Bug#748667: marked as done (python-vtk6: bogus RPATH)

Debian Bug Tracking System Fri, 23 May 2014 09:28:10 -0700

Your message dated Fri, 23 May 2014 16:24:15 +0000
with message-id <e1wnsgv-00043c...@franck.debian.org>
and subject line Bug#748667: fixed in vtk6 6.1.0+dfsg-3
has caused the Debian Bug report #748667,
regarding python-vtk6: bogus RPATH
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
748667: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748667
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---
Source: python-vtk6
Version: 6.1.0+dfsg-2
Severity: grave
Tags: security
/usr/bin/pvtk, /usr/bin/vtk6python and /usr/bin/pvtkpython all haveRPATH set to:
/usr/lib/jvm/default-java/jre/lib/amd64/xawt:/usr/lib/jvm/default-java/jre/lib/amd64/server:/tmp/buildd/vtk6-6.1.0+dfsg/debian/build/lib:
(Note that neither /usr/lib/jvm/default-java/jre/lib/amd64/xawt nor/usr/lib/jvm/default-java/jre/lib/amd64/server exists in a minimalenvironment with only python-vtk6 installed.)
Malicious local user can exploit this RPATH to execute arbitrary code,by placing a crafted library in/tmp/buildd/vtk6-6.1.0+dfsg/debian/build/lib.
-- System Information:
Debian Release: jessie/sid
 APT prefers unstable
 APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.13-1-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-vtk6 depends on:
ii  libc6          2.18-4
ii  libgcc1        1:4.9.0-4
ii  libopenmpi1.6  1.6.5-8
ii  libpython2.7   2.7.6-8
ii  libstdc++6     4.9.0-4
ii  libtcl8.6      8.6.1-6
ii  libtk8.6       8.6.1-5
ii  libvtk6        6.1.0+dfsg-2
ii  python         2.7.5-5
pn  python:any     <none>

python-vtk6 recommends no packages.

Versions of packages python-vtk6 suggests:
pn  mayavi2        <none>
pn  vtk6-doc       <none>
pn  vtk6-examples  <none>

