Your message dated Sat, 17 Mar 2007 18:32:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#414644: fixed in popularity-contest 1.41
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: popularity-contest
Version: 1.40
Severity: important
Tags: security, patch
Hi,
The popularity-contest's weekly cron job sets HOME to /tmp before
generating the popularity raport. By doing that it tries to avoid dpkg
failures on unreadable /root/.dpkg.cfg file.
However /tmp is world-writeable, so any user can create /tmp/.dpkg.cfg
and make it unreadable for others thus causing dpkg to generate
"failed to open config file" warning.
Patch:
- set HOME to e.g. /nonexistent
or
- don't pass the `-p' option to su
Best Regards,
robert
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2)
Versions of packages popularity-contest depends on:
ii debconf [debconf-2.0] 1.5.13 Debian configuration management sy
ii dpkg 1.13.25 package maintenance system for Deb
Versions of packages popularity-contest recommends:
ii cron 3.0pl1-100 management of regular background p
pn mime-construct <none> (no description available)
ii postfix [mail-transport-agent 2.3.8-1 A high-performance mail transport
-- debconf information:
popularity-contest/submiturls:
* popularity-contest/participate: true
popularity-contest/hostid-failed:
* popularity-contest/use-http: false
--- End Message ---
--- Begin Message ---
Source: popularity-contest
Source-Version: 1.41
We believe that the bug you reported is fixed in the latest version of
popularity-contest, which is due to be installed in the Debian FTP archive:
popularity-contest_1.41.dsc
to pool/main/p/popularity-contest/popularity-contest_1.41.dsc
popularity-contest_1.41.tar.gz
to pool/main/p/popularity-contest/popularity-contest_1.41.tar.gz
popularity-contest_1.41_all.deb
to pool/main/p/popularity-contest/popularity-contest_1.41_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bill Allombert <[EMAIL PROTECTED]> (supplier of updated popularity-contest
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 17 Mar 2007 19:03:31 +0100
Source: popularity-contest
Binary: popularity-contest
Architecture: source all
Version: 1.41
Distribution: unstable
Urgency: low
Maintainer: Popularity Contest Developers <[EMAIL PROTECTED]>
Changed-By: Bill Allombert <[EMAIL PROTECTED]>
Description:
popularity-contest - Vote for your favourite packages automatically
Closes: 414340 414644
Changes:
popularity-contest (1.41) unstable; urgency=low
.
* debian/control: Remove first person use from the package description
Closes: #414340. Thanks Filipus Klutiero.
* debian/cron.weekly: call su without -p to keep $HOME sane.
Closes: #414644. Thanks Robert Luberda
Files:
c13394e1baa00756ffda1648b54ec41b 655 misc optional popularity-contest_1.41.dsc
561ceaac0b90b682444cf181a731e4c4 71870 misc optional
popularity-contest_1.41.tar.gz
917bc48715995778c8281c978936399c 55632 misc optional
popularity-contest_1.41_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF/DEveDPs8bVESBURAlhnAJ4zuBbzhhuOgBTwKrzS8zVhbqj0PwCfeQPM
6TOPBcZXOIEfrHezMrZShOM=
=2khe
-----END PGP SIGNATURE-----
--- End Message ---
