Report forwarded to debian-bugs-dist@lists.debian.org, Stefan Hornburg (Racke) <racke@linuxia.de>: Bug#494969; Package sympa.
(full text, mbox, link).
Acknowledgement sent to Olivier Berger <olivier.berger@it-sudparis.eu>:
New Bug report received and forwarded. Copy sent to Stefan Hornburg (Racke) <racke@linuxia.de>.
(full text, mbox, link).
Subject: sympa: Leftover debug code may lead to data loss
Date: Wed, 13 Aug 2008 15:55:46 +0200
Package: sympa
Version: 5.2.3-1.2+etch1
Severity: critical
Justification: causes serious data loss
Tags: security
Thanks to Dmitry E. Oboukhov, for spotting that the following code in Sympa leads to potential data loss due to symlink attacks (I think) :
In wwsympa.fcgi :
open TMP, ">/tmp/dump";
$document->dump(\*TMP);
close TMP;
open TMP, ">/tmp/dump2";
&tools::dump_var ($param, 0, \*TMP);
close TMP;
I'm not completely sure this may be called nor when, but if it may, then better not have /tmp/dump linked to something the CGI could write to.
In any case, such code seems like debug to me, so should be removed I guess (to be notified upstream, too).
Code in sympa.pl about --make_alias_file option may exhibit a similar vulnerability too, although that may not be invoked unless under admin control with a more or less changing filename... so may need more testing and analysis on that second one.
Source : http://uvw.ru/report.lenny.txt, http://lists.debian.org/debian-devel/2008/08/msg00312.html
Hope this helps,
-- System Information:
Debian Release: lenny/sid
APT prefers testing-proposed-updates
APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-openvz-24-004.1d1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages sympa depends on:
ii adduser 3.108 add and remove users and groups
ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii exim4-daemon-light [mail-tra 4.69-6 lightweight Exim MTA (v4) daemon
pn libarchive-zip-perl <none> (no description available)
ii libc6 2.7-13 GNU C Library: Shared libraries
pn libcgi-fast-perl <none> (no description available)
pn libcrypt-ciphersaber-perl <none> (no description available)
pn libdbd-mysql-perl | libdbd-p <none> (no description available)
ii libdbi-perl 1.605-1 Perl5 database interface by Tim Bu
ii libfcgi-perl 0.67-2.1+b1 FastCGI Perl module
ii libintl-perl 1.16-4 Uniforum message translations syst
ii libio-stringy-perl 2.110-4 Perl modules for IO from scalars a
ii libmailtools-perl 2.03-1 Manipulate email in perl programs
pn libmd5-perl <none> (no description available)
ii libmime-perl 5.427-1 transitional dummy package
ii libmime-tools-perl [libmime- 5.427-1 Perl5 modules for MIME-compliant m
pn libmsgcat-perl <none> (no description available)
pn libnet-ldap-perl <none> (no description available)
pn libtemplate-perl <none> (no description available)
ii libxml-libxml-perl 1.66-1+b1 Perl module for using the GNOME li
pn mhonarc <none> (no description available)
ii perl [libmime-base64-perl] 5.10.0-11.1 Larry Wall's Practical Extraction
pn perl-suid <none> (no description available)
ii sysklogd [system-log-daemon] 1.5-5 System Logging Daemon
Versions of packages sympa recommends:
ii doc-base 0.8.16 utilities to manage online documen
ii logrotate 3.7.1-3 Log rotation utility
Versions of packages sympa suggests:
ii apache2-mpm-prefork [httpd] 2.2.9-6 Apache HTTP Server - traditional n
pn libapache-mod-fastcgi <none> (no description available)
pn mysql-server | postgresql <none> (no description available)
ii openssl 0.9.8g-12 Secure Socket Layer (SSL) binary a
--
Olivier BERGER <olivier.berger@it-sudparis.eu>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
Bug marked as found in version 5.3.4-5.
Request was from Olivier Berger <olivier.berger@it-sudparis.eu>
to control@bugs.debian.org.
(Wed, 13 Aug 2008 14:15:04 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Stefan Hornburg (Racke) <racke@linuxia.de>: Bug#494969; Package sympa.
(full text, mbox, link).
