Processed: Its also for woody
Processing commands for [EMAIL PROTECTED]: tags 287043 + woody Bug#287043: CAN-2004-1284 Buffer overflow in the find_next_file function Tags were: security Tags added: woody thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#287043: mpg123: And woody?
On Mon, Jan 17, 2005 at 06:59:11PM +0100, Helge Kreutzmann wrote: Hello, you mention two CAN-numbers when closing this bug, CAN-2004-1284 (which this bug report was about) and CAN-2004-0991 Both are *not* listed in http://www.debian.org/security/nonvulns-woody and they are both not mentioned in the changelog of mpg123 of woody (last entry: Tue, 26 Oct 2004). So either woody is not affected (than the nonvulns-list needs to be updated) or a security update for woody needs to be prepared. An update for woody is pending. Daniel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289732: Conditional command execution
(cc:ed to #218530) Guilherme de S. Pastore wrote to #289732: The attached patches make your maintainer scripts behave just like a package using debhelper would The patch makes use of which. The problem with which is supposed to be that it is in /usr/bin/ and (as Ian Jackson wrote in #218530): `which' is wrong, because we want to know how the shell which is actually executing the maintainer script will execute the command. Andreas Metzler wrote later in #218530: FWIW posix suggests to use command -v if available, The command -v and -V options were added to satisfy requirements from users that are currently accomplished by three different historical utilities: type in the System V shell, whence in the KornShell, and which in the C shell.[...] So I take it that command -v is actually recommended. The problems (judging from the original submission) are, first, that it is being used in a #!/bin/sh script, whereas command -v isn't implemented by all POSIX shells (see policy 10.4), and second, that the command isn't being checked for executability. What is the best way to run a command if and only if it is on the PATH? Debian policy section 9.3.3.2 was later changed by Manoj to show how to test for the presence of a command using command -v. if command -v invoke-rc.d /dev/null 21; then invoke-rc.d package action else /etc/init.d/package action fi However, this does not check that the invoke-rc.d file found on the patch can actually be executed. So I guess you need to do this: #!/bin/bash ... if CMD=$(command -v update-menus 2/dev/null) [ $CMD ] [ -x $CMD ] ; then update-menus fi -- Thomas Hood [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#253079: marked as done (tripwire: Tripwire Format String Vulnerability on reporting mail function)
Your message dated Tue, 18 Jan 2005 04:47:54 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#253079: fixed in tripwire 2.3.1.2.0-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--
Received: (at submit) by bugs.debian.org; 7 Jun 2004 04:36:04 +
From [EMAIL PROTECTED] Sun Jun 06 21:36:04 2004
Return-path: [EMAIL PROTECTED]
Received: from 204.57.138.210.xn.2iij.net (mebius) [210.138.57.204]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BXBrg-0002D1-00; Sun, 06 Jun 2004 21:36:04 -0700
Received: by mebius (Postfix, from userid 1000)
id 1EFAC4606; Mon, 7 Jun 2004 13:37:02 +0900 (JST)
Content-Type: text/plain; charset=us-ascii
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Hideki Yamane [EMAIL PROTECTED]
To: Debian Bug Tracking System [EMAIL PROTECTED]
Subject: tripwire: Tripwire Format String Vulnerability on reporting mail
function
X-Mailer: reportbug 2.61
Date: Mon, 07 Jun 2004 13:37:01 +0900
Message-Id: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_01,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: tripwire
Severity: normal
Tags: security, sarge, sid
Dear tripwire maintainer,
I saw an article in securiteam.com about tripwire's vulnerability.
That is a format string vulnerability exists when tripwire makes
an email report.
(http://www.securiteam.com/unixfocus/5VP060UD5S.html)
It says:
Vulnerable Systems:
* Tripwire commercial versions prior and including 2.4
* Tripwire open source versions prior and including 2.3.1
tripwire package in Debian is 2.3.1.2.0-2, so I think this
vulnerabilty affects this package.
Also there is a patch for original tripwire 2.3.1, check and
apply it please.
Index: src/tripwire/pipedmailmessage.cpp
===
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- src/tripwire/pipedmailmessage.cpp 21 Jan 2001 00:46:48 - 1.1
+++ src/tripwire/pipedmailmessage.cpp 26 May 2004 20:59:15 - 1.2
@@ -180,7 +180,7 @@
void cPipedMailMessage::SendString( const TSTRING s )
{
- if( _ftprintf( mpFile, s.c_str() ) 0 )
+ if( _ftprintf( mpFile, %s, s.c_str() ) 0 )
{
TOSTRINGSTREAM estr;
estr TSS_GetString( cTripwire,
tripwire::STR_ERR2_MAIL_MESSAGE_COMMAND )
--
Regards,
Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp
---
Received: (at 253079-close) by bugs.debian.org; 18 Jan 2005 09:54:58 +
From [EMAIL PROTECTED] Tue Jan 18 01:54:58 2005
Return-path: [EMAIL PROTECTED]
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cqq4g-0002QR-00; Tue, 18 Jan 2005 01:54:58 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cqpxq-00060l-00; Tue, 18 Jan 2005 04:47:54 -0500
From: Luk Claes [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#253079: fixed in tripwire 2.3.1.2.0-3
Message-Id: [EMAIL PROTECTED]
Sender: Archive Administrator [EMAIL PROTECTED]
Date: Tue, 18 Jan 2005 04:47:54 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 7
Source: tripwire
Source-Version: 2.3.1.2.0-3
We believe that the bug you reported is fixed in the latest version of
tripwire, which is due to be installed in the Debian FTP archive:
tripwire_2.3.1.2.0-3.diff.gz
to pool/main/t/tripwire/tripwire_2.3.1.2.0-3.diff.gz
tripwire_2.3.1.2.0-3.dsc
to pool/main/t/tripwire/tripwire_2.3.1.2.0-3.dsc
tripwire_2.3.1.2.0-3_i386.deb
to pool/main/t/tripwire/tripwire_2.3.1.2.0-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes [EMAIL PROTECTED] (supplier of updated
Bug#244299: marked as done (tripwire: twadmin run-away process)
Your message dated Tue, 18 Jan 2005 04:47:53 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#240982: fixed in tripwire 2.3.1.2.0-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 17 Apr 2004 20:27:37 + From [EMAIL PROTECTED] Sat Apr 17 13:27:37 2004 Return-path: [EMAIL PROTECTED] Received: from enchanter.real-time.com [208.20.202.11] ([R+W+TMvyiXCJbTzhqvEBb2S0PL4Wf5b+]) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BEwPZ-00034x-00; Sat, 17 Apr 2004 13:27:37 -0700 Received: from adviser.real-time.com (adviser.real-time.com [65.193.17.238]) by enchanter.real-time.com (8.12.10/8.12.10) with SMTP id i3HKRZDx023350; Sat, 17 Apr 2004 15:27:35 -0500 Received: (nullmailer pid 4246 invoked by uid 1000); Sat, 17 Apr 2004 20:27:29 - Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Bob Tanner [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: tripwire: twadmin run-away process X-Mailer: reportbug 2.56 Date: Sat, 17 Apr 2004 15:27:29 -0500 Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 1 Package: tripwire Version: 2.3.1.2.0-2 Severity: serious Tags: sid Justification: unkkonw twadmin has been running almost 10 days. $ uptime 15:10:02 up 10 days, 2:31, 3 users, load average: 1.00, 1.00, 1.00 It's eating CPU, but after 10 days it hasn't finished? 817 root 18 0 1964 1964 1588 R 96.6 0.8 14362:16 twadmin Only seems to be a problem on my Sparc machines. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: sparc Kernel: Linux 2.4.25smp Locale: LANG=C, LC_CTYPE=C Versions of packages tripwire depends on: ii debconf 1.4.21 Debian configuration management sy ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an ii libgcc1 1:3.3.3-6GCC support library ii libstdc++5 1:3.3.3-6The GNU Standard C++ Library v3 ii nullmailer [mail-transport- 1.00RC7-21 simple relay-only mail transport a -- debconf information: * tripwire/rebuild-config: true * tripwire/use-localkey: true tripwire/change-in-default-policy: tripwire/email-report: tripwire/broken-passphrase: * tripwire/use-sitekey: true tripwire/installed: tripwire/site-passphrase-incorrect: true tripwire/upgrade: true * tripwire/rebuild-policy: true tripwire/local-passphrase-incorrect: true --- Received: (at 240982-close) by bugs.debian.org; 18 Jan 2005 09:54:55 + From [EMAIL PROTECTED] Tue Jan 18 01:54:55 2005 Return-path: [EMAIL PROTECTED] Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cqq4d-0002Pc-00; Tue, 18 Jan 2005 01:54:55 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1Cqpxp-00060b-00; Tue, 18 Jan 2005 04:47:53 -0500 From: Luk Claes [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#240982: fixed in tripwire 2.3.1.2.0-3 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Tue, 18 Jan 2005 04:47:53 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 2 Source: tripwire Source-Version: 2.3.1.2.0-3 We believe that the bug you reported is fixed in the latest version of tripwire, which is due to be installed in the Debian FTP archive: tripwire_2.3.1.2.0-3.diff.gz to pool/main/t/tripwire/tripwire_2.3.1.2.0-3.diff.gz tripwire_2.3.1.2.0-3.dsc to pool/main/t/tripwire/tripwire_2.3.1.2.0-3.dsc tripwire_2.3.1.2.0-3_i386.deb to pool/main/t/tripwire/tripwire_2.3.1.2.0-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug,
