Debian Bug report logs - #329387
Bugzilla: Unsafe use of temporary files in the syncshadow script

version graph

Package: bugzilla; Maintainer for bugzilla is Raphael Bossek <bossekr@debian.org>;

Reported by: Javier Fernández-Sanguino Peña <jfs@computer.org>

Date: Wed, 21 Sep 2005 14:48:06 UTC

Severity: critical

Tags: patch, sarge, security, woody

Found in version bugzilla/2.16.7-7sarge1

Done: Neil McGovern <neilm@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Alexis Sukrieh <sukria@sukria.net>:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
New Bug report received and forwarded. Copy sent to Alexis Sukrieh <sukria@sukria.net>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>
To: submit@bugs.debian.org
Subject: Bugzilla: Unsafe use of temporary files in the syncshadow script
Date: Wed, 21 Sep 2005 16:21:59 +0200
[Message part 1 (text/plain, inline)]
Package: bugzilla
Version: 2.16.7-7sarge1
Priority: critical
Tags: patch sarge woody

I sent this mail to the security team a while back and forwarded it upstream
too. Since this bug is now public 
(https://bugzilla.mozilla.org/show_bug.cgi?id=305353), I'm opening up a
ticket in the BTS for easier tracking of this issue. Notice that a DSA fixing
this should also fix #321567.

-------------------------------------------------------------------------

Hi there,

Bugzilla (bugzilla_2.14.2-0woody4 and bugzilla_2.16.7-7sarge1) contains
a script which is used to synchronise the bugzilla user database with
the shadow password database called syncshadowdb. This script is intented
to be run by the Bug Tracking System.

The script uses temporary files in an unsafe way since it selects a
name for the file based on PID and does not make any effort to determine
if the file exists and if it is a symlink. A local user could use this
to direct symlink attacks and overwrite files that the Bug Tracking System
has access to.

The attached (untested) patch, which uses File::Temp should fix this issue
and prevent any symlink attacks.

Regards

Javier


--- bugzilla-2.16.7/syncshadowdb.orig	2005-08-06 10:49:27.000000000 +0200
+++ bugzilla-2.16.7/syncshadowdb	2005-08-06 11:04:22.000000000 +0200
@@ -23,6 +23,7 @@
 
 use diagnostics;
 use strict;
+use File::Temp qw/tempfile/;
 
 use lib '/usr/share/bugzilla/lib';
 
@@ -238,7 +239,7 @@
     }
     Verbose("Locking entire database");
     SendSQL($query);
-    my $tempfile = "$tempdir/tmpsyncshadow.$$";
+    my ($tfh, $tempfile) = tempfile("syncshadowdb.XXXXX", DIR => File::Spec->tmpdir, UNLINK => 1);
     Verbose("Dumping database to a temp file ($tempfile).");
     my @ARGS = ("-u", $::db_user);
     if ($::db_pass) { push @ARGS, "-p$::db_pass" }




----- End forwarded message -----
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Alexis Sukrieh <sukria@sukria.net>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 329387@bugs.debian.org (full text, mbox):

From: Alexis Sukrieh <sukria@sukria.net>
To: team@security.debian.org
Cc: frankie@debian.org, 329387@bugs.debian.org
Subject: bugzilla security update for sarge (2.16.7-7sarge2)
Date: Fri, 23 Dec 2005 15:01:24 +0100
[Message part 1 (text/plain, inline)]
Hi,

I'm the maintainer of the backup manager package. 
There are currently one security issue in our sarge package (0.5.7-7sarge1).

I made a package with the patch submitted against the bug #329387 which
closes the issue.

Can we plan to upload that package to security updates?