Acknowledgement sent to Olivier Berger <olivier.berger@it-sudparis.eu>:
Extra info received and forwarded to list. Copy sent to Stefan Hornburg (Racke) <racke@linuxia.de>.
(full text, mbox, link).
tags 494969 + patch
thanks
Here's a copy of upstream's response (http://sourcesup.cru.fr/tracker/?func=detail&atid=167&aid=4430&group_id=23) :
-----
Date: 14/08/2008 17:15
Expéditeur: Olivier Salaün
Thanks for reporting your thoughts about potential attacks, however it does not seem to be a legitimate threat for the following reasons :
1. new_d_read() in wwsympa.fcgi is a dead function (aimed at
replacing wwsympa::do_d_read() ) and therefore this code cannot be run
2. the make_alias_file code in sympa.pl does create a file in /tmp
directory, however the data it writes are hard-coded, no
possibility of data injection
On a more general perspective, I don't consider symlink attacks as significant threats on a mailing list server because these attacks require a user to login an define a symlink. You would not have
user accounts on a mailing list server.
However, we're going to make some cleanup in the code to a) remove the debug code you mentioned, b) use Sympa's own tmp/ directory instead of /tmp when needed.
Patches have been applied on the trunk only :
http://sourcesup.cru.fr/cgi/viewvc.cgi/trunk/src/sympa.pl?r1=5071&r2=5111http://sourcesup.cru.fr/cgi/viewvc.cgi/trunk/wwsympa/wwsympa.fcgi?r1=5106&r2=5110
-----
I guess both patches need to be applied to the package then.
See attached patch.
Anyway some second opinion may be valuable.
Best regards,
On Wed, Aug 13, 2008 at 03:55:46PM +0200, Olivier Berger wrote:
>
> Thanks to Dmitry E. Oboukhov, for spotting that the following code in Sympa leads to potential data loss due to symlink attacks (I think) :
>
> In wwsympa.fcgi :
> open TMP, ">/tmp/dump";
> $document->dump(\*TMP);
> close TMP;
>
> open TMP, ">/tmp/dump2";
> &tools::dump_var ($param, 0, \*TMP);
> close TMP;
>
> I'm not completely sure this may be called nor when, but if it may, then better not have /tmp/dump linked to something the CGI could write to.
>
> In any case, such code seems like debug to me, so should be removed I guess (to be notified upstream, too).
>
> Code in sympa.pl about --make_alias_file option may exhibit a similar vulnerability too, although that may not be invoked unless under admin control with a more or less changing filename... so may need more testing and analysis on that second one.
>
> Source : http://uvw.ru/report.lenny.txt, http://lists.debian.org/debian-devel/2008/08/msg00312.html
>
> Hope this helps,
>
Tags added: patch
Request was from Olivier Berger <olivier.berger@it-sudparis.eu>
to control@bugs.debian.org.
(Thu, 14 Aug 2008 16:06:03 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Stefan Hornburg (Racke) <racke@linuxia.de>: Bug#494969; Package sympa.
(full text, mbox, link).
Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Stefan Hornburg (Racke) <racke@linuxia.de>.
(full text, mbox, link).
Cc: "Olivier Berger" <olivier.berger@it-sudparis.eu>,
"Dmitry E. Oboukhov" <unera@debian.org>
Subject: Re: Bug#494969: sympa: Leftover debug code may lead to data loss
Date: Thu, 21 Aug 2008 16:14:23 +0200 (CEST)
Hi,
> Thanks for reporting your thoughts about potential attacks, however it does
> not seem to be a legitimate threat for the following reasons :
>
> 1. new_d_read() in wwsympa.fcgi is a dead function (aimed at
> replacing wwsympa::do_d_read() ) and therefore this code cannot be run
>
> 2. the make_alias_file code in sympa.pl does create a file in /tmp
> directory, however the data it writes are hard-coded, no
> possibility of data injection
>
I verified that (1) holds so isn't a critical bug to fix, although it
would be good to remove it just in case someone enables that function
again or copies the code.
The explanation of the upstream author for (2) only means the attack is
more limited, but you can of course still trash the system with it.
As I understand it, sympa.pl does not run as root, am I correct? In any
case the code as in make_alias_file should not be in Lenny so the bug is
still RC.
