Your message dated Sun, 14 May 2017 21:06:35 +0000 with message-id <e1da0ip-0009fc...@fasolo.debian.org> and subject line Bug#862570: fixed in menu-cache 1.0.2-3 has caused the Debian Bug report #862570, regarding libmenu-cache: menu-cached socket may be blocked by another user. to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862570: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862570 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libmenu-cache3 Version: 1.0.2-2 Severity: serious Tags: upstream security The socket placed in /tmp is predictable and public-writable. Therefore if one user placed a symlink to another socket instead of socket for another use then said another user will either be unable to get menu, or will receive menu of some other user. Upstream released a fix for this issue: https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce
--- End Message ---
--- Begin Message ---Source: menu-cache Source-Version: 1.0.2-3 We believe that the bug you reported is fixed in the latest version of menu-cache, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 862...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andriy Grytsenko <and...@rep.kiev.ua> (supplier of updated menu-cache package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 14 May 2017 22:41:22 +0300 Source: menu-cache Binary: libmenu-cache3 libmenu-cache-dev libmenu-cache-doc libmenu-cache-dbg libmenu-cache-bin libmenu-cache-bin-dbg Architecture: source amd64 all Version: 1.0.2-3 Distribution: unstable Urgency: medium Maintainer: Debian LXDE Maintainers <pkg-lxde-maintain...@lists.alioth.debian.org> Changed-By: Andriy Grytsenko <and...@rep.kiev.ua> Description: libmenu-cache-bin - LXDE implementation of the freedesktop Menu's cache (libexec) libmenu-cache-bin-dbg - LXDE implementation of the freedesktop Menu's cache (libexec debu libmenu-cache-dbg - LXDE implementation of the freedesktop Menu's cache (debug) libmenu-cache-dev - LXDE implementation of the freedesktop Menu's cache (devel) libmenu-cache-doc - LXDE implementation of the freedesktop Menu's cache (docs) libmenu-cache3 - LXDE implementation of the freedesktop Menu's cache Closes: 862570 Changes: menu-cache (1.0.2-3) unstable; urgency=medium . * Adding 02-Fix-potential-access-violation.patch from upstream (Closes: #862570). Checksums-Sha1: 7eb4b0a0c27ddf8dba00964d802e6d1f9a86c99b 2391 menu-cache_1.0.2-3.dsc f9714d677c20417898c2c130ac27729e6d8fc988 6356 menu-cache_1.0.2-3.debian.tar.xz 4acff195fe99018ce5b79d95f7fb4e7d6352b6b9 79818 libmenu-cache-bin-dbg_1.0.2-3_amd64.deb 95aa36f1bcf120b6bcffa283c3500efdfc0b1107 33454 libmenu-cache-bin_1.0.2-3_amd64.deb 39baaf24392b4637ad9708f490eb6d28ec57e9b9 35874 libmenu-cache-dbg_1.0.2-3_amd64.deb 7976b646d2a86fdd0931a0affe6abed6c84d93af 44530 libmenu-cache-dev_1.0.2-3_amd64.deb