The package is available on my repository:
    deb-src http://www.sukria.net/debian ./

Changes:
http://www.sukria.net/debian/source/bugzilla_2.16.7-7sarge2_i386.changes

Diff.gz:
http://www.sukria.net/debian/source/bugzilla_2.16.7-7sarge2.diff.gz

Dsc:
http://www.sukria.net/debian/source/bugzilla_2.16.7-7sarge2.dsc

Regards,

-- 
Alexis Sukrieh <sukria@sukria.net>
                                    0x1EE5DD34
Debian                   http://www.debian.org
Backup Manager   http://www.backup-manager.org
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Alexis Sukrieh <sukria@sukria.net>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #15 received at 329387@bugs.debian.org (full text, mbox):

From: Alexis Sukrieh <sukria@sukria.net>
To: Alexis Sukrieh <sukria@sukria.net>, 329387@bugs.debian.org
Cc: team@security.debian.org, frankie@debian.org
Subject: Re: Bug#329387: bugzilla security update for sarge (2.16.7-7sarge2)
Date: Fri, 23 Dec 2005 15:21:58 +0100
* Alexis Sukrieh (sukria@sukria.net) disait :
> I'm the maintainer of the backup manager package. 
                            ^^^^^^^^^^^^^^
Of course I was speaking about bugzilla, not backup-manager, sorry!			    
(Hopefully I'm on holydays this evening ;)

-- 
Alexis Sukrieh <sukria@sukria.net>
                                    0x1EE5DD34
Debian                   http://www.debian.org
Backup Manager   http://www.backup-manager.org



Information forwarded to debian-bugs-dist@lists.debian.org, Alexis Sukrieh <sukria@sukria.net>:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Alexis Sukrieh <sukria@sukria.net>. Full text and rfc822 format available.

Message #20 received at 329387@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Alexis Sukrieh <sukria@sukria.net>
Cc: team@security.debian.org, frankie@debian.org, 329387@bugs.debian.org
Subject: Re: bugzilla security update for sarge (2.16.7-7sarge2)
Date: Fri, 23 Dec 2005 19:22:25 +0100
Alexis Sukrieh wrote:
> Hi,
> 
> I'm the maintainer of the backup manager package. 
> There are currently one security issue in our sarge package (0.5.7-7sarge1).
> 
> I made a package with the patch submitted against the bug #329387 which
> closes the issue.

Umh... I don't have a CVE name to share anymore.  Will provide one
when I got a new bunch.

Do you happen to know about the package in woody?

> Can we plan to upload that package to security updates?

Yes.  I've copied it into the private security archive.

Next steps:

 a) what about woody

 b) what about sid

 c) release advisory

Regards,

	Joey

-- 
The MS-DOS filesystem is nice for removable media.  -- H. Peter Anvin



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Alexis Sukrieh <sukria@sukria.net>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #25 received at 329387@bugs.debian.org (full text, mbox):

From: Alexis Sukrieh <sukria@sukria.net>
To: Martin Schulze <joey@infodrom.org>
Cc: Alexis Sukrieh <sukria@sukria.net>, team@security.debian.org, frankie@debian.org, 329387@bugs.debian.org
Subject: Re: bugzilla security update for sarge (2.16.7-7sarge2)
Date: Sat, 24 Dec 2005 14:05:21 +0100
* Martin Schulze (joey@infodrom.org) disait :
> Do you happen to know about the package in woody?

Well, I don't know. Where can I grab woody's source packages?

>  a) what about woody

As soon as I know where to fetch woody's sources, I will tell you.

>  b) what about sid

Sid is not affected, the vulnerable script does not exist in the sid
version.

-- 
Alexis Sukrieh <sukria@sukria.net>
                                    0x1EE5DD34
Debian                   http://www.debian.org
Backup Manager   http://www.backup-manager.org



Information forwarded to debian-bugs-dist@lists.debian.org, Alexis Sukrieh <sukria@sukria.net>:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Alexis Sukrieh <sukria@sukria.net>. Full text and rfc822 format available.

Message #30 received at 329387@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Martin Schulze <joey@infodrom.org>
Cc: Alexis Sukrieh <sukria@sukria.net>, team@security.debian.org, frankie@debian.org, 329387@bugs.debian.org
Subject: Re: bugzilla security update for sarge (2.16.7-7sarge2)
Date: Sat, 24 Dec 2005 14:30:37 +0100
Martin Schulze wrote:
> Yes.  I've copied it into the private security archive.
> 
> Next steps:
> 
>  a) what about woody

Woody is vulnerable as well, the vulnerable code is present in
syncshadowdb:164

Alexis, you can download the Woody sources through packages.debian.org.

Cheers,
        Moritz



Tags added: security Request was from Moritz Muehlenhoff <jmm@inutil.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Alexis Sukrieh <sukria@sukria.net>:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to David Miller <justdave@bugzilla.org>:
Extra info received and forwarded to list. Copy sent to Alexis Sukrieh <sukria@sukria.net>. Full text and rfc822 format available.

