cxDV66nhsi30Smz/mceIphKhyZaIhuH9PWB3n hAYspkD96qXJ22Ib5SHz5i4nKX0O6ge2HrvD0cADzc1XcGxsox7aHiTcZcZlu3bx nNUf78lbxiDBtwI8SwHjEpEwO/yzD6VSo7odkm+mX7S2zkdVSah/3N8blgk3CnY5 jf5bpzm/zC3J6+jw3lvcdQmlrynBKdBqfizuoEmNQjN9q9zqkPN9ms9/p8EHTQoV 1AHZ/rx3rYpEakmL2aaOVoYZDaTZ/eIv2NnCN+aNcjo11BqxsbkrZivebJXy2t1V QgaZXgWZY6kNJ3AG0xqc =g1WQ -----END PGP SIGNATURE-----
--- End Message ---