dfa3c0b521fc508417b6ecbc1f0baf4fa0488565 20640 libmenu-cache-doc_1.0.2-3_all.deb f4f61c1ae8be7e20120a6b0a3db81a2355915528 19058 libmenu-cache3_1.0.2-3_amd64.deb 18b4d8622c95f63f928ab918f7c10543eeab5006 7986 menu-cache_1.0.2-3_amd64.buildinfo Checksums-Sha256: 529ad369b0908364ff9c4c355c35823d44b8ac65271b9556c3ab92a55ee95464 2391 menu-cache_1.0.2-3.dsc 6f8ca2e7a12dbe6d804b113cd3e209176b3a2e6c599a61a5907563b7817952c1 6356 menu-cache_1.0.2-3.debian.tar.xz 9913374fdebd67b73488426f560db939c6f3e66130675d2ebb96fc59198bcebd 79818 libmenu-cache-bin-dbg_1.0.2-3_amd64.deb 5c9002701a23f432ef2029de56a771db3f07170e75e62e5e37d09a890af65d7a 33454 libmenu-cache-bin_1.0.2-3_amd64.deb e5156430988b2b02787a1119f9cb2bc4fcfd0e16c3a7e6e2c326b4cddb5918af 35874 libmenu-cache-dbg_1.0.2-3_amd64.deb 6137ca672fcbb158d967dcaba9aa818202230f866fb6b0c1eca67ace48ee3360 44530 libmenu-cache-dev_1.0.2-3_amd64.deb 02763fead26a848118c2a2aeb67c46e6d86b6679163b555d86f596a0b64a00ec 20640 libmenu-cache-doc_1.0.2-3_all.deb 5332de84aad0c9fcd3d5041dec4b9737a718e3144c8ad7e2ae09f614c14ffcaa 19058 libmenu-cache3_1.0.2-3_amd64.deb e9ed423421ffa78275d087a941b59a097e4741b94ba3897a6d9679450518ebb3 7986 menu-cache_1.0.2-3_amd64.buildinfo Files: 06c4734653b1643d657e57442060acf2 2391 libs optional menu-cache_1.0.2-3.dsc fa3ab995291c1a3eba6d14b59bbf0797 6356 libs optional menu-cache_1.0.2-3.debian.tar.xz 0b29a3e364a5b50bc726af2f007afaf9 79818 debug extra libmenu-cache-bin-dbg_1.0.2-3_amd64.deb 52e16be3975c674d078c13d93ce1a86e 33454 libs optional libmenu-cache-bin_1.0.2-3_amd64.deb 5a9d2bb60f684317dc59cf6ed6e58bcc 35874 debug extra libmenu-cache-dbg_1.0.2-3_amd64.deb 720b61b46f38b3ac445a4a004e24ab66 44530 libdevel optional libmenu-cache-dev_1.0.2-3_amd64.deb 0ed01f298cbdc778e3e401ef3ea14bb3 20640 doc optional libmenu-cache-doc_1.0.2-3_all.deb f2f1ed7b1e2ddbbdc78e82d1589a04dd 19058 libs optional libmenu-cache3_1.0.2-3_amd64.deb fd70e316c20860202274d938bc4ba3b2 7986 libs optional menu-cache_1.0.2-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJZGLTgAAoJEAV2MC/hidTSK5cP/39mT47R+7VOx3pM6ItpCc10 7kqJ0ag6JcDBVlPf4dyzjadFDeX9Bo8jvOWZs2uk/fJmHAkLeYHaSV6A9+pWQdOM u+XFph/k5hOj9E9aUFVdkL2qfOlbNKgo5H4icFtfOG+6lruFLiXpSb89VZDD7ldx 3nIcc+Edazeqwjkd/4Hc1uSMEUKhKZKNuk6WYWXMEaRbOKGnFwTgaz/19ZeZ8whZ SddDiIw9maa1EuOJ1UzwQkbC372QTr/Wb4NzDrGghr0Brc5+4WvjWTVkA/AZf9RZ fP3mWWDq+Gc/8/F0ONFBQKONDD/fTwpeuO2S/bsyUssAgTZsdau2mYCW1Arij/QC tvrgkH2KAnlRi97kqXE6YlYeI07uULAh07LFoqxTxISXXuFlkqlsmc4RZunIxJhx b/CnTUGxGhJgrWnpKO5c8LxosJLY/o0LQYc8gJBIC0Clf26xN2efTefd/ONkG3a4 6NbUCMxgMRVbVx70LHksAjTmriKMs7WglBS9gyXptWAuKgCh1MspHJmOZ1Lhnaup F6+HIZHPZtFCUzHFAOZHiVIcrM3rFN44TiKyphY/AaoSTPgTZ0WkbFeJJaAk9XeJ tQfNMwsQGvG4ldkQsbcgFXQt5aBXBQaDjPm+CX0HkKRmoulD3SLxR7YjP+C4HBZJ UpqK98e7ybWcr0aliBd7 =8vy6 -----END PGP SIGNATURE-----
--- End Message ---
