Your message dated Sun, 28 Aug 2005 00:17:04 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#276789: fixed in tleds 1.05beta10-9
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Oct 2004 13:05:11 +0000
>From [EMAIL PROTECTED] Sat Oct 16 06:05:11 2004
Return-path: <[EMAIL PROTECTED]>
Received: from cs140154.pp.htv.fi (frost) [213.243.140.154]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CIoFC-0000Fz-00; Sat, 16 Oct 2004 06:05:10 -0700
Received: by frost (Postfix, from userid 0)
id C827B5FD2D; Sat, 16 Oct 2004 16:04:04 +0300 (EEST)
Date: Sat, 16 Oct 2004 16:04:04 +0300
From: Jesus Climent <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: Uses /tmp/tleds.pid as a pid symbolic link
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 2.99.5
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: tleds
Severity: critical
Tags: security
tleds uses a /tmp/tleds.pid which can be created by a user pointing to a file
(/etc/passwd) or similar, creating a potential DoS.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.7
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (ignored: LC_ALL set
to C)
---------------------------------------
Received: (at 276789-close) by bugs.debian.org; 28 Aug 2005 07:19:16 +0000
>From [EMAIL PROTECTED] Sun Aug 28 00:19:16 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1E9HPc-0005jh-00; Sun, 28 Aug 2005 00:17:04 -0700
From: Russ Allbery <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#276789: fixed in tleds 1.05beta10-9
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 28 Aug 2005 00:17:04 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 4
Source: tleds
Source-Version: 1.05beta10-9
We believe that the bug you reported is fixed in the latest version of
tleds, which is due to be installed in the Debian FTP archive:
tleds_1.05beta10-9.diff.gz
to pool/main/t/tleds/tleds_1.05beta10-9.diff.gz
tleds_1.05beta10-9.dsc
to pool/main/t/tleds/tleds_1.05beta10-9.dsc
tleds_1.05beta10-9_i386.deb
to pool/main/t/tleds/tleds_1.05beta10-9_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Russ Allbery <[EMAIL PROTECTED]> (supplier of updated tleds package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 27 Aug 2005 12:38:15 -0700
Source: tleds
Binary: tleds
Architecture: source i386
Version: 1.05beta10-9
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <[EMAIL PROTECTED]>
Changed-By: Russ Allbery <[EMAIL PROTECTED]>
Description:
tleds - blinks keyboard LEDs for TX and RX network packets
Closes: 32074 60653 103920 159383 271240 276789
Changes:
tleds (1.05beta10-9) unstable; urgency=low
.
* QA upload.
* This package is orphaned. Change maintainer to QA team.
* Security: Do not create symlinks in /tmp as root, do not trust PIDs in
/tmp/tleds.pid when running as root, and create the PID file securely
when running as a regular user. Thanks to Juergen Salk for the patch.
(Closes: #276789)
* Security: Check the ownership of the PID file and refuse to signal the
process unless the PID file is owned by the user running tleds -k.
* Add a -n option to use the ScrollLock light for both incoming and
outgoing traffic, since using NumLock does nasty things to some
keyboards. Thanks, Maxime Chatelle. (Closes: #32074)
* Use daemon to background rather than a simple fork and detach from a
controlling terminal if run as root. This will hopefully prevent
tleds from grabbing a remote login terminal and preventing a clean
exit from the terminal that started it. (Closes: #271240)
* Renice to a priority of 10 in the init script. Blinking the keyboard
LEDs isn't that important. (Closes: #60653)
* Rip out all remnants of Linux 2.0 support. This means the binary
is called tleds as documented. (Closes: #159383)
* Install the binary into bin instead of sbin; tleds supposedly
supports running as a normal user if the init script is disabled.
* Remove any mention of xtleds from the man page, since the Debian
package has never installed it. (Closes: #103920)
* Remove the unnecessary sleep 1 in the init script.
* Add a README.Debian file explaining how to get started with the
package and noting differences between the Debian package and
upstream.
* Update standards version to 3.6.2.
- Build with debugging by default and support noopt.
- Don't always strip the binaries; let debhelper handle that.
* Update to debhelper compatibility level V4.
* Rephrase the description to be more accurate and succinct.
* Reformatted the copyright file, added the upstream author, added the
actual copyright statement, and copied the GPL notice from the source.
* Change section to utils to match override.
Files:
546111602a0459eb68554bc62bef0e0e 571 utils extra tleds_1.05beta10-9.dsc
81f85a7633d359f7f02e76df188f66a2 16596 utils extra tleds_1.05beta10-9.diff.gz
4b5296b03d329fd674efd33a23a97454 16534 utils extra tleds_1.05beta10-9_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDEWKIKN6ufymYLloRAqe1AKCjMiD45SGWoN3eyyybsZrSU8nlKQCgrs8d
1UBC3hKTNeTr7T5oPeNp5+0=
=L8Dj
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