Message #37 received at 329387@bugs.debian.org (full text, mbox):

From: David Miller <justdave@bugzilla.org>
To: 329387@bugs.debian.org
Cc: Alexis Sukrieh <sukria@sukria.net>
Subject: Bugzilla: Unsafe use of temporary files in the syncshadowdb script
Date: Mon, 26 Dec 2005 18:10:52 -0500
FYI, the reporter was mistaken, the upstream bug was NOT public.  He 
could see it because he reported it.  It might as well be now.  (I just 
removed the security flag from it, so it is indeed public now).

The patch he supplied (while a good start) was stated to be untested, 
and we also determined that it did not, in fact, solve the problem 
(because it re-opened the file from scratch after creating the secure 
temp file, rather than using the handle passed back from File::Temp).

We have an upstream patch ready to go, which was awaiting the 2.16.11 
release expected in the next couple weeks.  No point in waiting now.

-- 
Dave Miller                                   http://www.justdave.net/
System Administrator, Mozilla Corporation      http://www.mozilla.com/
Project Leader, Bugzilla Bug Tracking System  http://www.bugzilla.org/



Information forwarded to debian-bugs-dist@lists.debian.org, Alexis Sukrieh <sukria@sukria.net>:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Alexis Sukrieh <sukria@sukria.net>. Full text and rfc822 format available.

Message #42 received at 329387@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: justdave@bugzilla.org
Cc: 329387@bugs.debian.org
Subject: CVE assignment for syncshadowdb issue
Date: Wed, 28 Dec 2005 02:30:34 +0100
Dave,
this has been assigned CVE-2005-4534 by MITRE. Please refer to it
in the 2.16.11 release notes.

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, Alexis Sukrieh <sukria@sukria.net>:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to David Miller <justdave@bugzilla.org>:
Extra info received and forwarded to list. Copy sent to Alexis Sukrieh <sukria@sukria.net>. Full text and rfc822 format available.

Message #47 received at 329387@bugs.debian.org (full text, mbox):

From: David Miller <justdave@bugzilla.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: 329387@bugs.debian.org
Subject: Re: CVE assignment for syncshadowdb issue
Date: Tue, 27 Dec 2005 21:22:37 -0500
Moritz Muehlenhoff wrote on 12/27/05 8:30 PM:

> this has been assigned CVE-2005-4534 by MITRE. Please refer to it
> in the 2.16.11 release notes.

Thanks!  I'm not getting any traction on trying to push a full release 
out for this.  Seems nobody cares about the 2.16 branch anymore (it's 
two stable releases back, and due for EOL on security support by us in a 
couple weeks anyway).  Or it could be that anyone who cares is still on 
Christmas vacation.  Anyhow, I'll have an advisory going out in a few 
hours which just points at the patch.  In reality there's probably very 
few sites using this feature.  There will be a 2.16.11 release, just not 
tonight.

-- 
Dave Miller                                   http://www.justdave.net/
System Administrator, Mozilla Corporation      http://www.mozilla.com/
Project Leader, Bugzilla Bug Tracking System  http://www.bugzilla.org/



Information forwarded to debian-bugs-dist@lists.debian.org, Alexis Sukrieh <sukria@sukria.net>:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to David Miller <justdave@bugzilla.org>:
Extra info received and forwarded to list. Copy sent to Alexis Sukrieh <sukria@sukria.net>. Full text and rfc822 format available.

Message #52 received at 329387@bugs.debian.org (full text, mbox):

From: David Miller <justdave@bugzilla.org>
To: 329387@bugs.debian.org
Subject: Security advisory posted
Date: Wed, 28 Dec 2005 01:01:20 -0500
Upstream security advisory for this issue has been posted at
http://www.bugzilla.org/security/2.16.10-nr/

-- 
Dave Miller                                   http://www.justdave.net/
System Administrator, Mozilla Corporation      http://www.mozilla.com/
Project Leader, Bugzilla Bug Tracking System  http://www.bugzilla.org/



Information forwarded to debian-bugs-dist@lists.debian.org, Alexis Sukrieh <sukria@sukria.net>:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Alexis Sukrieh <sukria@sukria.net>. Full text and rfc822 format available.

