Your message dated Tue, 26 May 2015 16:36:51 +0000
with message-id <e1yxhqv-0003kv...@franck.debian.org>
and subject line Bug#785627: fixed in mayavi2 4.3.1-4
has caused the Debian Bug report #785627,
regarding mayavi2: malicious dynamic python interpreter lookup via
"/usr/bin/env python" in main executable
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
785627: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785627
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mayavi2
Version: 4.3.1-3.1
Severity: serious
Justification: Debian Python Policy 2.4.2: Interpreter Location
Dear Maintainer,
when running /usr/bin/mayavi2 it uses the first python interpreter found in
$PATH by using "#!/usr/bin/env python" as shebang in line 1.
If a local user-space Python environment is coming first in $PATH this is bound
to fail, because module dependencies might not be there or might be there in
the wrong versions.
See Debian Python Policy 2.4.2 Interpreter location:
https://www.debian.org/doc/packaging-manuals/python-policy/ch-
python.html#s-interpreter_loc
=== quote start
The preferred specification for the Python interpreter is /usr/bin/python or
/usr/bin/pythonX.Y. This ensures that a Debian installation of python is used
and all dependencies on additional python modules are met.
Maintainers should not override the Debian Python interpreter using
/usr/bin/env python or /usr/bin/env pythonX.Y. This is not advisable as it
bypasses Debian's dependency checking and makes the package vulnerable to
incomplete local installations of python.
=== quote end
best regards,
Tobias Megies
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages mayavi2 depends on:
ii libc6 2.19-18
ii libjs-jquery 1.7.2+dfsg-3.2
ii python 2.7.9-1
ii python-apptools 4.2.1-1
ii python-configobj 5.0.6-1
ii python-envisage 4.4.0-1
ii python-numpy [python-numpy-abi9] 1:1.8.2-2
ii python-pkg-resources 5.5.1-1
ii python-traits 4.4.0-1
ii python-traitsui 4.4.0-1.3
ii python-vtk 5.8.0-17.5
ii python-wxgtk3.0 3.0.1.1+dfsg-2
mayavi2 recommends no packages.
Versions of packages mayavi2 suggests:
pn ipython <none>
ii python-scipy 0.14.0-2
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: mayavi2
Source-Version: 4.3.1-4
We believe that the bug you reported is fixed in the latest version of
mayavi2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 785...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Varun Hiremath <va...@debian.org> (supplier of updated mayavi2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 26 May 2015 10:08:07 -0400
Source: mayavi2
Binary: mayavi2
Architecture: source amd64
Version: 4.3.1-4
Distribution: unstable
Urgency: medium
Maintainer: Python Applications Packaging Team
<python-apps-t...@lists.alioth.debian.org>
Changed-By: Varun Hiremath <va...@debian.org>
Description:
mayavi2 - scientific visualization package for 2-D and 3-D data
Closes: 785627
Changes:
mayavi2 (4.3.1-4) unstable; urgency=medium
.
* Add a patch to fix python interpreter (Closes: #785627)
Checksums-Sha1:
5dc386a3ab8696588100973147403d5e96284e10 2056 mayavi2_4.3.1-4.dsc
938bcf568077fe58212e3193c3ed4f720556695b 12716 mayavi2_4.3.1-4.debian.tar.xz
d51e19ca0636a05513339f97defefcfbb09faba7 22221744 mayavi2_4.3.1-4_amd64.deb
Checksums-Sha256:
74b1d4bd7fd17450f172041b6909d2695c7e82f658fbb1d2060d3360ce514958 2056
mayavi2_4.3.1-4.dsc
0e3874bc2318550a83eff6654c19dd44fe4920f3bfefd60214db68f996771e9a 12716
mayavi2_4.3.1-4.debian.tar.xz
0e03ef31a6a4d42e0b4f08531183d7585386db7adf1dbce8947b6f93196b5016 22221744
mayavi2_4.3.1-4_amd64.deb
Files:
9722f2b110155a1b8ad1fa31d49d7962 2056 science optional mayavi2_4.3.1-4.dsc
3ee14b895235b9d401be23db9e6b04e6 12716 science optional
mayavi2_4.3.1-4.debian.tar.xz
87dfac22fa94e8dd8b4871c9a1cb33d0 22221744 science optional
mayavi2_4.3.1-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVZIfxAAoJEHA3PPEpDbnOAxkP/0a3qHisROhU501Bl0S9uIuT
33HAQ+hBggVd+RM6xU0opP+1jXcPuXq9EHuwX+23EX4gCDK4RF21PXSQTJNJ69oU
8+pB7ZwdH2z2tpUithhGJBXgK8fuqFKsWYR9xZQWxzdPPmioMx7Px/znI6kuHCwF
X9zAhUF4DA6odGIzGgRTeX+KnztUnqMYKtCR844SRRGhbjicagoT0cjjApFZRjcM
KzKgHMrG88N4jMMKEdz6/v3ZRnn9ps3CjONFgRIyRwVJ0a87+Eh5RoGrSVX1ioa2
qJVBS9FbsxjolwVKqqqQr1UObaLewggIH2ayVlmIScDQqRzhBEXTefPGA2rNZbDm
kG2DABc4ozv7x23dO+1232o1nG+v3mLIOkhliMqC4osjHsdP3XZLmjgTA2iV9qvl
/zsOe4Su5UlUSY9acUUOF2Xg52pupv2dV4HGW/EDZhXEO9hz8ziBM/AE3rZa830Z
6bM1pvbssw41zD0mY8LFVlFUF6JgQoPjB3TDtZvIhduBgFhh6MHFXWl0jR4C3VyV
4+Dbu8mNj4Szb1uv3PcBjzfgyC+PrirSgns4E2UGA/aQIAfZYJFpBxzaTvXvxZM/
bHP1sFB5/j0zttAmHrXlC1asp+rKQsFl8B1q8OJMw1O7MSSS/SQCu5m0+QJ5kxcw
4D7W2whN4V9avYeMAUu5
=8cov
-----END PGP SIGNATURE-----
--- End Message ---