Bug#249304: marked as done (tripwire.postinst fails because of empty /etc/tripwire directory)
Your message dated Tue, 18 Jan 2005 04:47:54 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#249304: fixed in tripwire 2.3.1.2.0-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 16 May 2004 16:04:51 + From [EMAIL PROTECTED] Sun May 16 09:04:51 2004 Return-path: [EMAIL PROTECTED] Received: from ns0.extraqt.com (ns0.storagelabs.com) [213.206.72.141] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BPO8A-00046S-00; Sun, 16 May 2004 09:04:51 -0700 Received: from [127.0.0.1] ([EMAIL PROTECTED] [213.206.72.145]) by ns0.storagelabs.com (8.12.11/8.12.11) with ESMTP id i4GG4mH6078297; Sun, 16 May 2004 18:04:48 +0200 (CEST) Message-Id: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Pieter-Bas IJdens [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: tripwire.postinst fails because of empty /etc/tripwire directory X-Mailer: reportbug 2.58 Date: Sun, 16 May 2004 18:04:48 +0200 X-LocalSenderID: StorageLabs MTA Fixes Enabled Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: tripwire Version: 2.3.1.2.0-2 Severity: grave Justification: renders package unusable When installing tripwire on an almost clean install of sarge/testing, post install configuration will fail (withour proper error reporting to the user) making the program unusable. The /var/lib/dpkg/info/tripwire.postinst bails out first at line 99, because files like twpol.txt, twcfg.txt etc are not generated, nor present in /etc/tripwire when this point in the postinstall is reached. The first install failed. After purge, update and re-install it still failed on this error. The postinst script bails out with 'not enough arguments' errors, but when using the dialog based dpkg-reconfigure scripts, everything looks successful because script errors are ignored. # dpkg-reconfigure tripwire 2 error.txt output: Can't open /etc/tripwire/twcfg.txt: No such file or directory. /var/lib/dpkg/info/tripwire.postinst: line 99: [: argument expected /var/lib/dpkg/info/tripwire.postinst: line 108: [: argument expected ### Error: Incorrect number of parameters on command line. ### Exiting... Use --help to get help. ### Error: File could not be opened. ### Filename: /etc/tripwire/tw.cfg ### No such file or directory ### Config file could not be opened. ### Exiting... -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i586) Kernel: Linux 2.4.25-1-386 Locale: LANG=C, LC_CTYPE=C Versions of packages tripwire depends on: ii debconf 1.4.25 Debian configuration management sy ii exim4-daemon-light [mail-tr 4.32-2 Lightweight version of the Exim (v ii libc6 2.3.2.ds1-12 GNU C Library: Shared libraries an ii libgcc1 1:3.3.3-6GCC support library ii libstdc++5 1:3.3.3-6The GNU Standard C++ Library v3 -- debconf information: * tripwire/rebuild-config: true tripwire/email-report: tripwire/broken-passphrase: * tripwire/installed: tripwire/site-passphrase-incorrect: true * tripwire/use-localkey: true tripwire/change-in-default-policy: * tripwire/use-sitekey: true tripwire/upgrade: true * tripwire/rebuild-policy: true tripwire/local-passphrase-incorrect: true --- Received: (at 249304-close) by bugs.debian.org; 18 Jan 2005 09:54:57 + From [EMAIL PROTECTED] Tue Jan 18 01:54:56 2005 Return-path: [EMAIL PROTECTED] Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cqq4e-0002Q2-00; Tue, 18 Jan 2005 01:54:56 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1Cqpxq-00060f-00; Tue, 18 Jan 2005 04:47:54 -0500 From: Luk Claes [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#249304: fixed in tripwire 2.3.1.2.0-3 Message-Id: [EMAIL
Bug#291031: postfix: Upgrade from Postfix 2.1.4-5 to 2.1.5-4 fails #3
Package: postfix Version: 2.1.5-4 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, when updating postfix I got the following error: Running newaliases postalias: fatal: dict_mkmap_func: unsupported dictionary type: mysql does not allow map creation. dpkg: error processing postfix (--configure): subprocess post-installation script returned error exit status 1 dpkg: dependency problems prevent configuration of postfix-tls: postfix-tls depends on postfix; however: Package postfix is not configured yet. postfix-tls depends on postfix (= 2.1.5-4); however: Package postfix is not configured yet. dpkg: error processing postfix-tls (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of postfix-mysql: postfix-mysql depends on postfix; however: Package postfix is not configured yet. postfix-mysql depends on postfix (= 2.1.5-4); however: Package postfix is not configured yet. dpkg: error processing postfix-mysql (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of postfix-pcre: postfix-pcre depends on postfix; however: Package postfix is not configured yet. postfix-pcre depends on postfix (= 2.1.5-4); however: Package postfix is not configured yet. dpkg: error processing postfix-pcre (--configure): dependency problems - leaving unconfigured Setting up postfix-doc (2.1.5-4) ... Errors were encountered while processing: postfix postfix-tls postfix-mysql postfix-pcre E: Sub-process /usr/bin/dpkg returned an error code (1) Here is my main.cf: http://np.debianforum.de/30 Is solved the problem by commenting out the following line virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf by, Martin - -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.27-rc3 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages postfix depends on: ii adduser 3.59 Add and remove users and groups ii debconf [debconf-2.0] 1.4.30.11Debian configuration management sy ii dpkg1.10.25 Package maintenance system for Deb ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libdb4.24.2.52-17Berkeley v4.2 Database Libraries [ ii libgdbm31.8.3-2 GNU dbm database routines (runtime ii netbase 4.19 Basic TCP/IP networking system - -- debconf information: postfix/mailname: /etc/mailname postfix/append_dot_mydomain: false postfix/relayhost: postfix/procmail: postfix/bad_recipient_delimiter: postfix/rfc1035_violation: false postfix/mynetworks: 127.0.0.0/8 * postfix/master_upgrade_warning: true postfix/db_upgrade_warning: true postfix/dynamicmaps_upgrade_warning: postfix/recipient_delim: + * postfix/main_mailer_type: No configuration postfix/transport_map_warning: postfix/chattr: false postfix/root_address: NONE postfix/destinations: postfix/nqmgr_upgrade_warning: postfix/not_configured: postfix/mailbox_limit: 0 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB7N/ZGxxhbGlQyAkRAqiTAJ0YNGLuXMKEERZmgIIZzkUeEYs0egCfXer8 uHAbWAEK3cJOPHu9pg7tXwc= =+1O5 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291037: exim4 4.43-3 fails to send mail after upgrade from 4.34-10 (syntax error)
Package: exim4
Version: 4.34-10
Severity: grave
Justification: renders package unusable
I've had to downgrade exim4 from 4.43-3 to previous 4.34-10 since 4.43-3 failed
to send
any mail with the following error :
2005-01-18 11:11:42 1CqqKs-0006nZ-51 == [EMAIL PROTECTED] R=smarthost
T=remote_smtp_smarthost defer (-1): Failed to expand return path ${if
[EMAIL PROTECTED]
[EMAIL PROTECTED]:
syntax error in if item - fail expected
I made no particular changes in the configuration during or after the
dist-upgrade.
