Your message dated Tue, 30 Nov 2010 14:32:38 +0000
with message-id <e1pnrg2-0003qv...@franck.debian.org>
and subject line Bug#605096: fixed in tomboy 1.2.2-2
has caused the Debian Bug report #605096,
regarding CVE-2010-4005
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
605096: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605096
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tomboy
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4005
for details and a patch. Please fix this for Squeeze with a targeted
bugfix, not by packaging a full new upstream release.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages tomboy depends on:
ii gconf2 2.28.1-6 GNOME configuration database syste
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
pn libgconf2.0-cil <none> (no description available)
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
pn libglib2.0-cil <none> (no description available)
pn libgmime2.2-cil <none> (no description available)
pn libgnome2.0-cil <none> (no description available)
pn libgnomeprint2.2-0 <none> (no description available)
pn libgnomeprintui2.2-0 <none> (no description available)
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
pn libgtk2.0-cil <none> (no description available)
ii libgtkspell0 2.0.16-1 a spell-checking addon for GTK's T
pn libmono-addins-gui0.2-cil <none> (no description available)
pn libmono-addins0.2-cil <none> (no description available)
pn libmono-corlib2.0-cil <none> (no description available)
pn libmono-system2.0-cil <none> (no description available)
pn libmono2.0-cil <none> (no description available)
pn libndesk-dbus-glib1.0-cil <none> (no description available)
pn libndesk-dbus1.0-cil <none> (no description available)
pn libpanel-applet2-0 <none> (no description available)
ii libpango1.0-0 1.28.3-1 Layout and rendering of internatio
ii libx11-6 2:1.3.3-4 X11 client-side library
pn mono-runtime <none> (no description available)
tomboy recommends no packages.
Versions of packages tomboy suggests:
pn evolution <none> (no description available)
--- End Message ---
--- Begin Message ---
Source: tomboy
Source-Version: 1.2.2-2
We believe that the bug you reported is fixed in the latest version of
tomboy, which is due to be installed in the Debian FTP archive:
tomboy_1.2.2-2.diff.gz
to main/t/tomboy/tomboy_1.2.2-2.diff.gz
tomboy_1.2.2-2.dsc
to main/t/tomboy/tomboy_1.2.2-2.dsc
tomboy_1.2.2-2_amd64.deb
to main/t/tomboy/tomboy_1.2.2-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 605...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Iain Lane <la...@ubuntu.com> (supplier of updated tomboy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 29 Nov 2010 18:59:02 +0000
Source: tomboy
Binary: tomboy
Architecture: source amd64
Version: 1.2.2-2
Distribution: unstable
Urgency: high
Maintainer: Debian CLI Applications Team
<pkg-cli-apps-t...@lists.alioth.debian.org>
Changed-By: Iain Lane <la...@ubuntu.com>
Description:
tomboy - desktop note taking program using Wiki style links
Closes: 605096
Changes:
tomboy (1.2.2-2) unstable; urgency=high
.
* [bc0695b] Fix insecure LD_LIBRARY_PATH. A vulnerability existed
where if LD_LIBRARY_PATH were set but empty, a trailing : as a path
separator would still be appended to the path, exposing an
insecure/invalid search path. Using :+: instead of +: prevents this
as ${X:+:$X} returns X iff X is set and not empty whereas ${X+:$X}
returns X iff X is set (it may be empty). References: CVE-2010-4005
(Closes: #605096)
Checksums-Sha1:
a78cfda4f7fa09c340d45080a676ef7d5f2a3b70 2075 tomboy_1.2.2-2.dsc
036e581a38848d49f9deb899568c4881910fdfea 79713 tomboy_1.2.2-2.diff.gz
c63010213e29d49bf144f7a0f93a7ff7ba828f7b 4345868 tomboy_1.2.2-2_amd64.deb
Checksums-Sha256:
f65256d1f8b6de74fb43a2a63b837777006a48a6c6df6697c7dd6a51f0876a52 2075
tomboy_1.2.2-2.dsc
e2ffb32f2819d37e9d850cc20660c897c15de181e3d7cd88c32430cc8b2add72 79713
tomboy_1.2.2-2.diff.gz
444cc3349d2298dc16f92220aeb91719e1566a5b52e0c8568c7b97851a13d4fd 4345868
tomboy_1.2.2-2_amd64.deb
Files:
52f5917d5faef062807dbd43cc21aac2 2075 gnome optional tomboy_1.2.2-2.dsc
5494f07699b0b09e728e07c22fe9e182 79713 gnome optional tomboy_1.2.2-2.diff.gz
6f5c258618171ad3465b0c1662534e99 4345868 gnome optional
tomboy_1.2.2-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBCAAGBQJM9QAXAAoJEMkPnLkOH60MlTsH/2jq5BrMANNrDtC/ijOTAzYN
XbofcvfSyacxFktKlzHeTQFVotFdXlHlyfdKbnLn7WZJgXMd9mSFJlhLcVBomEAq
MegVqQ+20gYhxUhj5m4HLG0HN+9IHklK3s0bHFFFM0jtUpo9kAbJIrIj9xZAcTe3
YrfDZ4cpNEjN8vmAUQNenvCA7t/px/YMpFjLZzfPfDVL6NBaFyz+p+xRwzBZLXJw
dup7c9M6wOhPoDPpCaG5NUxd8T6AM9Eouf420kJh3AIfBke+Ep1+a3BNqwQcDSPZ
tFpjCqLzRq/mfCFGJfVTo1M1nvtrmWiBn62DLsS7F+KKC9sYQoS2GCnq/U8XnJU=
=WhnN
-----END PGP SIGNATURE-----
--- End Message ---
