Your message dated Fri, 08 May 2020 08:39:54 +0000 with message-id <e1jwyxy-000dpm...@fasolo.debian.org> and subject line Bug#956276: fixed in runescape 0.8-1 has caused the Debian Bug report #956276, regarding runescape: downloads unverified binary and runs it to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 956276: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956276 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---package: runescape severity: serious Hi, It seems runescape downloads a binary and runs it, without verifying its integrity. At least the download happens using https, but no other verification is done. Cheers, Ivo
--- End Message ---
--- Begin Message ---Source: runescape Source-Version: 0.8-1 Done: Carlos Donizete Froes <corin...@riseup.net> We believe that the bug you reported is fixed in the latest version of runescape, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 956...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Carlos Donizete Froes <corin...@riseup.net> (supplier of updated runescape package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 21 Apr 2020 18:24:34 -0300 Source: runescape Architecture: source Version: 0.8-1 Distribution: unstable Urgency: medium Maintainer: Debian Games Team <pkg-games-de...@lists.alioth.debian.org> Changed-By: Carlos Donizete Froes <corin...@riseup.net> Closes: 956275 956276 Changes: runescape (0.8-1) unstable; urgency=medium . * New upstream release: - New redistributable icon, generated by the author (Closes: #956275); - Verify the download against a known hash, and warn the user about the purpose of the launcher (Closes: #956276). * debian/control: + Added in Depends: kdialog | zenity, java10-runtime, p7zip-full. - Removed in Build-Depends: default-jdk-headless | default-jdk. - Removed in Depends: default-jre-headless. + Long description with more details improved. * Added debian/docs. * debian/tests/control: + Added in Depends: kdialog | zenity, java10-runtime, p7zip-full. - Removed in Depends: default-jre-headless. * debian/watch: Fixed the requested URL in the uscan information. Checksums-Sha1: 230a34786d0aeca7430cb658211f26e0b0194145 2285 runescape_0.8-1.dsc bd25032fbe89bf0b7e03518645c24fe20eba279f 71185 runescape_0.8.orig.tar.bz2 4c4b29f947c4e7b0801959d3f2931ca4acb9fca3 833 runescape_0.8.orig.tar.bz2.asc e95150373bcc99316c9252721b8a9966fbd48833 13316 runescape_0.8-1.debian.tar.xz 6e4b6fe0497f1280e51b8f9e05d50b67a2a34edb 5805 runescape_0.8-1_source.buildinfo Checksums-Sha256: 697428158af70f64b6a566eb91f75725c385c35e087861c6e83e93f416bb627c 2285 runescape_0.8-1.dsc 0f1c409071cb81f061e1c536c1f8cda3a1c9be2a813cf7dc23d85a2815f6668c 71185 runescape_0.8.orig.tar.bz2 f76c65b76ab66ba758ad6492b4bba5f3742eac89029baada8eb82e2b1abdc383 833 runescape_0.8.orig.tar.bz2.asc 8ec2cf4217c92c19fbd56c64fa80fe0266d312410a9414cfe64900adc7f484c4 13316 runescape_0.8-1.debian.tar.xz 7148c1800893904541d8cd27dcc3ba6c1b5cc08577f88db8f49ddef372421d64 5805 runescape_0.8-1_source.buildinfo Files: d3bc1250f094f1416a8787c64fcd96a5 2285 non-free/games optional runescape_0.8-1.dsc c841c81267dc951040824a6aaa55641b 71185 non-free/games optional runescape_0.8.orig.tar.bz2 4849356e06fe880a0715703ca26eed96 833 non-free/games optional runescape_0.8.orig.tar.bz2.asc 3c0f11bd13ff5bdf2111ddc45f198079 13316 non-free/games optional runescape_0.8-1.debian.tar.xz 568062ef73e853b06dc2ef955903efe8 5805 non-free/games optional runescape_0.8-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnPVX/hPLkMoq7x0ggNMC9Yhtg5wFAl61FCoACgkQgNMC9Yht g5yHCA/9Ga8YdTmXG83NquSO5zQ+yiqWGef2kbiknbozvVjq6RHasYnRjaMn+kZ/ cC8FJATjf8IlM2XYFSuoOrsIYB9X8cQ3mJYLxOYaXOW8Nu3iB+xqHN55ciVt0XNN ZFTUcDldRH1IZNSIj6kUu3k9kkjnTl9M7NOcVOsHQ3hMj08o1dK8+XVe43ZzwZO5 1Sx1w7Ni2Yb/yIgKLnwkzUQ/cFkmTbLV+IanvB9AHZRgBoCEdeB4mFlsFDf2Fd3u /7wXLRVVnd4qiEQjnzWJMDyGyOqsf0suc+CiRCFyOtnOney1RIzWF6De2f8B3KIx jKoyXblw5/bG79pTtLGz/owC7x6qCTCIXLl/FtJTbKRWwaU4iBmaDGhlrdXiva7G joPsjAUwrxNjwYxRd8035y233/rJCL1ztWY07p7ogV/bmWsU+/1v1L8F0e/1/VS8 57v11AOwIlzw52ZURt6UzAefn1Wf/6Vq2dZLuXAd+UWYbjLZvZyHFUXxXf6JTmmg 7100ziZsQEDtvDfLSJTiY7uvt+OE+jAWH2Djel4y1XMxLl64uxCY7yGa6ohJa+sW 5dj7bynxKUXz8MF/d8AdITIqNxCdgvFFA6zY1YP/Wemql4FVV5jx2kFSLxX3XThP ywCvkKmNzsCwkMfc3N9EwS6sILcPQRBGA9h387DfK8JLZsuYLPI= =3JY6 -----END PGP SIGNATURE-----
--- End Message ---