Regards,
-- Package-specific info:
Exim version 4.34 #1 built 05-Jan-2005 11:06:10
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (May 26, 2004)
Support for: iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis
nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
dc_eximconfig_configtype='satellite'
dc_other_hostnames='aneto.local.lan'
dc_local_interfaces='127.0.0.1'
dc_readhost='neo-lan.net'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='aster.local.lan'
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
mailname:aneto.local.lan
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-mm2
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-1) (ignored:
LC_ALL set to fr_FR)
Versions of packages exim4 depends on:
ii exim4-base4.34-10EXperimental Internal Mailer -- a
ii exim4-daemon-light4.34-10Lightweight version of the Exim (v
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability
Processing commands for [EMAIL PROTECTED]: tag 291033 + woody security Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability There were no tags set. Tags added: woody, security severity 291033 grave Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability Severity set to `grave'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: proxycheck segfault
Processing commands for [EMAIL PROTECTED]: severity 290970 minor Bug#290970: proxycheck: segfaults when run Severity set to `minor'. tags 290970 confirmed Bug#290970: proxycheck: segfaults when run There were no tags set. Tags added: confirmed -- Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290111: digikamplugins: FTBFS: Cannot find headers
If this package is obsoleted by digikam 0.7, what reason is there to wait before asking for its removal? To me, obsoleted means doesn't work. -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Processed: Fixed in NMU of xodo 1.2-9.2
Processing commands for [EMAIL PROTECTED]: tag 289732 + fixed Bug#289732: postint use command -v update-menus Tags were: patch Tags added: fixed quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: 2.6.9 bugs - kernel
Processing commands for [EMAIL PROTECTED]: reassign 279689 kernel Bug#279689: /boot/vmlinuz-2.6.9-1-686: freeze when starting rivafb Warning: Unknown package 'kernel-image-2.6.9-1-686' Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'. reassign 280075 kernel Bug#280075: kernel-image-2.6.9-1-686: Laptop has problems when resuming after suspend with apm Warning: Unknown package 'kernel-image-2.6.9-1-686' Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'. reassign 281739 kernel Bug#281739: kernel-image-2.6.9-1-686: dangling source symlink in /lib/modules/`uname -r` Warning: Unknown package 'kernel-image-2.6.9-1-686' Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'. reassign 282195 kernel Bug#282195: kernel-image-2.6.9-1-686: ip_tables seem to be broken Warning: Unknown package 'kernel-image-2.6.9-1-686' Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'. reassign 283478 kernel Bug#283478: kernel-image-2.6.9-1-686: TV apps without sound invoke sound. Module saa7134 broken? Warning: Unknown package 'kernel-image-2.6.9-1-686' Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'. reassign 284015 kernel Bug#284015: kernel-image-2.6.9-1-686: DMA timeout error Warning: Unknown package 'kernel-image-2.6.9-1-686' Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'. reassign 285615 kernel Bug#285615: kernel-image-2.6.9-1-686: IBM thinkpad T41 can not power off and suspend without ACPI patch Warning: Unknown package 'kernel-image-2.6.9-1-686' Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'. reassign 287100 kernel Bug#287100: kernel-image-2.6.9-1-686: missing logging functionality selinux Warning: Unknown package 'kernel-image-2.6.9-1-686' Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'. reassign 287271 kernel Bug#287271: Bugfix in /etc/dev.d/block/hal-unmount.dev Warning: Unknown package 'kernel-image-2.6.9-1-686' Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'. reassign 289719 kernel Bug#289719: ipip module doesn't marked as used -- but it shall be Warning: Unknown package 'kernel-image-2.6.9-1-686' Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'. reassign 284783 kernel Bug#284783: kernel-image-2.6.9-1-686-smp: Kernel oops possibly related to kswapd Warning: Unknown package 'kernel-image-2.6.9-1-686-smp' Bug reassigned from package `kernel-image-2.6.9-1-686-smp' to `kernel'. reassign 285108 kernel Bug#285108: kernel-image-2.6.9: Fails to recognize CDRW/DVD Warning: Unknown package 'kernel-image-2.6.9-1-686-smp' Bug reassigned from package `kernel-image-2.6.9-1-686-smp' to `kernel'. reassign 286609 kernel Bug#286609: kernel-image-2.6.9-1-686-smp: No entropy from /dev/random Warning: Unknown package 'kernel-image-2.6.9-1-686-smp' Bug reassigned from package `kernel-image-2.6.9-1-686-smp' to `kernel'. reassign 287970 kernel Bug#287970: instalation on SATA drive and Kernel Panic Warning: Unknown package 'kernel-image-2.6.9-1-686-smp' Bug reassigned from package `kernel-image-2.6.9-1-686-smp' to `kernel'. reassign 280404 kernel Bug#280404: cdrom: Changed API Cedega(winex) was dependant on, Diablo2 stoped finding CD. Warning: Unknown package 'kernel-image-2.6.9-1-k7' Bug reassigned from package `kernel-image-2.6.9-1-k7' to `kernel'. reassign 283715 kernel Bug#283715: kernel-image-2.6.9-1-k7: Removes /initrd.img, makes system unbootable Warning: Unknown package 'kernel-image-2.6.9-1-k7' Bug reassigned from package `kernel-image-2.6.9-1-k7' to `kernel'. -- Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#282241: gpdf: Works...
Processing commands for [EMAIL PROTECTED]: tags 282241 + fixed-upstream pending Bug#282241: gpdf shows embedded bookmark tree, but clicking bookmarks goes to first page Tags were: patch Tags added: fixed-upstream, pending tags 290731 + fixed-upstream pending Bug#290731: CAN-2004-1125: Buffer overflow with DoS and possible artbitrary code execution vulnerability Tags were: fixed-upstream patch security upstream Tags added: fixed-upstream, pending tags 290969 + fixed-upstream pending Bug#290969: gpdf: Left bar display items, but clicking on them doesn't have any effect There were no tags set. Tags added: fixed-upstream, pending thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: kbabel: crash with some .po file
Processing commands for [EMAIL PROTECTED]: tags 289646 experimental Bug#289646: kbabel: crash with some .po file There were no tags set. Tags added: experimental thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289646: kbabel: crash with some .po file
tags 289646 experimental thanks Matias, I am not able to reproduce this bug using the packages in sarge. Can you please downgrade kdelibs4 on your system to the version in unstable, to confirm whether this bug still exists for you? Thanks, -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Processed: Re: systraq: Sends cronjob output every hour about missing paterns file
Processing commands for [EMAIL PROTECTED]: reopen 289791 Bug#289791: systraq: Sends cronjob output every hour about missing paterns file Bug reopened, originator not changed. severity 289791 serious Bug#289791: systraq: Sends cronjob output every hour about missing paterns file Severity set to `serious'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291053: kernel-source-2.4.19: CAN-2004-1235 not been patched
Package: kernel-source-2.4.19 Version: stable Severity: grave Tags: security Justification: user security hole Is this package no longer being patched? The changelog doesn't mention anything about the recent vulnerabilities and the last upload seems to have been a long time ago. I need a patched kernel on my woody systems... greets, Wim -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.9 Locale: LANG=nl_BE.ISO-8859-1, LC_CTYPE=nl_BE.ISO-8859-1 (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290474: new attempts to solve this problem
Somebody told me that there could be an incompatibility between Grub and Xfs, thus I switched to Lilo. The result is the same, but with a different error message: /sbin/init is not found. Maybe this will help... -- Olivier Lecarme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: prozilla
Processing commands for [EMAIL PROTECTED]: package prozilla Ignoring bugs not assigned to: prozilla tag 271736 -pending Bug#271736: Error in the comment on ftp.h Tags were: pending Tags removed: pending tag 284117 -pending Bug#284117: remotely exploitable buffer overflow (CAN-2004-1120) Tags were: pending confirmed security Tags removed: pending tag 290218 -pending Bug#290218: Improper copyright file Tags were: pending Tags removed: pending tag 290242 -pending Bug#290242: prozilla: comment in ftpparse.c is ambiguous Tags were: pending confirmed Tags removed: pending tag 290327 -pending Bug#290327: prozilla: http.c displays password Tags were: pending Tags removed: pending severity 290242 serious Bug#290242: prozilla: comment in ftpparse.c is ambiguous Severity set to `serious'. retitle 290242 prozilla: note in ftpparse.c makes it non-free Bug#290242: prozilla: comment in ftpparse.c is ambiguous Changed Bug title. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291064: Arbitrary command execution
Package: awstats Version: 6.2-1 Severity: grave Tags: security sarge sid patch Please see this advisory at iDEFENSE for details http://www.idefense.com/application/poi/display?id=185type=vulnerabilitiesflashstatus=false VI. VENDOR RESPONSE This vulnerability is addressed in AWStats 6.3, available for download The version in woody is not affected by this problem. Regards, Joey -- Ten years and still binary compatible. -- XFree86 Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: severity 290547 important
Processing commands for [EMAIL PROTECTED]: severity 290547 important Bug#290547: libarts1: Troubled system-sound with KDE 3.3.1 on testing Severity set to `important'. stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290111: digikamplugins: FTBFS: Cannot find headers
On Tuesday 18 January 2005 12:55, Steve Langasek wrote: If this package is obsoleted by digikam 0.7, what reason is there to wait before asking for its removal? To me, obsoleted means doesn't work. Hi Steve, the plugins 'work' but no package use the plugins anymore. As I tried to explain in my last msg, I would like to upload a dummy digikamplugins pkg, that just depends on kipi-plugins as 'soon' as kipi-plugins enters sid (currently still pending in NEW queue). That's just to smooth upgrade. Some weeks before pkg freeze, my plan was ask for the digikamplugin removal. If you, as RM, think the timescales are too short let me know and I'll submit a bugreport for removal to ftp-masters now. Achim -- Steve Langasek postmodern programmer -- To me vi is Zen. To use vi is to practice zen. Every command is a koan. Profound to the user, unintelligible to the uninitiated. You discover truth everytime you use it. -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: python2.3-libplot: Fails on import
Processing commands for [EMAIL PROTECTED]: tags 290859 unreproducible moreinfo Bug#290859: python2.3-libplot: Fails on import There were no tags set. Tags added: unreproducible, moreinfo severity 290859 important Bug#290859: python2.3-libplot: Fails on import Severity set to `important'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: woody bug
Processing commands for [EMAIL PROTECTED]: tags 290650 woody Bug#290650: xserver-xfree86: Startup fails for clamshell iBook after jan15 woody update: no valid Screen config There were no tags set. Tags added: woody thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability
On Tue, Jan 18, 2005 at 08:57:07PM +0900, Ryuichi Arafune wrote:
From: Daniel Kobras [EMAIL PROTECTED]
An updated package for unstable is already sitting in incoming and
should soon become available in testing as well. However, I've just
verified that the vulnerability is present in the woody version as well,
so this bug still needs to be acted upon. Ryuichi, do you want to
prepare updated woody packages yourself? Otherwise, I'd offer to do so.