Message #57 received at 329387@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Alexis Sukrieh <sukria@sukria.net>
Cc: Debian Security Team <team@security.debian.org>, frankie@debian.org, 329387@bugs.debian.org
Subject: Re: bugzilla security update for sarge (2.16.7-7sarge2)
Date: Wed, 11 Jan 2006 19:57:10 +0100
Hi Alexis!

Alexis Sukrieh wrote:
> * Martin Schulze (joey@infodrom.org) disait :
> > Do you happen to know about the package in woody?
> 
> Well, I don't know. Where can I grab woody's source packages?
> 
> >  a) what about woody
> 
> As soon as I know where to fetch woody's sources, I will tell you.

I guess that I've already answered this mail, but since I can't find
a reply, I better reply now (maybe again).

klecker!joey(pts/6):/org/security.debian.org/queue/accepted> elmo -e -s bugzilla -a source -u
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2.orig.tar.gz
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2-0woody4.dsc
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2-0woody4.diff.gz

> >  b) what about sid
> 
> Sid is not affected, the vulnerable script does not exist in the sid
> version.

Noted.

Regards,

	Joey

-- 
Never trust an operating system you don't have source for!

Please always Cc to me when replying to me on the lists.



Information forwarded to debian-bugs-dist@lists.debian.org, Alexis Sukrieh <sukria@sukria.net>:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Alexis Sukrieh <sukria@sukria.net>. Full text and rfc822 format available.

Message #62 received at 329387@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Alexis Sukrieh <sukria@sukria.net>
Cc: Debian Security Team <team@security.debian.org>, frankie@debian.org, 329387@bugs.debian.org
Subject: Re: bugzilla security update for sarge (2.16.7-7sarge2)
Date: Wed, 11 Jan 2006 19:58:08 +0100
Martin Schulze wrote:
> Alexis Sukrieh wrote:
> > * Martin Schulze (joey@infodrom.org) disait :
> > > Do you happen to know about the package in woody?

Btw. this issue has been assigned CVE-2005-4534, so please add it to the
changelog if you prepare a fixed package for woody as well.

Regards,

	Joey

-- 
Never trust an operating system you don't have source for!

Please always Cc to me when replying to me on the lists.



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Alexis Sukrieh <sukria@sukria.net>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #67 received at 329387@bugs.debian.org (full text, mbox):

From: Alexis Sukrieh <sukria@sukria.net>
To: 329387@bugs.debian.org
Cc: team@security.debian.org, frankie@debian.org
Subject: [bugzilla #329387] new sarge package that fixes CVE-2005-4534
Date: Thu, 10 Aug 2006 18:49:42 +0200
tags 329387 + pending
thanks

Hello,

I've packaged a new version of bugzilla for closing a security issue 
reported on sarge:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329387

This package is 2.16.7-7sarge2 and is available here:

http://www.sukria.net/debian/source/bugzilla_2.16.7-7sarge2_i386.changes
http://www.sukria.net/debian/source/bugzilla_2.16.7-7sarge2.diff.gz
http://www.sukria.net/debian/source/bugzilla_2.16.7-7sarge2.dsc
http://www.sukria.net/debian/source/bugzilla_2.16.7.orig.tar.gz

It only provides the upstream patch (backported from 2.16.11) that 
closes that security issue : CVE-2005-4534

If an upload is possible to the security archive, that would be great.

Thanks.

-- 
Alexis Sukrieh



Information forwarded to debian-bugs-dist@lists.debian.org, Alexis Sukrieh <sukria@sukria.net>:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Alexis Sukrieh <sukria@sukria.net>. Full text and rfc822 format available.

Message #72 received at 329387@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Alexis Sukrieh <sukria@sukria.net>
Cc: 329387@bugs.debian.org, team@security.debian.org, frankie@debian.org
Subject: Re: [bugzilla #329387] new sarge package that fixes CVE-2005-4534
Date: Thu, 10 Aug 2006 19:02:52 +0200
Alexis Sukrieh wrote:
> tags 329387 + pending
> thanks
> 
> Hello,
> 
> I've packaged a new version of bugzilla for closing a security issue 
> reported on sarge:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329387
> 
> This package is 2.16.7-7sarge2 and is available here:
> 
> http://www.sukria.net/debian/source/bugzilla_2.16.7-7sarge2_i386.changes
> http://www.sukria.net/debian/source/bugzilla_2.16.7-7sarge2.diff.gz
> http://www.sukria.net/debian/source/bugzilla_2.16.7-7sarge2.dsc
> http://www.sukria.net/debian/source/bugzilla_2.16.7.orig.tar.gz
> 
> It only provides the upstream patch (backported from 2.16.11) that 
> closes that security issue : CVE-2005-4534
> 
> If an upload is possible to the security archive, that would be great.

