Bug#605095: marked as done (CVE-2010-3998)

Debian Bug Tracking System Thu, 02 Dec 2010 08:40:09 -0800

Your message dated Fri, 03 Dec 2010 00:34:55 +0800
with message-id <4cf7caaf.1060...@gmail.com>
and subject line Re: [pkg-cli-apps-team] Bug#605095: banshee: diff for NMU 
version 1.6.1-1.1
has caused the Debian Bug report #605095,
regarding CVE-2010-3998
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
605095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605095
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: banshee
Severity: grave
Tags: security

Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3998
for details and a patch. Please upload a targeted fix for Squeeze
and not a whole new upstream release.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages banshee depends on:
pn  gstreamer0.10-gnomevfs        <none>     (no description available)
pn  gstreamer0.10-plugins-base    <none>     (no description available)
pn  gstreamer0.10-plugins-good    <none>     (no description available)
ii  hal                           0.5.14-3   Hardware Abstraction Layer
pn  libboo2.0-cil                 <none>     (no description available)
ii  libc6                         2.11.2-7   Embedded GNU C Library: Shared lib
ii  libcairo2                     1.8.10-6   The Cairo 2D vector graphics libra
pn  libgconf2.0-cil               <none>     (no description available)
pn  libglade2.0-cil               <none>     (no description available)
ii  libglib2.0-0                  2.24.2-1   The GLib library of C routines
pn  libglib2.0-cil                <none>     (no description available)
pn  libgnome2.0-cil               <none>     (no description available)
ii  libgstreamer-plugins-base0.10 0.10.30-1  GStreamer libraries from the "base
ii  libgstreamer0.10-0            0.10.30-1  Core GStreamer libraries and eleme
ii  libgtk2.0-0                   2.20.1-2   The GTK+ graphical user interface 
pn  libgtk2.0-cil                 <none>     (no description available)
pn  libmono-addins-gui0.2-cil     <none>     (no description available)
pn  libmono-addins0.2-cil         <none>     (no description available)
pn  libmono-cairo2.0-cil          <none>     (no description available)
pn  libmono-corlib2.0-cil         <none>     (no description available)
pn  libmono-sharpzip2.84-cil      <none>     (no description available)
pn  libmono-sqlite2.0-cil         <none>     (no description available)
pn  libmono-system-data2.0-cil    <none>     (no description available)
pn  libmono-system-web2.0-cil     <none>     (no description available)
pn  libmono-system2.0-cil         <none>     (no description available)
pn  libmono2.0-cil                <none>     (no description available)
pn  libmtp7                       <none>     (no description available)
pn  libndesk-dbus-glib1.0-cil     <none>     (no description available)
pn  libndesk-dbus1.0-cil          <none>     (no description available)
pn  libnotify0.4-cil              <none>     (no description available)
ii  libpango1.0-0                 1.28.3-1   Layout and rendering of internatio
pn  libtaglib2.0-cil              <none>     (no description available)
ii  libx11-6                      2:1.3.3-4  X11 client-side library
pn  mono-runtime                  <none>     (no description available)

Versions of packages banshee recommends:
pn  brasero                       <none>     (no description available)
ii  gstreamer0.10-ffmpeg          0.10.10-1  FFmpeg plugin for GStreamer
pn  gstreamer0.10-plugins-bad     <none>     (no description available)
pn  gstreamer0.10-plugins-ugly    <none>     (no description available)
pn  podsleuth                     <none>     (no description available)

banshee suggests no packages.

--- End Message ---

--- Begin Message ---

On Thursday 02,December,2010 11:16 PM, Alexander Reichle-Schmehl wrote:
> tags 605095 + patch
> tags 605095 + pending
> thanks
> 
> Dear maintainer,
> 
> I've prepared an NMU for banshee (versioned as 1.6.1-1.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.
> 
> Regards.

Hi Alexander,

It appears to me that your patch only adds a : to ${var+:$var} to make it
${var:+:$var}, but both forms are equivalent, and tested on Ubuntu and Debian's
versions of Bash. Therefore this bug does not exist in Debian, and the patch is
unnecessary. I don't know if Redhat's bug truly exists, or whether it was
patched without proper verification, though.

Could you cancel the upload, please?

-- 
Kind regards,
Loong Jin

signature.asc
Description: OpenPGP digital signature

--- End Message ---

Bug#605095: marked as done (CVE-2010-3998)

Reply via email to