When grepping the sympa source for "/tmp" I find quite some occurances of
other files directly in tmp with insecure filenames. It should be checked
for each if that code is executed and whether or not they should be moved
to Sympa's private tempdir.
> On a more general perspective, I don't consider symlink attacks as
> significant threats on a mailing list server because these attacks
> require a user to login an define a symlink. You would not have
> user accounts on a mailing list server.
He may consider that, for Debian that doesn't hold as we've never claimed
that these packages may only be used on systems with only fully trusted
users.
cheers,
Thijs
Reply sent to Christian Perrier <bubulle@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Olivier Berger <olivier.berger@it-sudparis.eu>:
Bug acknowledged by developer.
(full text, mbox, link).
Source: sympa
Source-Version: 5.3.4-5.1
We believe that the bug you reported is fixed in the latest version of
sympa, which is due to be installed in the Debian FTP archive:
sympa_5.3.4-5.1.diff.gz
to pool/main/s/sympa/sympa_5.3.4-5.1.diff.gz
sympa_5.3.4-5.1.dsc
to pool/main/s/sympa/sympa_5.3.4-5.1.dsc
sympa_5.3.4-5.1_i386.deb
to pool/main/s/sympa/sympa_5.3.4-5.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 494969@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated sympa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 21 Aug 2008 15:10:38 +0200
Source: sympa
Binary: sympa
Architecture: source i386
Version: 5.3.4-5.1
Distribution: unstable
Urgency: low
Maintainer: Stefan Hornburg (Racke) <racke@linuxia.de>
Changed-By: Christian Perrier <bubulle@debian.org>
Description:
sympa - Modern mailing list manager
Closes: 411983473655480987491959494969495087495572495588495723
Changes:
sympa (5.3.4-5.1) unstable; urgency=low
.
* Non-maintainer upload.
* Bug fix: "(re)configuring sympa won't define soap_url to non-fixed
value", this time for good, hopefully (Closes: #411983).
* Fix insecure files creation in /tmp, backporting upstream fix
(Closes: #494969)
* Remove extra space in debconf templates. Translations unfuzzied
Closes: #473655
* Fix pending l10n issues
* Debconf translations:
- Galician. Closes: #480987
- Swedish. Closes: #491959
- Czech. Closes: #495087
- Russian. Closes: #495572
- Basque. Closes: #495588
- Brazilian Portuguese. Closes: #495723
* [Lintian] Change Depends from obsolete libmime-perl to libmime-tools-perl
* [Lintian] Change "can can handle" to "can handle" in package description
* [Lintian] Set debhelper compatibility level through debian/compat
Checksums-Sha1:
8929161d91d762275667f023a39d973e8b841506 992 sympa_5.3.4-5.1.dsc
ad4ce1634cdf724239779d30b3b9f20f2cd43d8c 111988 sympa_5.3.4-5.1.diff.gz
feb7903256b59eba9a288c6fa347979a0feb4b24 3096090 sympa_5.3.4-5.1_i386.deb
Checksums-Sha256:
e3838ff4f8d26c6bd46c67480be6334378307724452312e3f288d29cd24c898e 992 sympa_5.3.4-5.1.dsc
0a4bbf66a4534bb4ee06711aa4c07f8ef87fd9977e223aa789684628b669b98e 111988 sympa_5.3.4-5.1.diff.gz
1d78ce6209cbd1ea5d5a85d0202fcc9994685a51d78e3386a5b2223a7862f593 3096090 sympa_5.3.4-5.1_i386.deb
Files:
ded2d701a669009dc3be1c986f5dd7f4 992 mail optional sympa_5.3.4-5.1.dsc
227ee7719fc97d87086a161f729a8631 111988 mail optional sympa_5.3.4-5.1.diff.gz
707a274a6d2ace5defa682474044e153 3096090 mail optional sympa_5.3.4-5.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkitpeEACgkQ1OXtrMAUPS2zqwCgs+Bg5vFDS1aEBkwQSuOfnPbi
KDsAoIhnSOxZDI8Q20YoZH5f39iAUwTr
=aVtD
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org, Stefan Hornburg (Racke) <racke@linuxia.de>: Bug#494969; Package sympa.
(full text, mbox, link).
