Your message dated Wed, 21 Sep 2005 10:02:06 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#329053: fixed in arc 5.21m-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Sep 2005 06:30:27 +0000
>From [EMAIL PROTECTED] Sun Sep 18 23:30:27 2005
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EHFAZ-00039T-00; Sun, 18 Sep 2005 23:30:27 -0700
Received: from localhost.localdomain (unknown [195.227.105.180])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Martin Pitt (workstation)", Issuer "piware CA" (verified
OK))
by box79162.elkhouse.de (Postfix) with ESMTP id 6A1F21F8FA9
for <[EMAIL PROTECTED]>; Mon, 19 Sep 2005 08:29:55 +0200 (CEST)
Received: by localhost.localdomain (Postfix, from userid 1000)
id ACE0313DA0; Mon, 19 Sep 2005 08:37:01 +0200 (CEST)
Date: Mon, 19 Sep 2005 08:37:01 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian BTS Submit <[EMAIL PROTECTED]>
Subject: arc: Insecure temporary file handling
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="ZfOjI3PrQbgiZnxM"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--ZfOjI3PrQbgiZnxM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: arc
Version: 5.21l-1
Severity: grave
Tags: security
Hi!
There is a recent report about insecure temporary files in ncompress,
similar to the recent advisories about gzip:
http://www.zataz.net/adviso/arc-09052005.txt
Can you please check this? There is no CAN number yet. If this is a
real issue, you can ask [EMAIL PROTECTED] to get one.
Thanks!
Martin
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
--ZfOjI3PrQbgiZnxM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDLlyNDecnbV4Fd/IRApNMAJ9kxDGPbJXdNbdnYh809NZ4LRgA/gCfaY72
Ws5KQ3n54azqeNabu8vvLZU=
=xsZL
-----END PGP SIGNATURE-----
--ZfOjI3PrQbgiZnxM--
---------------------------------------
Received: (at 329053-close) by bugs.debian.org; 21 Sep 2005 17:08:08 +0000
>From [EMAIL PROTECTED] Wed Sep 21 10:08:08 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EI7yw-0006z0-00; Wed, 21 Sep 2005 10:02:06 -0700
From: Klaus Reimer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#329053: fixed in arc 5.21m-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 21 Sep 2005 10:02:06 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: arc
Source-Version: 5.21m-1
We believe that the bug you reported is fixed in the latest version of
arc, which is due to be installed in the Debian FTP archive:
arc_5.21m-1.diff.gz
to pool/main/a/arc/arc_5.21m-1.diff.gz
arc_5.21m-1.dsc
to pool/main/a/arc/arc_5.21m-1.dsc
arc_5.21m-1_i386.deb
to pool/main/a/arc/arc_5.21m-1_i386.deb
arc_5.21m.orig.tar.gz
to pool/main/a/arc/arc_5.21m.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Klaus Reimer <[EMAIL PROTECTED]> (supplier of updated arc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 21 Sep 2005 18:28:00 +0100
Source: arc
Binary: arc
Architecture: source i386
Version: 5.21m-1
Distribution: unstable
Urgency: high
Maintainer: Klaus Reimer <[EMAIL PROTECTED]>
Changed-By: Klaus Reimer <[EMAIL PROTECTED]>
Description:
arc - Archive utility based on the MSDOS ARC program
Closes: 329053
Changes:
arc (5.21m-1) unstable; urgency=high
.
* New upstream release
* Fixed insecure permissions of a temporary file [arcsvc.c,
CAN-2005-2945] (Closes: #329053)
* Fixed insecure temporary file creation [arcsvc.c, CAN-2005-2992]
Files:
1d9c6dff296e49959ad4f3ea246109fa 540 utils optional arc_5.21m-1.dsc
3af4a95c608dd56cc9d64f3e0a300614 82350 utils optional arc_5.21m.orig.tar.gz
07634c2b830b82965e91ae7d2b817c4c 2986 utils optional arc_5.21m-1.diff.gz
7e267a9debb1990da0c0087f1718a3bf 55976 utils optional arc_5.21m-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDMY6QqgNhc6cj45ERAi0/AJ4wDqIWl1ddPZAqVGgfq51HU5hs7ACfZZrj
CyFVFCjGWixx3IGVYQs1tmQ=
=59t9
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
