Your message dated Fri, 16 Apr 2010 03:47:22 +0000
with message-id <e1o2cwy-0004wy...@ries.debian.org>
and subject line Bug#577958: fixed in gource 0.26-2
has caused the Debian Bug report #577958,
regarding gource: Uses predictable filename in /tmp for logging
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
577958: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gource
Version: 0.26-1
Severity: grave
Tags: security
Gource logs to a file named /tmp/gource-$UID.tmp (see src/commitlog.cpp
line 231 ff.), enabling malicious co-users to overwrite an arbitrary
file via a symlink attack.
--- End Message ---
--- Begin Message ---
Source: gource
Source-Version: 0.26-2
We believe that the bug you reported is fixed in the latest version of
gource, which is due to be installed in the Debian FTP archive:
gource_0.26-2.debian.tar.gz
to main/g/gource/gource_0.26-2.debian.tar.gz
gource_0.26-2.dsc
to main/g/gource/gource_0.26-2.dsc
gource_0.26-2_amd64.deb
to main/g/gource/gource_0.26-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 577...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrew Caudwell <acaudw...@gmail.com> (supplier of updated gource package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 16 Apr 2010 11:29:10 +1200
Source: gource
Binary: gource
Architecture: source amd64
Version: 0.26-2
Distribution: unstable
Urgency: high
Maintainer: Andrew Caudwell <acaudw...@gmail.com>
Changed-By: Andrew Caudwell <acaudw...@gmail.com>
Description:
gource - graphical source control visualisation
Closes: 577958
Changes:
gource (0.26-2) unstable; urgency=high
.
* Use mkstemp to create temp file (Closes: #577958)
Checksums-Sha1:
86229388895cc369114b1e268b1c791f712350c9 1915 gource_0.26-2.dsc
dcc567e1891630590e92ff89a36ed0e1b1a2f368 4276 gource_0.26-2.debian.tar.gz
4e867e7cc5c40c681aa84d1a972011bbcfb3785a 162906 gource_0.26-2_amd64.deb
Checksums-Sha256:
381c128542f8050a274abeeb906d3958b82e7fce45a315675266d75150938c11 1915
gource_0.26-2.dsc
b00cf64d25f2e40427bfb27d23be457d1fe7635731f7cf801880aae2411b066b 4276
gource_0.26-2.debian.tar.gz
916d91ccf7843a3d1cd91a10c68e25d5a3147245cb0773a0166c749909851fb5 162906
gource_0.26-2_amd64.deb
Files:
0ec871eb17506fcec04b7162136fa57b 1915 vcs extra gource_0.26-2.dsc
a0462fd226d51aaa0a8daf98891b19f9 4276 vcs extra gource_0.26-2.debian.tar.gz
0aee0d473afc80d521389f5010e453a1 162906 vcs extra gource_0.26-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJLx9YDAAoJEBYoHy4AfJjRx6EP/2fqL7QMbsG/8ztrhmEyfsVE
EeaLvRmHMgELP+87cem0mDYv/sANchgR9wghDJfo6niQMJ8zzyJBfmBDI7WikU0k
r9KGeDEaPCcAi1tReWkIttZiYrcMuX73/m0WI8D/fom9JesK4u/oIKx0ioz/V8ef
SlCabXn+sTmExB+fneghnaklZKcAt+hiWneRNtZU1AAXV8kIVMRoVct81Rpl0BXi
/5cEmgN4gm49aezMs3r7d4XHWbp7c8pP+/3Krw5zS0igxksXXCSIPS2sIdLw+bPW
sJZYe7NC4uSH5zGsbC9UwYdmpml8f7TZ5hrZPUMEkzedQEXbV16ztpKG0u4iWwKx
dGmo6ZCvfAgx3QiNxM6b8qi+/bZ9/anrfiLpUcNGu17km1Qx8mc8Qr61UvHwAtnu
S+XE17ZKmoEGZWKxzAJvSaqMuV5T28Rrm3mpQyjjHVoD1O5e/U3fNfI+m6W4JLJk
J+H5mMEabBQOipaYbZxWNuif7O16eMbAZOz7sgCJU/YjkV97VXZUU0ACbodbTSlV
L/7S9bJ2Yr/cNoDBVI5i9rp1macFoAbaGpRwSkJ3xkDRaLnc9V12k0L/20xBJC5f
3W+B81pG3LQkHxCZ3lc8tHzDYnKehabgoOTLx5hU6k5Tw9kin8LU/wmVigT8a9JV
oJ5qmKgZzI80/qcXRA0J
=BNzf
-----END PGP SIGNATURE-----
--- End Message ---