Please do it. Now, I'm busy. And I don't have woody system.
Okay, I've sent updated packages to the security team. Debdiff to the
previous version in stable is attached. While preparing the stable
update, I noted that the patch applied in 6.0.6.2-2 only fixes part of
the issue because it missed the second boundary check applied (and
well-hidden in a pile of unrelated changes) by upstream. Unless you get
around to it sooner than me, I'll try to fix this up in a 6.0.6.2-2.1
upload as soon as possible.
Regards,
Daniel.
diff -u imagemagick-5.4.4.5/debian/changelog
imagemagick-5.4.4.5/debian/changelog
--- imagemagick-5.4.4.5/debian/changelog
+++ imagemagick-5.4.4.5/debian/changelog
@@ -1,3 +1,11 @@
+imagemagick (4:5.4.4.5-1woody5) stable-security; urgency=high
+
+ * Non-maintainer upload for the Security Team.
+ * coders/psd.c: Fix potential heap overflow when reading Photoshop
+image files (CAN-2005-0005). Closes: #291033
+
+ -- Daniel Kobras [EMAIL PROTECTED] Tue, 18 Jan 2005 12:43:45 +0100
+
imagemagick (4:5.4.4.5-1woody4) stable-security; urgency=high
* Non-maintainer upload for the Security Team.
only in patch2:
unchanged:
--- imagemagick-5.4.4.5.orig/coders/psd.c
+++ imagemagick-5.4.4.5/coders/psd.c
@@ -408,6 +408,8 @@
static Image *ReadPSDImage(const ImageInfo *image_info,ExceptionInfo
*exception)
{
+#define MaxPSDChannels 24
+
typedef enum
{
BitmapMode = 0,
@@ -439,7 +441,7 @@
channels;
ChannelInfo
- channel_info[24];
+ channel_info[MaxPSDChannels];
char
blendkey[4];
@@ -558,6 +560,8 @@
ThrowReaderException(CorruptImageWarning,Not a PSD image file,image);
(void) ReadBlob(image,6,(char *) psd_info.reserved);
psd_info.channels=ReadBlobMSBShort(image);
+ if (psd_info.channels MaxPSDChannels)
+ThrowReaderException(CorruptImageError,MaximumChannelsExceeded,image);
psd_info.rows=ReadBlobMSBLong(image);
psd_info.columns=ReadBlobMSBLong(image);
psd_info.depth=ReadBlobMSBShort(image);
@@ -681,6 +685,9 @@
layer_info[i].page.height=(ReadBlobMSBLong(image)-layer_info[i].page.y);
layer_info[i].page.width=(ReadBlobMSBLong(image)-layer_info[i].page.x);
layer_info[i].channels=ReadBlobMSBShort(image);
+ if (layer_info[i].channels MaxPSDChannels)
+ ThrowReaderException(CorruptImageError,MaximumChannelsExceeded,
+ image);
for (j=0; j layer_info[i].channels; j++)
{
layer_info[i].channel_info[j].type=ReadBlobMSBShort(image);
Bug#290474: new attempts to solve this problem
On Tue, 18 Jan 2005, Olivier Lecarme wrote: Somebody told me that there could be an incompatibility between Grub and Xfs, thus I switched to Lilo. The result is the same, but with a different error message: /sbin/init is not found. Maybe this will help... -- Olivier Lecarme no please provide full error message. -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291091: Konqueror 3.3.1-4 respawns on clicking any link
Package: konqueror Version: 3.3.1-4 Severity: serious If I start konqueror from the menu or command line, it comes up normally. If I click on any link, it spawns another window and contines to spawn new windows at about 2-3 second intervals. I have to killall konqueror or C-c from command line to kill it. Konqueror is at present unusable. The system was upgraded from woody to sarge about 10 days ago. This behavior started today. [EMAIL PROTECTED]:~$ konqueror konqueror: ERROR: Error in BrowserExtension::actionSlotMap(), unknown action : searchProvider [EMAIL PROTECTED]:~$ apt-cache policy konqueror konqueror: Installed: 4:3.3.1-4 Candidate: 4:3.3.1-4 Version Table: *** 4:3.3.1-4 0 500 http://http.us.debian.org sarge/main Packages 100 /var/lib/dpkg/status [EMAIL PROTECTED]:~$ uname -a Linux mug 2.2.19 #1 Sun Apr 8 13:42:11 EST 2001 i686 GNU/Linux [EMAIL PROTECTED]:~$ dpkg -s libc6 |grep ^Version Version: 2.3.2.ds1-20 -- Bud Rogers [EMAIL PROTECTED] Western Farmers Electric Cooperative -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291057: marked as done (Please remove out-of-date kernel module packages from unstable)
Your message dated Wed, 19 Jan 2005 03:03:22 +1000 with message-id [EMAIL PROTECTED] and subject line Bug#291057: Please remove out-of-date kernel module packages from unstable has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 18 Jan 2005 13:56:17 + From [EMAIL PROTECTED] Tue Jan 18 05:56:17 2005 Return-path: [EMAIL PROTECTED] Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain) [66.93.39.86] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CqtqD-0001eh-00; Tue, 18 Jan 2005 05:56:17 -0800 Received: by localhost.localdomain (Postfix, from userid 1000) id BA03BA30D0; Tue, 18 Jan 2005 05:56:17 -0800 (PST) Date: Tue, 18 Jan 2005 05:56:17 -0800 From: Steve Langasek [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please remove out-of-date kernel module packages from unstable Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary=iAzLNm1y1mIRgolD Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: --iAzLNm1y1mIRgolD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: ftp.debian.org Severity: grave Security updates for the Debian kernel packages are available in unstable for multiple architectures, and are ready to propagate into testing once a number of stale binary packages are removed. i386 =46rom the i2c source package: i2c-2.4.27-1-386, i2c-2.4.27-1-586tsc, i2c-2.4.27-1-686, i2c-2.4.27-1-686-smp, i2c-2.4.27-1-k6, i2c-2.4.27-1-k7, i2c-2.4.27-1-k7-smp =46rom the linux-wlan-ng source package: linux-wlan-ng-modules-2.4.27-1-386, linux-wlan-ng-modules-2.4.27-1-586tsc, linux-wlan-ng-modules-2.4.27-1-686, linux-wlan-ng-modules-2.4.27-1-686-smp, linux-wlan-ng-modules-2.4.27-1-k6, linux-wlan-ng-modules-2.4.27-1-k7, linux-wlan-ng-modules-2.4.27-1-k7-smp =46rom the lm-sensors source package: lm-sensors-2.4.27-1-386, lm-sensors-2.4.27-1-586tsc,=20 lm-sensors-2.4.27-1-686, lm-sensors-2.4.27-1-686-smp,=20 lm-sensors-2.4.27-1-k6, lm-sensors-2.4.27-1-k7,=20 lm-sensors-2.4.27-1-k7-smp =46rom the kernel-image-2.6.8-i386 source package: kernel-headers-2.6.8-1 Rene does not object that these packages are not built from source, even though this is the case for lm-sensors, i2c, and kernel-image-2.6.8-i386. (For linux-wlan-ng, the modules packages are not listed in the source package control file at all.) For i2c and lm-sensors, there has been a new upload that supersedes these binary packages. For linux-wlan-ng, there has been no such upload; however, the packages currently in the archive are broken with all available kernel packages, so I don't think there's any reason to keep them, especially since they block fixed kernel packages from testing. For kernel-headers-2.6.8-1, this package is still referenced by other source packages in unstable that build it for other architectures (s390, hppa, alpha) that have not yet been updated. In addition, a new version of alsa-modules-i386 is awaiting NEW processing which brings this set of modules into line with the current kernel ABI. Due to a bug in the previous version of alsa-modules-i386, this package is *not* blocking the transition of the fixed 2.4.27 kernel packages into testing, but it would be nice to have -- there will also be stale 2.4.27-1 binaries to be removed for this package. alpha - =46rom the kernel-image-2.4.27-alpha package: kernel-headers-2.4.27-1-generic, kernel-headers-2.4.27-1-smp, kernel-image-2.4.27-1-generic, kernel-image-2.4.27-1-smp This is reported by rene. ia64 =46rom the kernel-image-2.4.27-ia64 package: kernel-build-2.4.27-1, kernel-headers-2.4.27-1 =46rom the kernel-image-2.6.8-ia64 package: kernel-headers-2.6.8-1 These are not reported by rene. sparc - =46rom the kernel-image-2.6.8-sparc package: kernel-headers-2.6.8-1 This is not reported by rene. Thanks, --=20 Steve Langasek postmodern programmer --iAzLNm1y1mIRgolD Content-Type: application/pgp-signature; name=signature.asc Content-Description: Digital signature Content-Disposition:
Bug#290731: marked as done (CAN-2004-1125: Buffer overflow with DoS and possible artbitrary code execution vulnerability)
