Your message dated Fri, 03 Dec 2010 00:34:55 +0800 with message-id <4cf7caaf.1060...@gmail.com> and subject line Re: [pkg-cli-apps-team] Bug#605095: banshee: diff for NMU version 1.6.1-1.1 has caused the Debian Bug report #605095, regarding CVE-2010-3998 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 605095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605095 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: banshee Severity: grave Tags: security Hi, please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3998 for details and a patch. Please upload a targeted fix for Squeeze and not a whole new upstream release. Cheers, Moritz -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages banshee depends on: pn gstreamer0.10-gnomevfs <none> (no description available) pn gstreamer0.10-plugins-base <none> (no description available) pn gstreamer0.10-plugins-good <none> (no description available) ii hal 0.5.14-3 Hardware Abstraction Layer pn libboo2.0-cil <none> (no description available) ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra pn libgconf2.0-cil <none> (no description available) pn libglade2.0-cil <none> (no description available) ii libglib2.0-0 2.24.2-1 The GLib library of C routines pn libglib2.0-cil <none> (no description available) pn libgnome2.0-cil <none> (no description available) ii libgstreamer-plugins-base0.10 0.10.30-1 GStreamer libraries from the "base ii libgstreamer0.10-0 0.10.30-1 Core GStreamer libraries and eleme ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface pn libgtk2.0-cil <none> (no description available) pn libmono-addins-gui0.2-cil <none> (no description available) pn libmono-addins0.2-cil <none> (no description available) pn libmono-cairo2.0-cil <none> (no description available) pn libmono-corlib2.0-cil <none> (no description available) pn libmono-sharpzip2.84-cil <none> (no description available) pn libmono-sqlite2.0-cil <none> (no description available) pn libmono-system-data2.0-cil <none> (no description available) pn libmono-system-web2.0-cil <none> (no description available) pn libmono-system2.0-cil <none> (no description available) pn libmono2.0-cil <none> (no description available) pn libmtp7 <none> (no description available) pn libndesk-dbus-glib1.0-cil <none> (no description available) pn libndesk-dbus1.0-cil <none> (no description available) pn libnotify0.4-cil <none> (no description available) ii libpango1.0-0 1.28.3-1 Layout and rendering of internatio pn libtaglib2.0-cil <none> (no description available) ii libx11-6 2:1.3.3-4 X11 client-side library pn mono-runtime <none> (no description available) Versions of packages banshee recommends: pn brasero <none> (no description available) ii gstreamer0.10-ffmpeg 0.10.10-1 FFmpeg plugin for GStreamer pn gstreamer0.10-plugins-bad <none> (no description available) pn gstreamer0.10-plugins-ugly <none> (no description available) pn podsleuth <none> (no description available) banshee suggests no packages.
--- End Message ---
--- Begin Message ---On Thursday 02,December,2010 11:16 PM, Alexander Reichle-Schmehl wrote: > tags 605095 + patch > tags 605095 + pending > thanks > > Dear maintainer, > > I've prepared an NMU for banshee (versioned as 1.6.1-1.1) and > uploaded it to DELAYED/2. Please feel free to tell me if I > should delay it longer. > > Regards. Hi Alexander, It appears to me that your patch only adds a : to ${var+:$var} to make it ${var:+:$var}, but both forms are equivalent, and tested on Ubuntu and Debian's versions of Bash. Therefore this bug does not exist in Debian, and the patch is unnecessary. I don't know if Redhat's bug truly exists, or whether it was patched without proper verification, though. Could you cancel the upload, please? -- Kind regards, Loong Jinsignature.asc
Description: OpenPGP digital signature
--- End Message ---