--
Jakub Wilk
--- End Message ---

--- Begin Message ---

Source: vtk6
Source-Version: 6.1.0+dfsg-3

We believe that the bug you reported is fixed in the latest version of
vtk6, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 748...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anton Gladky <gl...@debian.org> (supplier of updated vtk6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 21 May 2014 21:54:40 +0200
Source: vtk6
Binary: libvtk6 libvtk6-dev libvtk6-java python-vtk6 tcl-vtk6 vtk6 vtk6-doc 
vtk6-examples
Architecture: source amd64 all
Version: 6.1.0+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Team 
<debian-science-maintain...@lists.alioth.debian.org>
Changed-By: Anton Gladky <gl...@debian.org>
Description: 
 libvtk6    - Visualization Toolkit - A high level 3D visualization library - r
 libvtk6-dev - VTK header files for building C++ code
 libvtk6-java - Visualization Toolkit - A high level 3D visualization library - 
j
 python-vtk6 - Python bindings for VTK
 tcl-vtk6   - Tcl bindings for VTK
 vtk6       - Binaries for VTK6
 vtk6-doc   - VTK class reference documentation
 vtk6-examples - C++, Tcl and Python example programs/scripts for VTK
Closes: 748667
Changes: 
 vtk6 (6.1.0+dfsg-3) unstable; urgency=medium
 .
   * [208fbac] Remove RPATH from binaries. (Closes: #748667)
Checksums-Sha1: 
 9cb7f9f40cb5bcf223a972e880e8213ca23ced3e 3265 vtk6_6.1.0+dfsg-3.dsc
 e6917ca2066f104bdd59b5f1cd528c1ed99c373a 22340 vtk6_6.1.0+dfsg-3.debian.tar.xz
 3465cc83df8146f6fea41c4da735b46d651430ac 20039490 
libvtk6_6.1.0+dfsg-3_amd64.deb
 891615c54653ffd0ff12a251755e54296a1736ec 48385028 
libvtk6-dev_6.1.0+dfsg-3_amd64.deb
 43704d9c98d592db79d797a9746d44aeb104bd7a 3222314 
libvtk6-java_6.1.0+dfsg-3_amd64.deb
 e67ed157726e0185504e57328787a04ceb47e7f1 218916 
python-vtk6_6.1.0+dfsg-3_amd64.deb
 02b613bbdb125e2435a20e90e73a847979949b8e 131720 tcl-vtk6_6.1.0+dfsg-3_amd64.deb
 1bea8ae76adbacfa11622d3f62c3d1bd3c663603 171172 vtk6_6.1.0+dfsg-3_amd64.deb
 b34b5ef4cf5dba6e94c75517650fcca6d20e15aa 65856 vtk6-doc_6.1.0+dfsg-3_all.deb
 92c2125ea70310a2dce8fb7ccc5052861fc8093e 579766 
vtk6-examples_6.1.0+dfsg-3_all.deb
Checksums-Sha256: 
 a9aec76b0f055d46616a048662047f3aa29c2088f20b172e25738220181515eb 3265 
vtk6_6.1.0+dfsg-3.dsc
 2cbf7c6453b6ecbbe0931f5d3685ec3323791f5c13f23a11cb70817399939a0c 22340 
vtk6_6.1.0+dfsg-3.debian.tar.xz
 726d111a9418eff85ad19dd6a49e21bf663b32e2144cb7edac27b74c8c44e0c6 20039490 
libvtk6_6.1.0+dfsg-3_amd64.deb
 22d2d078f96fa6be4e542ac043e049cc4d95fa9618690116ab66ec8b3d7f1914 48385028 
libvtk6-dev_6.1.0+dfsg-3_amd64.deb
 94f2feb9c2d4d242de504e229dfb23bf56902bedcdbef7d809c251c6abd6b13f 3222314 
libvtk6-java_6.1.0+dfsg-3_amd64.deb
 b84b4b377a4fd0eeae0a651e8e5ebb3a11587a1ea253a63d4635c6c00fdc047e 218916 
python-vtk6_6.1.0+dfsg-3_amd64.deb
 097a1fff4907c0edbf5b6c21118f630bb2496b0c2d63ae921f05a85306f83606 131720 
tcl-vtk6_6.1.0+dfsg-3_amd64.deb
 be2433ab8661598b514707517d9ec58fe923a1ebe3f5011fbf00decb02c92a0e 171172 
vtk6_6.1.0+dfsg-3_amd64.deb
 f7560518427812040651effc9b35cd020c3ac21aea78c97a2b47192648def5ed 65856 
vtk6-doc_6.1.0+dfsg-3_all.deb
 bd29a023b4a3fb69afe8cb34511527302a2bb7bcad9b7500d410dc45504b2b10 579766 
vtk6-examples_6.1.0+dfsg-3_all.deb
Files: 
 b3d191841241e25efa3c99b986971996 20039490 libs optional 
libvtk6_6.1.0+dfsg-3_amd64.deb
 f4ac17e260d3921a49efee28a91a8e80 48385028 libdevel optional 
libvtk6-dev_6.1.0+dfsg-3_amd64.deb
 7fee13ce88ec942ecbb6a5d4c40f2c38 3222314 java optional 
libvtk6-java_6.1.0+dfsg-3_amd64.deb
 58b38b7ba1e71d9a1fc21702d8d756a9 218916 python optional 
python-vtk6_6.1.0+dfsg-3_amd64.deb
 ba3f915933c312b9182c38dd687620ec 131720 interpreters optional 
tcl-vtk6_6.1.0+dfsg-3_amd64.deb
 59b4fbac75c97537ed0e9891f6d14153 171172 interpreters optional 
vtk6_6.1.0+dfsg-3_amd64.deb
 03d89ce7f0c96c7d8f7bc5fa97160b76 65856 doc optional 
vtk6-doc_6.1.0+dfsg-3_all.deb
 33594ce978d44d6f8c20a618b41251ab 579766 graphics optional 
vtk6-examples_6.1.0+dfsg-3_all.deb
 653f677ec8b2ee2429393e8876d77307 3265 graphics optional vtk6_6.1.0+dfsg-3.dsc
 4f017a0415c1759768e519406d8e612b 22340 graphics optional 
vtk6_6.1.0+dfsg-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTf12ZAAoJENPhc4PPp/8G00QP/Ry17FnAHfoGIV+kkEJZ60eZ
GbUh0mPJpZkp1+BItQjF8JEpq7Kz2YP86MjjDReHMQuEjeIoEPc0VMeXPG6nRhoo
I1qhYNTlP4hLbjL2lf3Pp0gYz0Oh5Q9Jej2xtPqAkNh6w/OjhzkTLtuv1JQIew9k
h8VuU0iWKzJuceEAJvijzsD05kVydpCSju2Pj5P6ucYxMh7MfcbTvs4SD1exP8Sv
HxQJlikgVaPahTYQoU+CTpGeqfzgvO2dKBQIhXxvEz0yXmY1VqjQn+y897AfAxZk
gnWPC79Yn2qOVKnj5BvnpazxnTSSQs71NBCpIhJzKszoWz73MPM0fVMxhyYhjqIx
qS+Gb2YoKneNgSIq/+durvYHaXGLhbSKA6JrwnuLUnyyKatLbPYCYj9budyTkwco
4/9tnJyPf3RCVSmY5vmhpPjnB/FXXci4AjOgtuiZjlLpl3MwbJxhazjJH31vMflG
G2MEDTsEdW5Rr9FAlsOVaoxYcDYHHbYlgO4cSbRxf808DUL4Pn3zsxOiyYl9KVXG
N0bm1/DHEE0H2gdwiTkJZogJiKIVehlwTDH0gJraHR1nkF9yzxTspn+87PoNK7GI
9e4nNYgGeOX4OjBit5XAFhdTk8gIRf1ZzJi6Sit+WbieDc6wCEo+xz34zqXtvQCz
23EakRfWtByk82pxLahS
=hSGz
-----END PGP SIGNATURE-----

--- End Message ---

Bug#748667: marked as done (python-vtk6: bogus RPATH)

Reply via email to