Your message dated Sun, 13 Nov 2005 07:02:03 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#282815: fixed in cscope 15.5+cvs20050816-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Nov 2004 17:58:17 +0000
>From [EMAIL PROTECTED] Wed Nov 24 09:58:17 2004
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CX1PF-0005yI-00; Wed, 24 Nov 2004 09:58:17 -0800
Received: from martin by box79162.elkhouse.de with local (Exim 4.34)
id 1CX1Ok-0000g1-LU; Wed, 24 Nov 2004 18:57:46 +0100
Date: Wed, 24 Nov 2004 18:57:46 +0100
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: cscope: Vulnerable to CAN-2004-0996
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="vkogqOf2sHV7VnPd"
Content-Disposition: inline
X-Reportbug-Version: 2.63
User-Agent: Mutt/1.5.6+20040722i
Sender: Martin Pitt <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--vkogqOf2sHV7VnPd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: cscope
Version: 15.5-1
Severity: grave
Tags: security patch
Justification: user security hole
Hi!
cscope is vulnerable to a temporary file flaw (CAN-2004-0996). See=20
http://lists.netsys.com/pipermail/full-disclosure/2004-November/029341.ht=
ml
for details. I just prepared an updated Ubuntu package, you can get
the debdiff from
http://patches.ubuntu.com/patches/cscope.CAN-2004-0996.diff
Joey is already notified, he cares for a woody update. Please fix the
unstable and testing version.
Thanks,
Martin
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANG=3Dde_DE.UTF-8, LC_CTYPE=3Dde_DE.UTF-8
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian GNU/Linux Developer http://www.debian.org
--vkogqOf2sHV7VnPd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBpMuaDecnbV4Fd/IRApB6AJ9EaKpkND7XUuBuLyra2ixB8km2LgCgj6Nb
7lYzcqbCFIB4xtWGOk0pVQw=
=/1kE
-----END PGP SIGNATURE-----
--vkogqOf2sHV7VnPd--
---------------------------------------
Received: (at 282815-close) by bugs.debian.org; 13 Nov 2005 15:05:58 +0000
>From [EMAIL PROTECTED] Sun Nov 13 07:05:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EbJMp-0003ZX-Hz; Sun, 13 Nov 2005 07:02:03 -0800
From: Anthony Fok <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#282815: fixed in cscope 15.5+cvs20050816-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 13 Nov 2005 07:02:03 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: cscope
Source-Version: 15.5+cvs20050816-1
We believe that the bug you reported is fixed in the latest version of
cscope, which is due to be installed in the Debian FTP archive:
cscope_15.5+cvs20050816-1.diff.gz
to pool/main/c/cscope/cscope_15.5+cvs20050816-1.diff.gz
cscope_15.5+cvs20050816-1.dsc
to pool/main/c/cscope/cscope_15.5+cvs20050816-1.dsc
cscope_15.5+cvs20050816-1_i386.deb
to pool/main/c/cscope/cscope_15.5+cvs20050816-1_i386.deb
cscope_15.5+cvs20050816.orig.tar.gz
to pool/main/c/cscope/cscope_15.5+cvs20050816.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anthony Fok <[EMAIL PROTECTED]> (supplier of updated cscope package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 13 Nov 2005 00:30:02 +0800
Source: cscope
Binary: cscope
Architecture: source i386
Version: 15.5+cvs20050816-1
Distribution: unstable
Urgency: low
Maintainer: Anthony Fok <[EMAIL PROTECTED]>
Changed-By: Anthony Fok <[EMAIL PROTECTED]>
Description:
cscope - Interactively examine a C program source
Closes: 282815 298931 315466
Changes:
cscope (15.5+cvs20050816-1) unstable; urgency=low
.
* New upstream CVS as of 2005-08-16. Fixes the following in Debian BTS:
- 2004-06-23 Hans-Bernhard Broeker <[EMAIL PROTECTED]>
* src/dir.c (makefilelist): Fix broken movement of point_in_line
when parsing quoted names. Simplify structure by moving default
handling upward.
Closes: Bug#298931 - bug in handling quote-protected filenames in
cscope.files
- 2004-12-06 Neil Horman <[EMAIL PROTECTED]>
* src/main.c: Fix for temp file security bug (sourceforge
bug number 1062807 / CAN-2004-0970 [sic, should be CAN-2004-0996])
Acknowledge NMU of 15.5-1.1 (Thanks to Joey Hess, Martin Pitt
and Gerardo Di Giacomo). Upstream fixed the same issue in a
slightly different way, by creating a temp directory to store
the temp files. (Closes: #282815)
* xcscope.el: Applied Lasse Kantola's change_let_to_setq.patch
so that disabling of fuzzy matching would work correctly.
(Closes: Bug#315466)
* Adds Build-Depends: automake1.7 to avoid warnings.
* Updated Standards-Version: from to 3.6.2.
* Updated author list in debian/copyright.
Files:
29e07b4cf15de58be9c290279e255040 645 devel optional
cscope_15.5+cvs20050816-1.dsc
77267e7e0b9e3ec4a223313be08f7a06 261713 devel optional
cscope_15.5+cvs20050816.orig.tar.gz
14d192c7600fa65012e94e772b9c2b18 38245 devel optional
cscope_15.5+cvs20050816-1.diff.gz
00131acfe2157e41156e30daf231e873 142454 devel optional
cscope_15.5+cvs20050816-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDd1LhLa8qZm1n95ARAsrfAKCAKvabgVqG+/IkibeK7MjHJ1Bl5QCfbFA6
F/Iw7P7iFWmBE/+SQUGZ+Jo=
=ZEez
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