Acknowledgement sent to Olivier Berger <olivier.berger@it-sudparis.eu>:
Extra info received and forwarded to list. Copy sent to Stefan Hornburg (Racke) <racke@linuxia.de>.
(full text, mbox, link).
Cc: 494969@bugs.debian.org, "Dmitry E. Oboukhov" <unera@debian.org>, 496405@bugs.debian.org
Subject: Re: Bug#494969: sympa: Leftover debug code may lead to data loss
Date: Mon, 25 Aug 2008 11:59:46 +0200
Le jeudi 21 août 2008 à 16:14 +0200, Thijs Kinkhorst a écrit :
> When grepping the sympa source for "/tmp" I find quite some occurances
> of
> other files directly in tmp with insecure filenames. It should be
> checked
> for each if that code is executed and whether or not they should be
> moved
> to Sympa's private tempdir.
>
Indeed, grepping through contents of binary package gives quite some
occurrences :
./usr/share/doc/sympa/examples/config/sympa.conf:tmpdir /var/spool/sympa/tmp
./usr/lib/sympa/bin/Log.pm: #open TMP, ">/tmp/logs.dump";
./usr/lib/sympa/bin/tt2.pl: open my $fh, ">/tmp/tt2/$newname";
./usr/lib/sympa/bin/tools.pl: ## first step is the msg signing OK ; /tmp/sympa-smime.$$ is created
./usr/lib/sympa/bin/tools.pl: my $temporary_file = "/tmp/smime-sender.".$$ ;
./usr/lib/sympa/bin/List.pm:# $parser->output_dir($Conf{'spool'} ."/tmp");
./usr/lib/sympa/bin/List.pm:# open TMP2, ">/tmp/digdump"; &tools::dump_var($param, 0, \*TMP2); close TMP2;
./usr/lib/sympa/bin/List.pm:# open TMP2, ">/tmp/digdump"; &tools::dump_var($param, 0, \*TMP2); close TMP2;
./usr/lib/sympa/bin/sympasoap.pm:# open TMP2, ">>/tmp/yy"; printf TMP2 "xxxxxxxxxx parameters \n"; &tools::dump_var($proxy_vs, 0, \*TMP2);printf TMP2 "--------\n"; close TMP2;
./usr/lib/sympa/bin/CAS.pm: $cas->proxyMode(pgtFile => '/tmp/pgt.txt',
./usr/lib/sympa/bin/sympa_wizard.pl:my $new_wwsympa_conf = '/tmp/wwsympa.conf';
./usr/lib/sympa/bin/sympa_wizard.pl:my $new_sympa_conf = '/tmp/sympa.conf';
./usr/lib/sympa/bin/Conf.pm: $o{'tmpdir'}[0] = "$spool/tmp";
./usr/lib/sympa/bin/Conf.pm: # open TMP, ">/tmp/dump1";&tools::dump_var(&load_generic_conf_file($config,\%trusted_applications);, 0,\*TMP);close TMP;
./usr/lib/sympa/bin/Conf.pm:#open TMP2, ">>/tmp/sss"; printf TMP2 "xxxxxxxxxxxxxxxxxxx--------structure admin\n"; &tools::dump_var(\%admin, 0, \*TMP2);printf TMP2 "xxxxxxxxxxxxxxxxxxx--------\n"; close TMP2;
./usr/lib/sympa/bin/sympa_soap_client.pl:# file => '/tmp/my_cookies' );
./usr/lib/sympa/bin/sympa_soap_client.pl: file => '/tmp/my_cookies' );
./usr/lib/sympa/bin/Family.pm: # open TMP, ">/tmp/dump1";
./usr/lib/sympa/bin/Auth.pm: # open TMP2, ">>/tmp/yy"; printf TMP2 "xxxxxxxxxxx\@ trusted_apps \n"; &tools::dump_var(\@trusted_apps, 0, \*TMP2);printf TMP2 "--------\n"; close TMP2;
./usr/lib/sympa/bin/sympa.pl: --make_alias_file : create file in /tmp with all aliases (usefull when aliases.tpl is changed)
./usr/lib/cgi-bin/sympa/wwsympa.fcgi: # open TMP, ">/tmp/dump1";
./usr/lib/cgi-bin/sympa/wwsympa.fcgi: # open TMP, ">/tmp/dump2";
./usr/lib/cgi-bin/sympa/wwsympa.fcgi: #open TMP, ">/tmp/dump1";
./usr/bin/sympa: --make_alias_file : create file in /tmp with all aliases (usefull when aliases.tpl is changed)
./usr/bin/sympa_wizard:my $new_wwsympa_conf = '/tmp/wwsympa.conf';
./usr/bin/sympa_wizard:my $new_sympa_conf = '/tmp/sympa.conf';
I think that even though the first ones reported on /usr/lib/cgi-bin/sympa/wwsympa.fcgi and /usr/lib/sympa/bin/sympa.pl are now fixed by uploaded 5.3.4-5.1, there's some more need for analysis (checking with upstream too).
