Bug#559814: marked as done (CVE-2009-3736 local privilege escalation)
Your message dated Thu, 18 Feb 2010 10:47:24 + with message-id and subject line Bug#559814: fixed in hamlib 1.2.10-1 has caused the Debian Bug report #559814, regarding CVE-2009-3736 local privilege escalation to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 559814: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559814 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: hamlib Severity: grave Tags: security Hi, The following CVE (Common Vulnerabilities & Exposures) id was published for libtool. I have determined that this package embeds a vulnerable copy of the libtool source code. However, since this is a mass bug filing (due to so many packages embedding libtool), I have not had time to determine whether the vulnerable code is actually present in any of the binary packages. Please determine whether this is the case. If the package is not affected, please feel free to close the bug with a message containing the details of what you did to check. CVE-2009-3736[0]: | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, | attempts to open a .la file in the current working directory, which | allows local users to gain privileges via a Trojan horse file. Note that this problem also affects etch and lenny, so if your package is affected, please coordinate with the security team to release the DSA for the affected packages. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736 http://security-tracker.debian.org/tracker/CVE-2009-3736 --- End Message --- --- Begin Message --- Source: hamlib Source-Version: 1.2.10-1 We believe that the bug you reported is fixed in the latest version of hamlib, which is due to be installed in the Debian FTP archive: hamlib_1.2.10-1.diff.gz to main/h/hamlib/hamlib_1.2.10-1.diff.gz hamlib_1.2.10-1.dsc to main/h/hamlib/hamlib_1.2.10-1.dsc hamlib_1.2.10.orig.tar.gz to main/h/hamlib/hamlib_1.2.10.orig.tar.gz libhamlib++-dev_1.2.10-1_amd64.deb to main/h/hamlib/libhamlib++-dev_1.2.10-1_amd64.deb libhamlib-dev_1.2.10-1_amd64.deb to main/h/hamlib/libhamlib-dev_1.2.10-1_amd64.deb libhamlib-doc_1.2.10-1_all.deb to main/h/hamlib/libhamlib-doc_1.2.10-1_all.deb libhamlib-utils_1.2.10-1_amd64.deb to main/h/hamlib/libhamlib-utils_1.2.10-1_amd64.deb libhamlib2++c2_1.2.10-1_amd64.deb to main/h/hamlib/libhamlib2++c2_1.2.10-1_amd64.deb libhamlib2-perl_1.2.10-1_amd64.deb to main/h/hamlib/libhamlib2-perl_1.2.10-1_amd64.deb libhamlib2-tcl_1.2.10-1_amd64.deb to main/h/hamlib/libhamlib2-tcl_1.2.10-1_amd64.deb libhamlib2_1.2.10-1_amd64.deb to main/h/hamlib/libhamlib2_1.2.10-1_amd64.deb python-libhamlib2_1.2.10-1_amd64.deb to main/h/hamlib/python-libhamlib2_1.2.10-1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 559...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kamal Mostafa (supplier of updated hamlib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 16 Feb 2010 18:56:10 -0800 Source: hamlib Binary: libhamlib2 libhamlib2++c2 libhamlib-dev libhamlib++-dev libhamlib2-perl libhamlib2-tcl python-libhamlib2 libhamlib-utils libhamlib-doc Architecture: source amd64 all Version: 1.2.10-1 Distribution: unstable Urgency: low Maintainer: Debian Hamradio Maintainers Changed-By: Kamal Mostafa Description: libhamlib++-dev - Development library to control radio transceivers and receivers libhamlib-dev - Development library to control radio transceivers and receivers libhamlib-doc - Documentation for the hamlib radio control library libhamlib-utils - Utilities to support the hamlib radio control library libhamlib2 - Run-time library to control radio transceivers and receivers libhamlib2++c2 - Run-time library to control radio transceivers and receivers libhamlib2-perl - Run-time library to control radio transceivers and receivers libhamlib2-tcl - Run-time library to control radio transceivers and receivers python-libhamlib2 - Run-time library to control radio transceivers and receivers Closes: 556098 559814 Changes: hamlib (1.2.10-1) unstable;
Releasing ncurses
Hello Sven, Thomas and anyone tracking ncurses, Apologies if you get double posts, I'm not sure if you are subscribed to the packages email alias or not. I think we're pretty close where we should be putting out a Debian release of ncurses. I'd like #556378 fixed beforehand, if possible. This is the -static problem, which Sven tried to fix with the --without-dlsym and had build troubles. If I can get some idea on how tricky it is to fix we can then work out wether or not we fix it this time. There's two important bugs that are fixed but not closed off, that's a BTS problem not a ncurses problem. The remaining important level bug #569227 looks more like a shell problem, not ncurses. In any case it seems somewhat specific to the submitters setup. Is there anything else we really need to get sorted out before this release? - Craig -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 http://www.enc.com.au/ csmall at : enc.com.au http://www.debian.org/ Debian GNU/Linux, software should be Free -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100218102756.ga7...@enc.com.au
Re: Releasing ncurses