The distribution should be stable-security instead of 
testing-proposed-updates. Please also remove all the i18n updates:

jmm@galadriel:~/chroots/sarge/home/jmm$ debdiff bugzilla_2.16.7-7sarge1.dsc bugzilla_2.16.7-7sarge2.dsc | diffstat
 debian/changelog        |   10 +++
 debian/po/ca.po         |  144 ++++++++++++++++++++++++----------------------
 debian/po/cs.po         |  140 ++++++++++++++++++++++++---------------------
 debian/po/de.po         |  144 ++++++++++++++++++++++++----------------------
 debian/po/fr.po         |  142 ++++++++++++++++++++++++----------------------
 debian/po/ja.po         |  142 ++++++++++++++++++++++++----------------------
 debian/po/nl.po         |  144 ++++++++++++++++++++++++----------------------
 debian/po/pt_BR.po      |  144 ++++++++++++++++++++++++----------------------
 debian/po/templates.pot |  148 ++++++++++++++++++++++++------------------------
 syncshadowdb            |   12 ++-

The security fix itself is fine.

Cheers,
        Moritz



Tags added: pending Request was from Alexis Sukrieh <sukria@sukria.net> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Alexis Sukrieh <sukria@sukria.net>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #79 received at 329387@bugs.debian.org (full text, mbox):

From: Alexis Sukrieh <sukria@sukria.net>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: 329387@bugs.debian.org, team@security.debian.org, frankie@debian.org
Subject: Re: [bugzilla #329387] new sarge package that fixes CVE-2005-4534
Date: Fri, 11 Aug 2006 21:39:15 +0200
Moritz Muehlenhoff wrote:
> The distribution should be stable-security instead of 
> testing-proposed-updates. Please also remove all the i18n updates:

Ok, I'll make a new package with the correct distribution.

The i18n updates are automatically made by the build process, it's only 
timtestamp updates, how can I safely disable this?

Regards,

Alexis



Information forwarded to debian-bugs-dist@lists.debian.org, Alexis Sukrieh <sukria@sukria.net>:
Bug#329387; Package bugzilla. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Alexis Sukrieh <sukria@sukria.net>. Full text and rfc822 format available.

Message #84 received at 329387@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Alexis Sukrieh <sukria@sukria.net>
Cc: Moritz Muehlenhoff <jmm@inutil.org>, 329387@bugs.debian.org, team@security.debian.org, frankie@debian.org
Subject: Re: [bugzilla #329387] new sarge package that fixes CVE-2005-4534
Date: Sat, 12 Aug 2006 01:14:45 +0200
Alexis Sukrieh wrote:
> Moritz Muehlenhoff wrote:
> >The distribution should be stable-security instead of 
> >testing-proposed-updates. Please also remove all the i18n updates:
> 
> Ok, I'll make a new package with the correct distribution.
> 
> The i18n updates are automatically made by the build process, it's only 
> timtestamp updates, how can I safely disable this?

You simply build the source package before you are working on the
binary package and don't build the source package after you've built
the binary packages.

Regards,

	Joey

-- 
Long noun chains don't automatically imply security.  -- Bruce Schneier

Please always Cc to me when replying to me on the lists.



Reply sent to Neil McGovern <neilm@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #89 received at 329387-done@bugs.debian.org (full text, mbox):

From: Neil McGovern <neilm@debian.org>
To: 329387-done@bugs.debian.org
Subject: Closing old reports
Date: Fri, 19 Jan 2007 21:40:08 +0000
[Message part 1 (text/plain, inline)]
This only affects Woody, which is depreciated.
Closing.

Neil
-- 
* hermanr feels like a hedgehog having sex...
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 19 Jun 2007 01:44:50 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 08:40:15 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.