I think that opening a distinct bug would probably be better too.
Hope this helps.
--
Olivier BERGER <olivier.berger@it-sudparis.eu>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
Forcibly Merged 494969496405.
Request was from Olivier Berger <olivier.berger@it-sudparis.eu>
to control@bugs.debian.org.
(Mon, 25 Aug 2008 12:42:17 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Stefan Hornburg (Racke) <racke@linuxia.de>: Bug#494969; Package sympa.
(full text, mbox, link).
Acknowledgement sent to Olivier Berger <olivier.berger@it-sudparis.eu>:
Extra info received and forwarded to list. Copy sent to Stefan Hornburg (Racke) <racke@linuxia.de>.
(full text, mbox, link).
Cc: "Dmitry E. Oboukhov" <unera@debian.org>, 494969@bugs.debian.org
Subject: Re: Bug#494969: sympa: Leftover debug code may lead to data loss
Date: Mon, 25 Aug 2008 14:42:19 +0200
FYI, I have checked the code and filed 2 more bugs (the rest being false
positives, I think).
#496518 : Insecure use of /tmp in sympa_wizard may lead to system damage
#496520 : Insecure use of /tmp in sympa scripts
The first one is the most serious. The second one is minor.
Thanks for spotting this.
Best regards,
Le lundi 25 août 2008 à 11:59 +0200, Olivier Berger a écrit :
> Le jeudi 21 août 2008 à 16:14 +0200, Thijs Kinkhorst a écrit :
>
> > When grepping the sympa source for "/tmp" I find quite some occurances
> > of
> > other files directly in tmp with insecure filenames. It should be
> > checked
> > for each if that code is executed and whether or not they should be
> > moved
> > to Sympa's private tempdir.
> >
>
> Indeed, grepping through contents of binary package gives quite some
> occurrences :
>
> ./usr/share/doc/sympa/examples/config/sympa.conf:tmpdir /var/spool/sympa/tmp
> ./usr/lib/sympa/bin/Log.pm: #open TMP, ">/tmp/logs.dump";
> ./usr/lib/sympa/bin/tt2.pl: open my $fh, ">/tmp/tt2/$newname";
> ./usr/lib/sympa/bin/tools.pl: ## first step is the msg signing OK ; /tmp/sympa-smime.$$ is created
> ./usr/lib/sympa/bin/tools.pl: my $temporary_file = "/tmp/smime-sender.".$$ ;
> ./usr/lib/sympa/bin/List.pm:# $parser->output_dir($Conf{'spool'} ."/tmp");
> ./usr/lib/sympa/bin/List.pm:# open TMP2, ">/tmp/digdump"; &tools::dump_var($param, 0, \*TMP2); close TMP2;
> ./usr/lib/sympa/bin/List.pm:# open TMP2, ">/tmp/digdump"; &tools::dump_var($param, 0, \*TMP2); close TMP2;
> ./usr/lib/sympa/bin/sympasoap.pm:# open TMP2, ">>/tmp/yy"; printf TMP2 "xxxxxxxxxx parameters \n"; &tools::dump_var($proxy_vs, 0, \*TMP2);printf TMP2 "--------\n"; close TMP2;
> ./usr/lib/sympa/bin/CAS.pm: $cas->proxyMode(pgtFile => '/tmp/pgt.txt',
> ./usr/lib/sympa/bin/sympa_wizard.pl:my $new_wwsympa_conf = '/tmp/wwsympa.conf';
> ./usr/lib/sympa/bin/sympa_wizard.pl:my $new_sympa_conf = '/tmp/sympa.conf';
> ./usr/lib/sympa/bin/Conf.pm: $o{'tmpdir'}[0] = "$spool/tmp";
> ./usr/lib/sympa/bin/Conf.pm: # open TMP, ">/tmp/dump1";&tools::dump_var(&load_generic_conf_file($config,\%trusted_applications);, 0,\*TMP);close TMP;