Your message dated Tue, 18 Jan 2005 12:47:05 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#290731: fixed in gpdf 2.8.2-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 16 Jan 2005 10:09:30 + From [EMAIL PROTECTED] Sun Jan 16 02:09:30 2005 Return-path: [EMAIL PROTECTED] Received: from mail.o2w.nl [213.227.141.209] (postfix) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cq7Le-PB-00; Sun, 16 Jan 2005 02:09:30 -0800 Received: from zensunni.xinara.org (node-072-048.dsl.active24.nl [217.22.72.48]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client did not present a certificate) by mail.o2w.nl (Postfix) with ESMTP id 841F2359D1 for [EMAIL PROTECTED]; Sun, 16 Jan 2005 11:09:27 +0100 (CET) Received: from ray by zensunni.xinara.org with local (Exim 4.34) id 1Cq7LQ-QA-6C; Sun, 16 Jan 2005 11:09:16 +0100 Date: Sun, 16 Jan 2005 11:09:16 +0100 From: J.H.M. Dassen (Ray) [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: CAN-2004-1125: Buffer overflow with DoS and possible artbitrary code execution vulnerability Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Reportbug-Version: 3.5 Organization: Ray at home X-System: Debian GNU/Linux 3.1, kernel 2.4.29-rc2 User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: gpdf Version: 2.8.1-1 Severity: grave Tags: security patch upstream fixed-upstream The NEWS file for the new upstream release (2.8.2) says: * Fix potential buffer overflow in xpdf colorspace handling code. (Derek Noonburg) - CAN 2004-1125 Here's that issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 : +-+ |Name |CAN-2004-1125 (under review) | |---+-| | |Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf | | |3.00, and other products that share code such as tetex-bin and | |Description|kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote | | |attackers to cause a denial of service (application crash) and | | |possibly execute arbitrary code via a crafted PDF file that | | |causes the boundaries of a maskColors array to be exceeded. | |---+-| | | * IDEFENSE:20041221 Multiple Vendor xpdf PDF Viewer Buffer | | |Overflow Vulnerability | | | * URL:http://http://www.idefense.com/application/poi/display?id| | |=172type=vulnerabilities| | | * CONFIRM:ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch| | | * CONFIRM:http://www.kde.org/info/security/| | |advisory-20041223-1.txt | | | * BUGTRAQ:20041228 KDE Security Advisory: kpdf Buffer Overflow | |References |Vulnerability| | | * URL:http://marc.theaimsgroup.com/?t=11037859651r=1w=2 | | | * FULLDISC:20041223 [USN-48-1] xpdf, tetex-bin vulnerabilities | | | * URL:http://lists.netsys.com/pipermail/full-disclosure/ | | |2004-December/030241.html| | | * BUGTRAQ:20041223 [USN-50-1] CUPS vulnerabilities | | | * URL:http://marc.theaimsgroup.com/?l=bugtraqm=110384680309105| | |w=2 | | | * XF:xpdf-gfx-doimage-bo(18641)| | | * URL:http://xforce.iss.net/xforce/xfdb/18641 | |---+-| |Phase |Assigned (20041202) | |---+-| |Votes |
Bug#291089: marked as done (docdiff installs files into a rather nonstandard location)
Your message dated Tue, 18 Jan 2005 13:09:21 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#291089: docdiff installs files into a rather nonstandard location has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 18 Jan 2005 16:37:42 + From [EMAIL PROTECTED] Tue Jan 18 08:37:42 2005 Return-path: [EMAIL PROTECTED] Received: from cugglephone.madeley.id.au (persephone.madeley.id.au) [203.56.15.217] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CqwMQ-0006Wv-00; Tue, 18 Jan 2005 08:37:42 -0800 Received: by persephone.madeley.id.au (Postfix, from userid 1000) id 7C1C219CB8E; Wed, 19 Jan 2005 00:37:40 +0800 (WST) Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Davyd Madeley [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: docdiff installs files into a rather nonstandard location X-Mailer: reportbug 3.5ubuntu2 Date: Wed, 19 Jan 2005 00:37:40 +0800 Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: docdiff Version: 0.3.1-1 Severity: grave Justification: renders package unusable docdiff would appear to have some creative locations for files. Here is a sample of `dpkg -L`: /usr/share/doc/docdiff/changelog.Debian.gz /usr/share/man /usr/share/man/man1 /usr/share/man/man1/docdiff.1.gz /docdiff /docdiff/document.rb /docdiff/charstring.rb /docdiff/encoding I think it speaks for itself. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.10-1-686-smp Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Versions of packages docdiff depends on: ii libiconv-ruby1.8 1.8.1+1.8.2pre4-1 A Wrapper class of iconv for the R ii ruby1.81.8.1+1.8.2pre4-1 Interpreter of object-oriented scr -- no debconf information --- Received: (at 291089-done) by bugs.debian.org; 18 Jan 2005 18:09:26 + From [EMAIL PROTECTED] Tue Jan 18 10:09:26 2005 Return-path: [EMAIL PROTECTED] Received: from ms-smtp-01.nyroc.rr.com [24.24.2.55] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CqxnC-0007Jv-00; Tue, 18 Jan 2005 10:09:26 -0800 Received: from andromeda (syr-24-59-54-124.twcny.rr.com [24.59.54.124]) by ms-smtp-01.nyroc.rr.com (8.12.10/8.12.10) with ESMTP id j0II9NK3029762; Tue, 18 Jan 2005 13:09:24 -0500 (EST) Received: from pryzbyj by andromeda with local (Exim 3.36 #1 (Debian)) id 1Cqxn7-0008Kq-00; Tue, 18 Jan 2005 13:09:21 -0500 Date: Tue, 18 Jan 2005 13:09:21 -0500 To: Davyd Madeley [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Bug#291089: docdiff installs files into a rather nonstandard location Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.5.6+20040907i From: Justin Pryzby [EMAIL PROTECTED] X-Virus-Scanned: Symantec AntiVirus Scan Engine Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: On Wed, Jan 19, 2005 at 01:54:41AM +0800, Davyd Madeley wrote: On Tue, 2005-01-18 at 12:50 -0500, Justin Pryzby wrote: For what it's worth, this package is being dragged in through Ubuntu's universe. So its an ubuntu .deb, not a debian one? Can you post it online, or give me a url? Debian's .deb appears to be fine. Hmm, as far as I can tell, it should be pretty pure. http://archive.ubuntu.com/ubuntu/pool/universe/d/docdiff/docdiff_0.3.1-1_all.deb Ubuntu's .deb lists files in ./docdiff/, whereas Debian's .deb lists files only in ./usr/ and ./etc/ (dpkg-deb -c to list the contents). I was under the impression that Ubuntu had patched reportbug to only report Debian bugs back to Debian, but don't quote me on that. I don't know anything about that, but its definitely
Bug#291011: arggg fix the real problem.
Changes: sysfsutils (1.2.0-2) unstable; urgency=low . * sysfsutils.init: Use shell bash instead of sh. (closes: #291011) Please do not use bash, just fix the real problem, I offered a patch in #291022 which does this (and more). Additional bugs in the current script: Your replacement of '.' to '/' isn't a good idea because there are paths in sysfs which can contain '.' -- my patch accounted for that as well. You defined a configuration file variable, and then didn't use it, my patch took care of that too. -- Jamie Heilman http://audible.transient.net/~jamie/ I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's not for you. She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway. -Holly -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability
On Tue, Jan 18, 2005 at 05:34:08PM +0100, Daniel Kobras wrote:
Okay, I've sent updated packages to the security team. Debdiff to the
previous version in stable is attached. While preparing the stable
update, I noted that the patch applied in 6.0.6.2-2 only fixes part of
the issue because it missed the second boundary check applied (and
well-hidden in a pile of unrelated changes) by upstream. Unless you get
around to it sooner than me, I'll try to fix this up in a 6.0.6.2-2.1
upload as soon as possible.
Here's the necessary change for the sid version. I intend to upload the
NMU right away as this should gain us a day in getting the complete fix
into testing. (I also removed the file nohup.out that seems to have
slipped in by mistake in -1.6.)
Regards,
Daniel.
diff -u imagemagick-6.0.6.2/coders/psd.c imagemagick-6.0.6.2/coders/psd.c
--- imagemagick-6.0.6.2/coders/psd.c
+++ imagemagick-6.0.6.2/coders/psd.c
@@ -850,6 +850,8 @@
layer_info[i].page.x, layer_info[i].page.y,
layer_info[i].page.height, layer_info[i].page.width,
layer_info[i].channels);
+ if (layer_info[i].channels MaxPSDChannels)
+ ThrowReaderException(CorruptImageError,MaximumChannelsExceeded);
for (j=0; j (long) layer_info[i].channels; j++)
{
layer_info[i].channel_info[j].type=(short)
diff -u imagemagick-6.0.6.2/debian/changelog
imagemagick-6.0.6.2/debian/changelog
--- imagemagick-6.0.6.2/debian/changelog
+++ imagemagick-6.0.6.2/debian/changelog
@@ -1,3 +1,12 @@
+imagemagick (6:6.0.6.2-2.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * coders/psd.c: Apply further boundary check to completely plug
+buffer overflow when reading Photoshop images (CAN-2005-0005).
