Your message dated Sat, 05 Jan 2002 15:01:46 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#127087: fixed in libsafe 2.0-9-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 30 Dec 2001 20:58:24 +0000
>From [EMAIL PROTECTED] Sun Dec 30 14:58:24 2001
Return-path: <[EMAIL PROTECTED]>
Received: from gtso-c3477b5b.dsl.mediaways.net (mail.frosty-geek.net)
[195.71.123.91]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 16Kn2G-0005wG-00; Sun, 30 Dec 2001 14:58:24 -0600
Received: from nautilus.noreply.org (unknown [138.232.34.77])
by mail.frosty-geek.net (Postfix) with ESMTP
id 32A7146C197; Sun, 30 Dec 2001 21:58:21 +0100 (CET)
Received: by nautilus.noreply.org (Postfix, from userid 10)
id A25FF357C4; Sun, 30 Dec 2001 21:58:20 +0100 (CET)
Received: by fisch.cyrius.com (Postfix, from userid 1000)
id 0F2EE22940; Sun, 30 Dec 2001 21:58:19 +0100 (CET)
Date: Sun, 30 Dec 2001 21:58:19 +0100
From: Martin Michlmayr <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], Ron Rademaker <[EMAIL PROTECTED]>
Cc: Matthias Klose <[EMAIL PROTECTED]>,
debian-devel@lists.debian.org
Subject: O: libsafe -- Protection against buffer overflow vulnerabilities
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.3.22i
Delivered-To: [EMAIL PROTECTED]
Package: wnpp
Severity: normal
The current maintainer of libsafe, Ron Rademaker <[EMAIL PROTECTED]>,
has orphaned this package. If you want to be the new maintainer,
please take it -- retitle this bug from 'O:' to 'ITA:', fix the
outstanding bugs and upload a new version with your name in the
Maintainer: field and a
* New maintainer (Closes: #thisbug)
in the changelog so this bug is closed.
Some information about this package:
Package: libsafe
Priority: optional
Section: libs
Installed-Size: 256
Maintainer: Ron Rademaker <[EMAIL PROTECTED]>
Architecture: i386
Version: 1.3-6
Depends: libc6 (>= 2.1.2), ldso (>= 1.8.5)
Suggests: ldso (>= 1.9.0), ld.so.preload-manager (>= 0.1)
Filename: pool/main/libs/libsafe/libsafe_1.3-6_i386.deb
Size: 147848
MD5sum: 5902ee9bca4d0d22b637a06f940e0ecc
Description: Protection against buffer overflow vulnerabilities
Libsafe is a library that works with any pre-compiled executable and can be
used transparently. Libsafe intercepts calls to functions known as
vulnerable, libsafe uses a substitute version of the function that
implements the same functionality, but makes sure any buffer overflows are
contained within the current stack frame.
* Ron Rademaker <[EMAIL PROTECTED]> [20011227 14:17]:
> You're right that I haven't done anything about libsafe where I should
> have...
>
> I guess the best thing to do right now is put libsafe up for adoption.
> On Thu, 27 Dec 2001, Matthias Klose wrote:
>
> > Yotam Rubin writes:
> > > Greetings,
> > >
> > > The last libsafe upload has been over a year ago. Since then, libsafe
> > > has accumulated a large number of bugs. The current Debian release doesn't
> > > seem to be very effective. I've packaged the latest libsafe and made it
> > > available at: http://192.117.130.34/Fendor/debian/libsafe/
> > > Can someone NMU that? I've contacted the maintainer but received no reply.
> > > It's a shame that libsafe wouldn't be usable for Debian users.
> >
> > - the upload isn't marked as a NMU
> >
> > - the package does not build from source (calls ldconfig):
> >
> > - the package does not build a -dev package. Correct?
> >
> > - the package overwrites the old library? Correct, if it's an
> > extension only. But then it needs to be marked in the shlibs file.
> > Else you need to build a libsafe2 and libsafe-dev package.
> > OTOH, no package depends on libsafe.
> >
> > So it seems, we don't gain much to replace one buggy version with the
> > next buggy version.
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
--
Martin Michlmayr
[EMAIL PROTECTED]
---------------------------------------
Received: (at 127087-close) by bugs.debian.org; 5 Jan 2002 20:08:50 +0000
>From [EMAIL PROTECTED] Sat Jan 05 14:08:50 2002
Return-path: <[EMAIL PROTECTED]>
Received: from auric.debian.org [206.246.226.45] (mail)
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 16Mx7Z-0002cE-00; Sat, 05 Jan 2002 14:08:49 -0600
Received: from troup by auric.debian.org with local (Exim 3.12 1 (Debian))
id 16Mx0k-00021K-00; Sat, 05 Jan 2002 15:01:46 -0500
From: David Coe <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.66 $
Subject: Bug#127087: fixed in libsafe 2.0-9-2
Message-Id: <[EMAIL PROTECTED]>
Sender: James Troup <[EMAIL PROTECTED]>
Date: Sat, 05 Jan 2002 15:01:46 -0500
Delivered-To: [EMAIL PROTECTED]
We believe that the bug you reported is fixed in the latest version of
libsafe, which has been installed in the Debian FTP archive:
libsafe_2.0-9-2.diff.gz
to pool/main/libs/libsafe/libsafe_2.0-9-2.diff.gz
libsafe_2.0-9-2.dsc
to pool/main/libs/libsafe/libsafe_2.0-9-2.dsc
libsafe_2.0-9-2_i386.deb
to pool/main/libs/libsafe/libsafe_2.0-9-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Coe <[EMAIL PROTECTED]> (supplier of updated libsafe package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 5 Jan 2002 00:18:58 -0500
Source: libsafe
Binary: libsafe
Architecture: source i386
Version: 2.0-9-2
Distribution: unstable
Urgency: low
Maintainer: David Coe <[EMAIL PROTECTED]>
Changed-By: David Coe <[EMAIL PROTECTED]>
Description:
libsafe - Protection against buffer overflow vulnerabilities
Closes: 127087 127472
Changes:
libsafe (2.0-9-2) unstable; urgency=low
.
* new maintainer.
Closes: #127087: ITA: libsafe
* applied patch from Gerhard Tonn <[EMAIL PROTECTED]>.
Closes: #127472: does not build from source on powerpc and s390
* added suppport for DEB_BUILD_OPTIONS.
* corrected copyright text (Gnu Library -> Lesser, 2 -> 2.1) and
upstream source location.
* changed the 'libsafe' wrapper to exit with the wrapped program's
exit status rather than 0.
* chmod the exploit examples to 700 to help prevent local abuse.
* removed custom postinst: everything it was doing was also being
generated by debhelper (thanks, lintian).
* improved prerm: exit with status 1 if an error is encountered,
don't force exit 0 at the bottom (i.e. don't ignore debhelper-
generated mistakes, should such a thing ever occur).
Files:
8d7fb3ecb6be7ede45be72de76f18450 605 libs optional libsafe_2.0-9-2.dsc
c9a05e47e10ed5392f131da41486f545 8273 libs optional libsafe_2.0-9-2.diff.gz
2d60874f9428da80a9411a950e6e853f 31712 libs optional libsafe_2.0-9-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8NpHusPfoxg/MJ8YRAkQxAKDI6KfiF6oKud3bwIgJMLbyaMxVrQCfQgcq
ls2Td/gP6ihPLwAyANe0Bpg=
=ETfm
-----END PGP SIGNATURE-----
