Report forwarded to debian-bugs-dist@lists.debian.org, Hendrik Sattler <debian@hendrik-sattler.de>: Bug#366484; Package openobex-apps.
(full text, mbox, link).
Acknowledgement sent to Jeroen van Wolffelaar <jeroen@wolffelaar.nl>:
New Bug report received and forwarded. Copy sent to Hendrik Sattler <debian@hendrik-sattler.de>.
(full text, mbox, link).
From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: "ircp -r" silently overwrites files
Date: Tue, 9 May 2006 03:56:23 +0200
Package: openobex-apps
Version: 1.2-2
Severity: serious
Tags: security
If you "ircp -r", and someone sends you a file, the filename provided by
the remote source is used -- even if the file still exists.
The source has actually a TODO about this:
//TODO! Rename file if already exist.
(line 129, ircp_io.c)
It think this is quite dangerous, because you could be doing ircp -r in
your homedir, and get '.bashrc' or so accidently.
Of course, risk is quite limited due to the need of physical proximity,
but still.
--Jeroen
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages openobex-apps depends on:
ii libbluetooth1 2.25-1 Library to use the BlueZ Linux Blu
ii libc6 2.3.6-7 GNU C Library: Shared libraries
ii libopenobex1 1.2-2 OBEX protocol library
ii libusb-0.1-4 2:0.1.12-2 userspace USB programming library
openobex-apps recommends no packages.
-- no debconf information
--
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl
Reply sent to Hendrik Sattler <debian@hendrik-sattler.de>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Jeroen van Wolffelaar <jeroen@wolffelaar.nl>:
Bug acknowledged by developer.
(full text, mbox, link).
Source: libopenobex
Source-Version: 1.2-3
We believe that the bug you reported is fixed in the latest version of
libopenobex, which is due to be installed in the Debian FTP archive:
libopenobex1-dev_1.2-3_i386.deb
to pool/main/libo/libopenobex/libopenobex1-dev_1.2-3_i386.deb
libopenobex1_1.2-3_i386.deb
to pool/main/libo/libopenobex/libopenobex1_1.2-3_i386.deb
libopenobex_1.2-3.diff.gz
to pool/main/libo/libopenobex/libopenobex_1.2-3.diff.gz
libopenobex_1.2-3.dsc
to pool/main/libo/libopenobex/libopenobex_1.2-3.dsc
openobex-apps_1.2-3_i386.deb
to pool/main/libo/libopenobex/openobex-apps_1.2-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 366484@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hendrik Sattler <debian@hendrik-sattler.de> (supplier of updated libopenobex package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 12 May 2006 02:14:05 +0200
Source: libopenobex
Binary: libopenobex1 libopenobex1-dev openobex-apps
Architecture: source i386
Version: 1.2-3
Distribution: unstable
Urgency: low
Maintainer: Hendrik Sattler <debian@hendrik-sattler.de>
Changed-By: Hendrik Sattler <debian@hendrik-sattler.de>
Description:
libopenobex1 - OBEX protocol library
libopenobex1-dev - OBEX protocol library - development files
openobex-apps - Applications for OpenOBEX
Closes: 197773216312253857366484
Changes:
libopenobex (1.2-3) unstable; urgency=low
.
* The "fix some bugs after some years" release
* Update ircp.patch to never overwrite existing files but
rename the target name instead (closes: #366484)
* Update rodrigues_irobex_palm3.patch to fix argument parsing
(closes: #216312)
* Add obex_test.patch to fix some issues with the test apps
(closes: #197773). Note that the patch from the bug report
was not plainly used.
* Add manpages for all applications (closes: #253857)
Files:
76376290a9f2c4c8ced698afc25e4545 740 comm optional libopenobex_1.2-3.dsc
341b48491952a39d790cbe043284d635 10540 comm optional libopenobex_1.2-3.diff.gz
8983ecedbb9d585889a33f57d7884373 53592 libdevel extra libopenobex1-dev_1.2-3_i386.deb
e059f2e56b7a62345eae2c6caf95d28d 20000 libs optional libopenobex1_1.2-3_i386.deb
b43d21d065c453b5d93f679a195cb3b1 32192 comm optional openobex-apps_1.2-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEZwoOVkEm8inxm9ERAoIrAKCFnHFYs+RSI8Z1OAqq7LAhiDJOFgCfSHRM
h+0bI0sOEx2a/+vifzLQodI=
=lyL7
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 26 Jun 2007 20:47:31 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.