+Closes: #291033
+
+ -- Daniel Kobras [EMAIL PROTECTED] Tue, 18 Jan 2005 18:20:05 +0100
+
imagemagick (6:6.0.6.2-2) unstable; urgency=high
* Fixes a buffer overflow in the PSD image-decoding.
reverted:
--- imagemagick-6.0.6.2/nohup.out
+++ imagemagick-6.0.6.2.orig/nohup.out
@@ -1,28 +0,0 @@
-dpkg-buildpackage: source package is imagemagick
-dpkg-buildpackage: source version is 6:6.0.6.2-1.6
-dpkg-buildpackage: source maintainer is Andreas Tille [EMAIL PROTECTED]
-dpkg-buildpackage: host architecture is i386
- fakeroot debian/rules clean
-dh_testdir
-dh_testroot
-rm -f build-stamp
-# Add here commands to clean up after the build process.
-cd PerlMagick /usr/bin/make distclean
-make[1]: Entering directory
`/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2/PerlMagick'
-make[1]: *** Keine Regel, um »distclean« zu erstellen. Schluss.
-make[1]: Leaving directory
`/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2/PerlMagick'
-make: [clean] Fehler 2 (ignoriert)
-/usr/bin/make distclean
-make[1]: Entering directory `/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2'
-make[1]: *** Keine Regel, um »distclean« zu erstellen. Schluss.
-make[1]: Leaving directory `/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2'
-make: [clean] Fehler 2 (ignoriert)
-cd Magick++ /usr/bin/make distclean
-make[1]: Entering directory
`/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2/Magick++'
-make[1]: *** Keine Regel, um »distclean« zu erstellen. Schluss.
-make[1]: Leaving directory
`/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2/Magick++'
-make: [clean] Fehler 2 (ignoriert)
-dh_clean
- dpkg-source -b imagemagick-6.0.6.2
-dpkg-source: building imagemagick using existing
imagemagick_6.0.6.2.orig.tar.gz
-dpkg-source: building imagemagick in imagemagick_6.0.6.2-1.6.diff.gz
Processed: your mail
Processing commands for [EMAIL PROTECTED]: severity 291043 serious Bug#291043: galeon: after update (clean fresh sarge) middle button is not working Severity set to `serious'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: this seems unlikely...
Processing commands for [EMAIL PROTECTED]: tags 291083 unreproducible Bug#291083: apache2-mpm-prefork: Fail to install There were no tags set. Tags added: unreproducible severity 291083 normal Bug#291083: apache2-mpm-prefork: Fail to install Severity set to `normal'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291083: this seems unlikely...
tags 291083 unreproducible severity 291083 normal thanks Hi, I suspect we'd've heard before if this was the case; can you send an ls of your /etc/apache2/mods-available/ directory. Also, is this a clean install, or have you customised a preexisting install? Cheers, -Thom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290047: patch
Here's a patch for the security holes. -- see shy jo diff -ur old/linux-wlan-ng-0.2.0+0.2.1pre21/debian/changelog linux-wlan-ng-0.2.0+0.2.1pre21/debian/changelog --- old/linux-wlan-ng-0.2.0+0.2.1pre21/debian/changelog 2005-01-18 15:22:29.0 -0500 +++ linux-wlan-ng-0.2.0+0.2.1pre21/debian/changelog 2005-01-18 15:22:20.0 -0500 @@ -1,3 +1,12 @@ +linux-wlan-ng (0.2.0+0.2.1pre21-1.1) UNRELEASED; urgency=low + + * NMU + * Remove unsafe echo to /tmp/log that I added for debugging ages ago. + * Fix unsafe uses of temp files in /etc/wlan/shared (not used by default +in Debian) -- use /var/run instead. Closes: #290047 + + -- Joey Hess [EMAIL PROTECTED] Tue, 18 Jan 2005 15:18:15 -0500 + linux-wlan-ng (0.2.0+0.2.1pre21-1) unstable; urgency=low * New upstream prerelease (Closes: #269678) diff -ur old/linux-wlan-ng-0.2.0+0.2.1pre21/debian/linux-wlan-ng-resume linux-wlan-ng-0.2.0+0.2.1pre21/debian/linux-wlan-ng-resume --- old/linux-wlan-ng-0.2.0+0.2.1pre21/debian/linux-wlan-ng-resume 2005-01-18 15:22:29.0 -0500 +++ linux-wlan-ng-0.2.0+0.2.1pre21/debian/linux-wlan-ng-resume 2005-01-18 15:18:11.0 -0500 @@ -3,7 +3,6 @@ # iterfaces. Otherwise they could get into a weird state. IFACES=$(ifconfig | grep -B 1 ^wlan | cut -d ' ' -f 1) for iface in $IFACES; do - echo down $ifcase /tmp/log ifdown $iface || ifconfig $iface down done diff -ur old/linux-wlan-ng-0.2.0+0.2.1pre21/etc/wlan/shared linux-wlan-ng-0.2.0+0.2.1pre21/etc/wlan/shared --- old/linux-wlan-ng-0.2.0+0.2.1pre21/etc/wlan/shared 2004-03-12 11:26:02.0 -0500 +++ linux-wlan-ng-0.2.0+0.2.1pre21/etc/wlan/shared 2005-01-18 15:21:48.0 -0500 @@ -572,9 +572,9 @@ # Collect the current scheme name and save the file if [ -r $WLAN_SCHEMEFILE ] ; then WLAN_SCHEME=`cat $WLAN_SCHEMEFILE` - cp $WLAN_SCHEMEFILE /tmp/wlan_scheme_`date +%T`.tmp + cp $WLAN_SCHEMEFILE /var/run/wlan_scheme_`date +%T`.tmp else - touch /tmp/wlan_scheme_`date +%T`.tmp + touch /var/run/wlan_scheme_`date +%T`.tmp fi @@ -602,7 +602,7 @@ WLAN_SCHEMEFILE=/var/run/pcmcia-scheme fi - TMPFILE=`ls /tmp/wlan_scheme*.tmp | tail -n 1` + TMPFILE=`ls /var/run/wlan_scheme*.tmp | tail -n 1` if [ -r $TMPFILE ] ; then cat $TMPFILE $WLAN_SCHEMEFILE signature.asc Description: Digital signature
Processed: Re: libstdc++6-4.0-doc: cannot install
Processing commands for [EMAIL PROTECTED]: tags 291060 + experimental confirmed Bug#291060: libstdc++6-4.0-doc: cannot install There were no tags set. Tags added: experimental, confirmed thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder
Package: imagemagick Version: 6:6.0.6.2-1.6 Severity: grave Tags: security patch Our imagemagick package has a buffer overflow security hole, as described here: http://www.idefense.com/application/poi/display?id=184type=vulnerabilities I've attached a patch sideported from Ubuntu. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.27 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages imagemagick depends on: ii libmagick6 6:6.0.6.2-1.6 Image manipulation library -- no debconf information -- see shy jo --- imagemagick-6.0.2.5.orig/coders/psd.c +++ imagemagick-6.0.2.5/coders/psd.c @@ -672,6 +672,8 @@ } (void) ReadBlob(image,6,psd_info.reserved); psd_info.channels=ReadBlobMSBShort(image); + if (psd_info.channels 24) +ThrowReaderException(CorruptImageError,MaximumChannelsExceeded); psd_info.rows=ReadBlobMSBLong(image); psd_info.columns=ReadBlobMSBLong(image); psd_info.depth=ReadBlobMSBShort(image); @@ -853,6 +855,8 @@ layer_info[i].page.height=(ReadBlobMSBLong(image)-layer_info[i].page.y); layer_info[i].page.width=(ReadBlobMSBLong(image)-layer_info[i].page.x); layer_info[i].channels=ReadBlobMSBShort(image); +if (layer_info[i].channels 24) + ThrowReaderException(CorruptImageError,MaximumChannelsExceeded); if (image-debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), offset(%ld,%ld), size(%ld,%ld), channels=%d, layer_info[i].page.x, layer_info[i].page.y, signature.asc Description: Digital signature
Processed: Re: Bug#291125: vim: temporary file vulnerabilities (CAN-2005-0069)
Processing commands for [EMAIL PROTECTED]: severity 289560 grave Bug#289560: vim: Race conditions and symlink attacks in vim (tcltags and vimspell) Severity set to `grave'. merge 289560 291125 Bug#289560: vim: Race conditions and symlink attacks in vim (tcltags and vimspell) Bug#291125: vim: temporary file vulnerabilities (CAN-2005-0069) Merged 289560 291125. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder
Processing commands for [EMAIL PROTECTED]: tag 291033 - woody Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability Tags were: fixed security woody Tags removed: woody tag 291033 + patch Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability Tags were: fixed security Tags added: patch tag 291033 - fixed Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability Tags were: patch fixed security Tags removed: fixed merge 291033 291118 Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder Merged 291033 291118. tag 291033 + sarge Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability Tags were: security patch Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder Tags added: sarge thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: affected version only in sid
Processing commands for [EMAIL PROTECTED]: tags 290338 sid Bug#290338: ara: [m68k] FTBFS dh_testdir: I have no package to build There were no tags set. Tags added: sid thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291133: marked as done (blackbox: FTBFS: Missing build dependencies.)