> ./usr/lib/sympa/bin/Conf.pm:#open TMP2, ">>/tmp/sss"; printf TMP2 "xxxxxxxxxxxxxxxxxxx--------structure admin\n"; &tools::dump_var(\%admin, 0, \*TMP2);printf TMP2 "xxxxxxxxxxxxxxxxxxx--------\n"; close TMP2;
> ./usr/lib/sympa/bin/sympa_soap_client.pl:# file => '/tmp/my_cookies' );
> ./usr/lib/sympa/bin/sympa_soap_client.pl: file => '/tmp/my_cookies' );
> ./usr/lib/sympa/bin/Family.pm: # open TMP, ">/tmp/dump1";
> ./usr/lib/sympa/bin/Auth.pm: # open TMP2, ">>/tmp/yy"; printf TMP2 "xxxxxxxxxxx\@ trusted_apps \n"; &tools::dump_var(\@trusted_apps, 0, \*TMP2);printf TMP2 "--------\n"; close TMP2;
> ./usr/lib/sympa/bin/sympa.pl: --make_alias_file : create file in /tmp with all aliases (usefull when aliases.tpl is changed)
> ./usr/lib/cgi-bin/sympa/wwsympa.fcgi: # open TMP, ">/tmp/dump1";
> ./usr/lib/cgi-bin/sympa/wwsympa.fcgi: # open TMP, ">/tmp/dump2";
> ./usr/lib/cgi-bin/sympa/wwsympa.fcgi: #open TMP, ">/tmp/dump1";
> ./usr/bin/sympa: --make_alias_file : create file in /tmp with all aliases (usefull when aliases.tpl is changed)
> ./usr/bin/sympa_wizard:my $new_wwsympa_conf = '/tmp/wwsympa.conf';
> ./usr/bin/sympa_wizard:my $new_sympa_conf = '/tmp/sympa.conf';
>
> I think that even though the first ones reported on /usr/lib/cgi-bin/sympa/wwsympa.fcgi and /usr/lib/sympa/bin/sympa.pl are now fixed by uploaded 5.3.4-5.1, there's some more need for analysis (checking with upstream too).
>
> I think that opening a distinct bug would probably be better too.
>
> Hope this helps.
>
--
Olivier BERGER <olivier.berger@it-sudparis.eu>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
Bug reopened, originator not changed.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Wed, 27 Aug 2008 15:27:03 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Stefan Hornburg (Racke) <racke@linuxia.de>: Bug#494969; Package sympa.
(full text, mbox, link).
Acknowledgement sent to Olivier Berger <olivier.berger@it-sudparis.eu>:
Extra info received and forwarded to list. Copy sent to Stefan Hornburg (Racke) <racke@linuxia.de>.
(full text, mbox, link).
On Wed, Aug 27, 2008 at 05:24:20PM +0200, Nico Golde wrote:
> reopen 494969
> thanks
>
> Hi,
> I am reopening this bug as I can confirm that there are lots
> of other tmp races in the sympa source. See Oliver Berges
> mail.
>
The other bug is #496518 ?
I'm not sure the current bug needed reopening though...
If it needs indeed reopening, why not (force)merging it with #496518 ?
Anyway... I guess we should prepare an improved version with patch http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=sympa_wizard.patch;att=1;bug=496518 for lenny, then ?
Best regards,
Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Olivier Berger <olivier.berger@it-sudparis.eu>:
Bug acknowledged by developer.
(full text, mbox, link).
Version: 5.3.4-5.1
Hi Olivier,
* Olivier Berger <olivier.berger@it-sudparis.eu> [2008-08-28 11:48]:
> On Wed, Aug 27, 2008 at 05:24:20PM +0200, Nico Golde wrote:
[...]
> The other bug is #496518 ?
>
> I'm not sure the current bug needed reopening though...
Closed again, sorry I didn't see there was a new bug
openened for the other issues.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.