Your message dated Fri, 22 Aug 2008 21:33:45 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#494969: fixed in sympa 5.3.4-5.1 has caused the Debian Bug report #494969, regarding sympa: Leftover debug code may lead to data loss to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 494969: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: sympa Version: 5.2.3-1.2+etch1 Severity: critical Justification: causes serious data loss Tags: security Thanks to Dmitry E. Oboukhov, for spotting that the following code in Sympa leads to potential data loss due to symlink attacks (I think) : In wwsympa.fcgi : open TMP, ">/tmp/dump"; $document->dump(\*TMP); close TMP; open TMP, ">/tmp/dump2"; &tools::dump_var ($param, 0, \*TMP); close TMP; I'm not completely sure this may be called nor when, but if it may, then better not have /tmp/dump linked to something the CGI could write to. In any case, such code seems like debug to me, so should be removed I guess (to be notified upstream, too). Code in sympa.pl about --make_alias_file option may exhibit a similar vulnerability too, although that may not be invoked unless under admin control with a more or less changing filename... so may need more testing and analysis on that second one. Source : http://uvw.ru/report.lenny.txt, http://lists.debian.org/debian-devel/2008/08/msg00312.html Hope this helps, -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.24-openvz-24-004.1d1-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sympa depends on: ii adduser 3.108 add and remove users and groups ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii exim4-daemon-light [mail-tra 4.69-6 lightweight Exim MTA (v4) daemon pn libarchive-zip-perl <none> (no description available) ii libc6 2.7-13 GNU C Library: Shared libraries pn libcgi-fast-perl <none> (no description available) pn libcrypt-ciphersaber-perl <none> (no description available) pn libdbd-mysql-perl | libdbd-p <none> (no description available) ii libdbi-perl 1.605-1 Perl5 database interface by Tim Bu ii libfcgi-perl 0.67-2.1+b1 FastCGI Perl module ii libintl-perl 1.16-4 Uniforum message translations syst ii libio-stringy-perl 2.110-4 Perl modules for IO from scalars a ii libmailtools-perl 2.03-1 Manipulate email in perl programs pn libmd5-perl <none> (no description available) ii libmime-perl 5.427-1 transitional dummy package ii libmime-tools-perl [libmime- 5.427-1 Perl5 modules for MIME-compliant m pn libmsgcat-perl <none> (no description available) pn libnet-ldap-perl <none> (no description available) pn libtemplate-perl <none> (no description available) ii libxml-libxml-perl 1.66-1+b1 Perl module for using the GNOME li pn mhonarc <none> (no description available) ii perl [libmime-base64-perl] 5.10.0-11.1 Larry Wall's Practical Extraction pn perl-suid <none> (no description available) ii sysklogd [system-log-daemon] 1.5-5 System Logging Daemon Versions of packages sympa recommends: ii doc-base 0.8.16 utilities to manage online documen ii logrotate 3.7.1-3 Log rotation utility Versions of packages sympa suggests: ii apache2-mpm-prefork [httpd] 2.2.9-6 Apache HTTP Server - traditional n pn libapache-mod-fastcgi <none> (no description available) pn mysql-server | postgresql <none> (no description available) ii openssl 0.9.8g-12 Secure Socket Layer (SSL) binary a -- Olivier BERGER <[EMAIL PROTECTED]> http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
--- End Message ---
--- Begin Message ---Source: sympa Source-Version: 5.3.4-5.1 We believe that the bug you reported is fixed in the latest version of sympa, which is due to be installed in the Debian FTP archive: sympa_5.3.4-5.1.diff.gz to pool/main/s/sympa/sympa_5.3.4-5.1.diff.gz sympa_5.3.4-5.1.dsc to pool/main/s/sympa/sympa_5.3.4-5.1.dsc sympa_5.3.4-5.1_i386.deb to pool/main/s/sympa/sympa_5.3.4-5.1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christian Perrier <[EMAIL PROTECTED]> (supplier of updated sympa package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 21 Aug 2008 15:10:38 +0200 Source: sympa Binary: sympa Architecture: source i386 Version: 5.3.4-5.1 Distribution: unstable Urgency: low Maintainer: Stefan Hornburg (Racke) <[EMAIL PROTECTED]> Changed-By: Christian Perrier <[EMAIL PROTECTED]> Description: sympa - Modern mailing list manager Closes: 411983 473655 480987 491959 494969 495087 495572 495588 495723 Changes: sympa (5.3.4-5.1) unstable; urgency=low . * Non-maintainer upload. * Bug fix: "(re)configuring sympa won't define soap_url to non-fixed value", this time for good, hopefully (Closes: #411983). * Fix insecure files creation in /tmp, backporting upstream fix (Closes: #494969) * Remove extra space in debconf templates. Translations unfuzzied Closes: #473655 * Fix pending l10n issues * Debconf translations: - Galician. Closes: #480987 - Swedish. Closes: #491959 - Czech. Closes: #495087 - Russian. Closes: #495572 - Basque. Closes: #495588 - Brazilian Portuguese. Closes: #495723 * [Lintian] Change Depends from obsolete libmime-perl to libmime-tools-perl * [Lintian] Change "can can handle" to "can handle" in package description * [Lintian] Set debhelper compatibility level through debian/compat Checksums-Sha1: 8929161d91d762275667f023a39d973e8b841506 992 sympa_5.3.4-5.1.dsc ad4ce1634cdf724239779d30b3b9f20f2cd43d8c 111988 sympa_5.3.4-5.1.diff.gz feb7903256b59eba9a288c6fa347979a0feb4b24 3096090 sympa_5.3.4-5.1_i386.deb Checksums-Sha256: e3838ff4f8d26c6bd46c67480be6334378307724452312e3f288d29cd24c898e 992 sympa_5.3.4-5.1.dsc 0a4bbf66a4534bb4ee06711aa4c07f8ef87fd9977e223aa789684628b669b98e 111988 sympa_5.3.4-5.1.diff.gz 1d78ce6209cbd1ea5d5a85d0202fcc9994685a51d78e3386a5b2223a7862f593 3096090 sympa_5.3.4-5.1_i386.deb Files: ded2d701a669009dc3be1c986f5dd7f4 992 mail optional sympa_5.3.4-5.1.dsc 227ee7719fc97d87086a161f729a8631 111988 mail optional sympa_5.3.4-5.1.diff.gz 707a274a6d2ace5defa682474044e153 3096090 mail optional sympa_5.3.4-5.1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkitpeEACgkQ1OXtrMAUPS2zqwCgs+Bg5vFDS1aEBkwQSuOfnPbi KDsAoIhnSOxZDI8Q20YoZH5f39iAUwTr =aVtD -----END PGP SIGNATURE-----
--- End Message ---