Your message dated Tue, 18 Jan 2005 22:32:17 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#291133: fixed in blackbox 0.65.0-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 18 Jan 2005 22:52:28 + From [EMAIL PROTECTED] Tue Jan 18 14:52:27 2005 Return-path: [EMAIL PROTECTED] Received: from astra.telenet-ops.be [195.130.132.58] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cr2D5-0007QZ-00; Tue, 18 Jan 2005 14:52:27 -0800 Received: from localhost (localhost.localdomain [127.0.0.1]) by astra.telenet-ops.be (Postfix) with SMTP id C8983328140 for [EMAIL PROTECTED]; Tue, 18 Jan 2005 23:52:26 +0100 (MET) Received: from Q.roeckx.be (dD5775FD9.access.telenet.be [213.119.95.217]) by astra.telenet-ops.be (Postfix) with ESMTP id B9EF432816B for [EMAIL PROTECTED]; Tue, 18 Jan 2005 23:52:26 +0100 (MET) Received: by Q.roeckx.be (Postfix, from userid 501) id 74ADA26136; Tue, 18 Jan 2005 23:52:26 +0100 (CET) Date: Tue, 18 Jan 2005 23:52:26 +0100 From: Kurt Roeckx [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: blackbox: FTBFS: Missing build dependencies. Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: blackbox Verison: 0.65.0-4 Severity: serious Hi, Your package is failing to build with the following error: dh_clean debian/rules build dh_testdir autoconf make: autoconf: Command not found make: *** [build-stamp] Error 127 This looks like a missing build dependency on autoconf. Kurt --- Received: (at 291133-close) by bugs.debian.org; 19 Jan 2005 03:37:08 + From [EMAIL PROTECTED] Tue Jan 18 19:37:08 2005 Return-path: [EMAIL PROTECTED] Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cr6ea-0005lD-00; Tue, 18 Jan 2005 19:37:08 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1Cr6Zt-00020c-00; Tue, 18 Jan 2005 22:32:17 -0500 From: [EMAIL PROTECTED] (Bruno Barrera C.) To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#291133: fixed in blackbox 0.65.0-5 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Tue, 18 Jan 2005 22:32:17 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Source: blackbox Source-Version: 0.65.0-5 We believe that the bug you reported is fixed in the latest version of blackbox, which is due to be installed in the Debian FTP archive: blackbox_0.65.0-5.diff.gz to pool/main/b/blackbox/blackbox_0.65.0-5.diff.gz blackbox_0.65.0-5.dsc to pool/main/b/blackbox/blackbox_0.65.0-5.dsc blackbox_0.65.0-5_i386.deb to pool/main/b/blackbox/blackbox_0.65.0-5_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bruno Barrera C. [EMAIL PROTECTED] (supplier of updated blackbox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Tue, 18 Jan 2005 20:22:45 -0300 Source: blackbox Binary: blackbox Architecture: source i386 Version: 0.65.0-5 Distribution: unstable Urgency: high Maintainer: Bruno Barrera C. [EMAIL PROTECTED] Changed-By: Bruno Barrera C. [EMAIL PROTECTED] Description: blackbox - Window manager for X Closes: 291133 Changes: blackbox (0.65.0-5) unstable; urgency=high . * Fixed FTBFS with the missing build dependency on autoconf. (closes:
Bug#291122: temporary file security hole in mysqlaccess
Christian Hammers wrote: I guess I will upload the patched packages for unstable then... As far as I can see, you've uploaded mysql-dfsg-4.1, but have not fixed mysql-dfsg. Could you please let me know when you've fixed mysql-dfsg too so I can track it and make sure it reaches sarge. -- see shy jo signature.asc Description: Digital signature
Bug#290798: marked as done (kernel-package: grub configuration wrong when root partion is on a SATA/libata disk)
Your message dated Wed, 19 Jan 2005 00:02:08 -0600 with message-id [EMAIL PROTECTED] and subject line Bug#290798: kernel-package: grub configuration wrong when root partion is on a SATA/libata disk has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 16 Jan 2005 19:17:55 + From [EMAIL PROTECTED] Sun Jan 16 11:17:55 2005 Return-path: [EMAIL PROTECTED] Received: from gibson.q2s.ntnu.no [129.241.205.18] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CqFuM-0002vq-00; Sun, 16 Jan 2005 11:17:55 -0800 Received: from ansatt6.q2s.ntnu.no (ansatt6.q2s.ntnu.no [129.241.205.56]) by gibson.q2s.ntnu.no (Postfix) with ESMTP id 224E71760C; Sun, 16 Jan 2005 20:17:52 +0100 (CET) Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: =?iso-8859-15?q?Bj=F8rnar_Lib=E6k?= [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: kernel-package: grub configuration wrong when root partion is on a SATA/libata disk X-Mailer: reportbug 3.2 Date: Sun, 16 Jan 2005 20:16:19 +0100 Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: kernel-package Version: 8.111 Severity: critical Justification: breaks the whole system The libata driver uses scsi naming (e.g. /dev/sda) for SATA devices, but when making a menu.lst (grub configuration file), make-kpkg uses ATA naming (e.g /dev/hde) for such devices. When root partition is located on a SATA device, this causes a kernel panic at boot because root partiotion is not found by the bootloader. This problem ocured when running 2.4 kernel not using the libata driver, and building a 2.6 kernel with libata included. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.22-07sept03 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages kernel-package depends on: ii dpkg 1.10.25 Package maintenance system for Deb ii dpkg-dev 1.10.23 Package building tools for Debian ii gcc [c-compiler] 4:3.3.5-1 The GNU C compiler ii gcc-2.95 [c-compiler]1:2.95.4-22 The GNU C compiler ii gcc-3.0 [c-compiler] 1:3.0.4-7 The GNU C compiler. ii gcc-3.3 [c-compiler] 1:3.3.5-5 The GNU C compiler ii gcc-3.4 [c-compiler] 3.4.2-2 The GNU C compiler ii make 3.80-9 The GNU version of the make util ii perl 5.8.4-3 Larry Wall's Practical Extraction -- no debconf information --- Received: (at 290798-done) by bugs.debian.org; 19 Jan 2005 06:12:55 + From [EMAIL PROTECTED] Tue Jan 18 22:12:55 2005 Return-path: [EMAIL PROTECTED] Received: from host-12-107-230-171.dtccom.net (glaurung.internal.golden-gryphon.com) [12.107.230.171] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cr95L-0001FF-00; Tue, 18 Jan 2005 22:12:55 -0800 Received: from glaurung.internal.golden-gryphon.com ([EMAIL PROTECTED] [127.0.0.1]) by glaurung.internal.golden-gryphon.com (8.13.2/8.13.2/Debian-1) with ESMTP id j0J62N5I013682 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 19 Jan 2005 00:02:34 -0600 Received: (from [EMAIL PROTECTED]) by glaurung.internal.golden-gryphon.com (8.13.2/8.13.2/Submit) id j0J6280o013671; Wed, 19 Jan 2005 00:02:08 -0600 X-Authentication-Warning: glaurung.internal.golden-gryphon.com: srivasta set sender to [EMAIL PROTECTED] using -f From: Manoj Srivastava [EMAIL PROTECTED] To: =?iso-8859-1?q?Bj=F8rnar_Lib=E6k?= [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Bug#290798: kernel-package: grub configuration wrong when root partion is on a SATA/libata disk Organization: The Debian Project References: [EMAIL PROTECTED] User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux) (i686-pc-linux-gnu) X-URL: http://www.debian.org/%7Esrivasta/ Mail-Copies-To: nobody X-Hashcash: 1:24:050119:[EMAIL PROTECTED]::8kFrLpE/aI+RSao5:000Q98u X-Hashcash:
Processed: Re: capi4hylafax: FTBFS: Missing build dependencies
Processing commands for [EMAIL PROTECTED]: reassign 291136 libtiff4-dev Bug#291136: capi4hylafax: FTBFS: Missing build dependencies. Bug reassigned from package `capi4hylafax' to `libtiff4-dev'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#291140: poedit: FTBFS: Missing dependency?
Processing commands for [EMAIL PROTECTED]: tags 291140 sid Bug#291140: poedit: FTBFS: Missing dependency? There were no tags set. Tags added: sid thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291166: rosegarden4: will not load any files
Brian == Brian May [EMAIL PROTECTED] writes: Brian Package: rosegarden4 Brian Version: 0.9.9-1 Brian Severity: grave Brian Justification: renders package unusable Brian I upgraded from rosegarden4 version 0.9.6-2 to 0.9.9 (both Brian in sarge), and now it won't let me load any rg files Brian (including the sample files supplied). Now I am really confused. After playing around with rosegarden 0.9.9 for a while, all the problems I reported in this bug report suddenly disappeared. I don't know what I did to fix the problems, all I did was save a file in 0.9.9 and load it. Not only did that file load, but all my other files load now, too. Feel free to downgrade this bug unless you can work out what went wrong ;-). The other bug report still stands. -- Brian May [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291140: poedit: FTBFS: Missing dependency?