On Thu, 18 Feb 2010, Craig Small wrote: Hello Sven, Thomas and anyone tracking ncurses, Apologies if you get double posts, I'm not sure if you are subscribed to the packages email alias or not. I think we're pretty close where we should be putting out a Debian release of ncurses. I'd like #556378 fixed beforehand, if possible. This is the -static problem, which Sven tried to fix with the --without-dlsym and had build troubles. If I can get some idea on how tricky it is to fix we can then work out wether or not we fix it this time. It seems small enough that I can do it in my normal cycle on (this) Saturday. Outside of bug-reports like this, I've been mainly working on the mingw port. The sp-funcs stuff is reasonably stable, but probably not a good thing to turn on in a new release. The dlsym and the proposed separate-packaging for Ada95 are the only new items that I recall. There's two important bugs that are fixed but not closed off, that's a BTS problem not a ncurses problem. The remaining important level bug #569227 looks more like a shell problem, not ncurses. In any case it seems somewhat specific to the submitters setup. agree (there's nothing that I can see to followup on). Is there anything else we really need to get sorted out before this release? Not that I recall -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100218053429.c8...@mail101.his.com
Bug#478762: about netbeans and related packages
Hi, Probably you know, netbeans6.8 was released and packaged in Ubuntu by Yulia Novozhilova , who has _already_ ITPed releted some packages in Debian. With some adjustment, I made netbeans 6.8 and those packages for Debian (just imported from Ubuntu). If you are interested in that, please test it. deb http://www.mithril-linux.org/~henrich/debian/package/netbeans/ And you can get source at mentors. http://mentors.debian.net/debian/pool/main/n/netbeans/netbeans_6.8-1.dsc http://mentors.debian.net/debian/pool/main/l/libappframework-java/libappframework-java_1.03-1.dsc http://mentors.debian.net/debian/pool/main/l/libnb-javaparser-java/libnb-javaparser-java_6.8-1.dsc http://mentors.debian.net/debian/pool/main/l/libnb-platform-java/libnb-platform-java_6.8-1.dsc http://mentors.debian.net/debian/pool/main/l/libbeansbinding-java/libbeansbinding-java_1.2.1-1.dsc http://mentors.debian.net/debian/pool/main/l/libini4j-java/libini4j-java_0.4.1-1.dsc http://mentors.debian.net/debian/pool/main/l/libnb-svnclientadapter-java/libnb-svnclientadapter-java_6.7-1.dsc Thank you for your reading this. -- Regards, Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp http://wiki.debian.org/HidekiYamane pgpruXMoIqIgW.pgp Description: PGP signature
Re: Releasing ncurses
On 2010-02-18 11:27 +0100, Craig Small wrote: > Hello Sven, Thomas and anyone tracking ncurses, > Apologies if you get double posts, I'm not sure if you are subscribed > to the packages email alias or not. I am, but I much rather receive a message twice than never. > I think we're pretty close where we should be putting out a Debian > release of ncurses. > > I'd like #556378 fixed beforehand, if possible. This is the -static > problem, which Sven tried to fix with the --without-dlsym and had > build troubles. If I can get some idea on how tricky it is to fix we > can then work out wether or not we fix it this time. > > There's two important bugs that are fixed but not closed off, that's a > BTS problem not a ncurses problem. > > The remaining important level bug #569227 looks more like a shell > problem, not ncurses. In any case it seems somewhat specific to the > submitters setup. Yes, apparently very few people experience it or it would have been reported before. Neither do I have any idea what could have caused it. > Is there anything else we really need to get sorted out before this > release? It seems to me that we need a shlibs bump as there are two new functions, is_pad() and is_subwin(), see the 20090906 NEWS entry. Which means that we could disrupt whatever transition is going on right now. Sorry for not noticing this earlier. Reading the 20100123 NEWS entry I'm also not sure if #542031 is really fixed in master yet. Sven -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ljeqpm9w@turtle.gmx.de
Processed: tagging 568339
Processing commands for cont...@bugs.debian.org: > tags 568339 + patch Bug #568339 [mgp] mgp segfaults on existing mgp files and all the supplied examples Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.126653087224678.transcr...@bugs.debian.org
Processing of mgp_1.13a+upstream20090219-2_i386.changes
mgp_1.13a+upstream20090219-2_i386.changes uploaded successfully to localhost along with the files: mgp_1.13a+upstream20090219-2.dsc mgp_1.13a+upstream20090219-2.diff.gz mgp_1.13a+upstream20090219-2_i386.deb Greetings, Your Debian queue daemon (running on host ries.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1niext-0006jp...@ries.debian.org
mgp_1.13a+upstream20090219-2_i386.changes ACCEPTED
Accepted: mgp_1.13a+upstream20090219-2.diff.gz to main/m/mgp/mgp_1.13a+upstream20090219-2.diff.gz mgp_1.13a+upstream20090219-2.dsc to main/m/mgp/mgp_1.13a+upstream20090219-2.dsc mgp_1.13a+upstream20090219-2_i386.deb to main/m/mgp/mgp_1.13a+upstream20090219-2_i386.deb Override entries for your package: mgp_1.13a+upstream20090219-2.dsc - source x11 mgp_1.13a+upstream20090219-2_i386.deb - optional x11 Announcing to debian-devel-chan...@lists.debian.org Closing bugs: 568339 Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1nif9j-0007bz...@ries.debian.org
Re: Releasing ncurses
On Thu, Feb 18, 2010 at 04:59:55PM +0100, Sven Joachim wrote: > It seems to me that we need a shlibs bump as there are two new > functions, is_pad() and is_subwin(), see the 20090906 NEWS entry. > Which means that we could disrupt whatever transition is going on right > now. Sorry for not noticing this earlier. > > Reading the 20100123 NEWS entry I'm also not sure if #542031 is really > fixed in master yet. It might/might not be (seems to work _here_, but gcc's compiler warnings haven't been that consistent across releases). -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net signature.asc Description: Digital signature
