Your message dated Fri, 28 Feb 2025 10:21:43 +0000
with message-id <[email protected]>
and subject line Bug#930916: fixed in gkrellweather 2.0.8-3
has caused the Debian Bug report #930916,
regarding gkrellweather: GrabWeather uses http instead of https
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
930916: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930916
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gkrellweather
Version: 2.0.8-2.1
Severity: important
Tags: security
/usr/share/gkrellm/GrabWeather uses
$WeatherSrc = 'http://tgftp.nws.noaa.gov/data/observations/metar/decoded';
while the URL is now in https.
In particular, the requested URL contains private information:
the station ID, giving information on the user's location (the
IP address of the user may also give such information, but not
necessarily).
Moreover, the document contents could be changed by an attacker,
and there is little sanitization...
-- System Information:
Debian Release: 10.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500,
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gkrellweather depends on:
ii gkrellm 2.3.10-2+b1
ii libc6 2.28-10
ii libglib2.0-0 2.58.3-2
ii libgtk2.0-0 2.24.32-3
ii libwww-perl 6.36-2
ii perl 5.28.1-6
ii wget 1.20.1-1.1
gkrellweather recommends no packages.
gkrellweather suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: gkrellweather
Source-Version: 2.0.8-3
Done: Andreas Tille <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gkrellweather, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated gkrellweather package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 18 Feb 2025 10:28:09 +0100
Source: gkrellweather
Architecture: source
Version: 2.0.8-3
Distribution: unstable
Urgency: medium
Maintainer: Package Salvaging Team <[email protected]>
Changed-By: Andreas Tille <[email protected]>
Closes: 846370 901536 930916 1094441
Changes:
gkrellweather (2.0.8-3) unstable; urgency=medium
.
* Team upload.
.
[ Andreas Tille ]
* Maintain package in Salvage team
Closes: #1094441
* ACK NMU (Closes: #846370)
* Set Homepage to GKrellM plugins
* Add fake watch file
* d/copyright: DEP5
* Secure URL for site weather data is fetched from
Closes: #930916
* No article in short description
* Standards-Version: 4.7.0 (routine-update)
* debhelper-compat 13 (routine-update)
* Remove trailing whitespace in debian/changelog (routine-update)
* Remove trailing whitespace in debian/control (routine-update)
* Trim trailing whitespace.
* Avoid explicitly specifying -Wl,--as-needed linker flag.
.
[ Helmut Grohne ]
* Do not hard code build architecture pkg-config
Closes: #901536
Checksums-Sha1:
6d097ccaf6652e6ea3f23e12e624e51c563719a6 2022 gkrellweather_2.0.8-3.dsc
de0e96602661cdb2394c48df414ed7fa635ec8ba 5452
gkrellweather_2.0.8-3.debian.tar.xz
b7644e6a6dbdc27a031188980163f0b8d2a24eaa 12090
gkrellweather_2.0.8-3_amd64.buildinfo
Checksums-Sha256:
d9112cb3fab5b400dd490a3307ef2e4c15a1d1ebe1caae6b29f8d3663dd49f55 2022
gkrellweather_2.0.8-3.dsc
73be4c4151ee0d6942f3536bbe64c00da61d23080e563472fb307334688b6510 5452
gkrellweather_2.0.8-3.debian.tar.xz
b99ca24464ec2aef85522a11abef4e486b76d5f45b843ae38c394fae556ee83f 12090
gkrellweather_2.0.8-3_amd64.buildinfo
Files:
bbb79900c60a62a063464400d9c207f3 2022 x11 optional gkrellweather_2.0.8-3.dsc
c8c3b17d13f53b08ae8c78d2a9b23540 5452 x11 optional
gkrellweather_2.0.8-3.debian.tar.xz
8abf171cddf55d3a8723472082a1f183 12090 x11 optional
gkrellweather_2.0.8-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAme0UysRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtGozBAAgLH30ute7ZoOILrTvzp4vdYOxr857usk
fmgzq3ZL+cRliKqlxEg6KTZ/G+pT/HQ8KVimfWrZJKZdQHNNZVZcpET5PFK3caub
4Vg/XTc+RZgv5HepuNNHVDf4qClNrU8JeH2TRttoN3mK7zvbHKWmFDEu1rXcfcm9
uvoRIPRK0aFdhl10lVWef3kBtCeYPSNcXHgArDFBBf5a0XZAYfFO7rjRmqCkAPWF
YIngwSUcv5QQuXD/vEXqrpNqbSt0En9Er0r056V+TQiW9lTBTLrADgTc+KygVq5F
tRT9JSVgZhipKVwDoTob5y8wTqfyPreXvPhREI+MLnsE+eLhrP2SQ0kJPC2qaGbf
3JlDP0P9WRjOKEDgEilh38sbhfkenPfGs15qzwp95svgQdUtcTcf9bDGijR5c3Bq
G2hvKCUYM1Ca6WTcmxAkC5g7bCPLk79sutrJFisFHI9bazwcj2agv7uObhsNtYsG
eHLVywOaBkDcr1CePAXpfhvoysqEawornzgsfkGm20j2a9Sh9DWvw7Yqs+IIjjaV
DvCzeLGtiNR7WyYB/5L7UQ8WR6iLowpO/78AbytteSRBIbgt9e5hxjRgIFYN7g7T
THZszyuLR7YqoBqvJHx9zEQxyfGBnFBvUDuRYWPIGA2MBYFIjViT+U/J1j4Z5nLo
UiKBlzV6Gd8=
=lrSB
-----END PGP SIGNATURE-----
pgpZn_rMgcP9H.pgp
Description: PGP signature
--- End Message ---