Quoting Kurt Roeckx ([EMAIL PROTECTED]): Package: poedit Version: 1.3.1-5 Severity: serious Hi, Your package is failing to build with the following error: cp -f /usr/share/aclocal/wxwin.m4 ./admin/ cp: cannot stat `/usr/share/aclocal/wxwin.m4': No such file or directory make: *** [autotools] Error 1 This looks like a missing build dependency on wx2.5-common. Sure. This was obviously forgotten in the hunting of #285940. Thanks for reporting. I was unfortunately more or less expecting something similar..:-( -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289560: marked as done (vim: Race conditions and symlink attacks in vim (tcltags and vimspell))
Your message dated Wed, 19 Jan 2005 02:17:20 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#289560: fixed in vim 1:6.3-058+1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--
Received: (at submit) by bugs.debian.org; 9 Jan 2005 20:05:29 +
From [EMAIL PROTECTED] Sun Jan 09 12:05:29 2005
Return-path: [EMAIL PROTECTED]
Received: from tornado.dat.etsit.upm.es (dat.etsit.upm.es) [138.100.17.73]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1CnjJY-xF-00; Sun, 09 Jan 2005 12:05:28 -0800
Received: (qmail 5683 invoked by uid 1013); 9 Jan 2005 20:05:26 -
Date: Sun, 9 Jan 2005 21:05:26 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: Bram Moolenaar [EMAIL PROTECTED]
Subject: vim: Race conditions and symlink attacks in vim (tcltags and vimspell)
Message-ID: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol=application/pgp-signature; boundary=2B/JsCI69OhZNC5r
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--2B/JsCI69OhZNC5r
Content-Type: multipart/mixed; boundary=AhhlLboLdkugWU4S
Content-Disposition: inline
--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: vim
Version: 1:6.3-046+1
Severity: minor
Tags: patch security sid woody sarge
Hi there,
Reviewing vim as part of the security audit the Audit team [1] is=20
conducting I've found what I believe are some race conditions and symlink=
=20
attacks through temporary files in vim. They appear in two scripts which=20
are not installed in Debian in binary locations (they are installed under
/usr/share/doc/vim/tools/) but are provided with execute permissions.
That's mainly why I'm opening this bug up in Debian's BTS and not=20
contacting the security team directly although the code is present in all=
=20
vim releases in Debian.
These appear in:
1.- the tcltags script (runtime/tools/tcltags):
(...)
11 tmp_tagfile=3D/tmp/${program_name}.$$
(...)
130 sed -e /^!_TAG_FILE_SORTED/s/ [01]/ $sorted /=
=20
\
131 -e /^!_TAG_FILE_FORMAT/s/ 1 / $format /=
=20
\
132 $tagfile $tmp_tagfile
2.- the vimspell script (runtime/tools/vimspell.sh)
16 OUTFILE=3D/tmp/vimspell.$$
17 # if you have tempfile, use the following line
18 #OUTFILE=3D`tempfile`
(...)
30 spell $SPELL_ARGS $INFILE | sort -u |
31 awk '
32 {
33 printf syntax match SpellErrors \\\%sn, $0 ;
34 }
35
36 END {
37 printf highlight link SpellErrors ErrorMsg\n\n ;
38 }
39 ' $OUTFILE
40 echo !rm $OUTFILE $OUTFILE
41 echo $OUTFILE
Since these are tools that are run from vim, an attacker can get a=20
good-enough approximation of the PIDs that will be used in these temporary=
=20
files and can conduct a symlink attack if these tools are used.
The attached patch should fix both of these issues, I've taken the=20
approach implemented in vimtutor, but modified it slightly for vimspell as=
=20
the temporary file cannot be removed by the script (vim removes it) when=20
mktemp and tempfile are not avilable, there will still be a race condition=
=20
in the script. Since most GNU/Linux and UNIX operating systems seem to=20
have either one I don't think it's a big issue, however.
Best regards
Javier
--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=vim-6.3.diff
Content-Transfer-Encoding: quoted-printable
diff -Nru vim-6.3.old/vim63/runtime/tools/tcltags vim-6.3/vim63/runtime/too=
ls/tcltags
--- vim-6.3.old/vim63/runtime/tools/tcltags 1999-08-01 14:01:46.0 +=
0200
+++ vim-6.3/vim63/runtime/tools/tcltags 2005-01-09 20:41:41.0 +0100
@@ -8,7 +8,31 @@
program_version=3D0.3
program_author=3DDarren Hiebert
author_email=3D[EMAIL PROTECTED]
-tmp_tagfile=3D/tmp/${program_name}.$$
+tmp=3D${TMPDIR-/tmp}
+tmp_tagfile=3D`mktemp -t $tmp/tcltagXX || tempfile -p tclag || echo no=
ne`
+
+# If the standard commands failed then create a
Bug#291125: marked as done (vim: temporary file vulnerabilities (CAN-2005-0069))
Your message dated Wed, 19 Jan 2005 02:17:20 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#289560: fixed in vim 1:6.3-058+1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 18 Jan 2005 21:48:15 + From [EMAIL PROTECTED] Tue Jan 18 13:48:14 2005 Return-path: [EMAIL PROTECTED] Received: from kitenet.net [64.62.161.42] (postfix) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cr1Cw-0008RO-00; Tue, 18 Jan 2005 13:48:14 -0800 Received: from dragon.kitenet.net (unknown [66.168.94.144]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN Joey Hess, Issuer Joey Hess (verified OK)) by kitenet.net (Postfix) with ESMTP id 1837017E9E for [EMAIL PROTECTED]; Tue, 18 Jan 2005 21:48:13 + (GMT) Received: by dragon.kitenet.net (Postfix, from userid 1000) id 4F33C6F23C; Tue, 18 Jan 2005 16:50:17 -0500 (EST) Date: Tue, 18 Jan 2005 16:50:17 -0500 From: Joey Hess [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: vim: temporary file vulnerabilities (CAN-2005-0069) Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary=XF85m9dhOBO43t/C Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: --XF85m9dhOBO43t/C Content-Type: multipart/mixed; boundary=CE+1k2dSO48ffgeK Content-Disposition: inline --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: vim Version: 1:6.3-054+1 Severity: grave Tags: patch security As described in the Ubuntu advisory below, vim's tcltags and vimspell scripts use temp files insecurely. I've attached a patch I extraced from the Ubuntu diff. - Forwarded message from Martin Pitt [EMAIL PROTECTED] - =46rom: Martin Pitt [EMAIL PROTECTED] Date: Tue, 18 Jan 2005 17:56:58 +0100 To: [EMAIL PROTECTED] Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com Subject: [USN-61-1] vim vulnerabilities User-Agent: Mutt/1.5.6+20040907i =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D Ubuntu Security Notice USN-61-1January 18, 2005 vim vulnerabilities CAN-2005-0069 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: kvim vim vim-gnome vim-gtk vim-lesstif vim-perl vim-python vim-tcl The problem can be corrected by upgrading the affected package to version 1:6.3-025+1ubuntu2.2. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Javier Fern=E1ndez-Sanguino Pe=F1a noticed that the auxillary scripts tcltags and vimspell.sh created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the script (either by calling it directly or by execution through vim). Source archives: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.= 2.diff.gz Size/MD5: 425421 ee7e4653fb70fd45329bf5773e610ad6 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.= 2.dsc Size/MD5: 1122 9bd9428dd29c8aa562f4b97566b9a05a http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz Size/MD5: 5624622 de1c964ceedbc13538da87d2d73fd117 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-025+1u= buntu2.2_all.deb Size/MD5: 3421084 8dc7b200376add6ccb2896e2f6e80e0d http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-025+1ubun= tu2.2_all.deb Size/MD5: 1646686 2c2716a1dad40612baaaf28ebc0de3a6 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubu=
Processed: version is only in sid
Processing commands for [EMAIL PROTECTED]: tags 290236 sid Bug#290236: ldaptor: FTBFS: Test failures (Missing Build-Depends?) There were no tags set. Tags added: sid thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291132: perdition: FTBFS: Using non PIC code in shared lib.
On Tue, Jan 18, 2005 at 11:48:26PM +0100, Kurt Roeckx wrote: Package: perdition Version: 1.15-4 Severity: serious Hi, Your package is failing to build because it's contains non PIC code. Here is an extraction from the log file: gcc -shared .libs/perditiondb_daemon.o .libs/unix_socket.o -ldb -L/build/buil dd/perdition-1.15/perdition/db/daemon -lperditiondb_daemon_packet -Wl,-soname -Wl,libperditiondb_daemon.so.0 -o .libs/libperditiondb_daemon.so.0.0.0 -ldb -L /build/buildd/perdition-1.15/perdition/db/daemon -lperditiondb_daemon_packet /usr/bin/ld: /build/buildd/perdition-1.15/perdition/db/daemon/libperditiondb_da emon_packet.a(packet.o): relocation R_PARISC_DPREL21L can not be used when maki ng a shared object; recompile with -fPIC /build/buildd/perdition-1.15/perdition/db/daemon/libperditiondb_daemon_packet.a : could not read symbols: Bad value collect2: ld returned 1 exit status make[5]: *** [libperditiondb_daemon.la] Error 1 It's saying that packet.o is build without -fPIC. Please note that static libs need to be build without -fPIC and shared libs with. Thanks, I will fix this up. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
