Your message dated Fri, 3 Mar 2017 19:26:48 +0200
with message-id <20170303172648.jjevdjmchww6izba@localhost>
and subject line The Elementary OS packages have been removed from experimental
has caused the Debian Bug report #759868,
regarding noise: RPATH set to untrusted directory
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
759868: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759868
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: noise
Version: 0.3.0-1~experimental1
Severity: grave
Tags: security

On amd64, /usr/bin/noise has RPATH set to:

/tmp/buildd/noise-0.3.0/obj-x86_64-linux-gnu/core:

Since /tmp is world-writable, malicious local user can exploit this RPATH to execute arbitrary code, by planting a crafted library in /tmp/buildd/noise-0.3.0/obj-x86_64-linux-gnu/core.

--
Jakub Wilk

--- End Message ---
--- Begin Message ---
Dear submitter,

as the Elementary OS packages have just been removed from Debian 
experimental, I hereby close the associated bug reports.

We are sorry that we couldn't deal with your issue properly.

The version of thw package that were in Debian prior to this removal can 
still be found using http://snapshot.debian.org/

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

--- End Message ---

Reply via email to