Debian Bug report logs -
#496005
donkey-bolonkey: Creates file in current working directory
Reported by: Guillem Jover <guillem@debian.org>
Date: Fri, 22 Aug 2008 00:03:01 UTC
Severity: important
Tags: security
Found in version donkey-bolonkey/2001-5.1
Fixed in version donkey-bolonkey/2008-1
Done: Barry deFreese <bdefreese@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>:
Bug#496005; Package donkey-bolonkey.
(full text, mbox, link).
Acknowledgement sent to Guillem Jover <guillem@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Games Team <pkg-games-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: donkey-bolonkey
Version: 2001-5.1
Severity: important
Tags: security
Hi,
This game creates the file dkbk.hi on the current working dir every
time the game level has finished. It should probably create it under a
dot dir on the home dir (preferably following the XDG base dir spec).
Setting as important as this might be a security problem, allowing for
a symlink attack on certain conditions.
regards,
guillem
Reply sent
to Barry deFreese <bdefreese@debian.org>:
You have taken responsibility.
(Wed, 18 Nov 2009 21:39:16 GMT) (full text, mbox, link).
Notification sent
to Guillem Jover <guillem@debian.org>:
Bug acknowledged by developer.
(Wed, 18 Nov 2009 21:39:16 GMT) (full text, mbox, link).
Message #10 received at 496005-close@bugs.debian.org (full text, mbox, reply):
Source: donkey-bolonkey
Source-Version: 2008-1
We believe that the bug you reported is fixed in the latest version of
donkey-bolonkey, which is due to be installed in the Debian FTP archive:
donkey-bolonkey_2008-1.diff.gz
to main/d/donkey-bolonkey/donkey-bolonkey_2008-1.diff.gz
donkey-bolonkey_2008-1.dsc
to main/d/donkey-bolonkey/donkey-bolonkey_2008-1.dsc
donkey-bolonkey_2008-1_i386.deb
to main/d/donkey-bolonkey/donkey-bolonkey_2008-1_i386.deb
donkey-bolonkey_2008.orig.tar.gz
to main/d/donkey-bolonkey/donkey-bolonkey_2008.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 496005@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Barry deFreese <bdefreese@debian.org> (supplier of updated donkey-bolonkey package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 18 Nov 2009 18:30:26 +0100
Source: donkey-bolonkey
Binary: donkey-bolonkey
Architecture: source i386
Version: 2008-1
Distribution: unstable
Urgency: low
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Barry deFreese <bdefreese@debian.org>
Description:
donkey-bolonkey - Game where you rescue donkeys
Closes: 496005 498810
Changes:
donkey-bolonkey (2008-1) unstable; urgency=low
.
[ Paul Wise ]
* Update upstream homepage
.
[ Barry deFreese ]
* New upstream release. (Closes: #498810).
* Update my e-mail address.
* Add watch file with comments about upstream naming.
* Version GPL path in copyright and fix some syntax issues.
* Add set -e in postinst.
* Refresh patches against new source.
* Bump Standards Version to 3.8.3. (No changes needed).
.
[ Evgeni Golov ]
* Save hiscores to ~/.donkey-bolonkey.hi
Closes: #496005
Checksums-Sha1:
1d0db500926ae27463e67e1376bd36384b8a07e8 1312 donkey-bolonkey_2008-1.dsc
5a3bbfccb9a060636eb6efb9bc3d35f8ad243ee5 227717 donkey-bolonkey_2008.orig.tar.gz
87c2323aa987bec4fe8cd88dc73018bf2747ed01 5145 donkey-bolonkey_2008-1.diff.gz
45d9f4b7d51d2b4707162214b448c0cf1b5cfca1 209752 donkey-bolonkey_2008-1_i386.deb
Checksums-Sha256:
2586e0d2bb7ec1b119ebf87419c18a56d5ceeb777f470e5e0ae77e260c222c06 1312 donkey-bolonkey_2008-1.dsc
d25d9475400ff0e732f6dcb050d697b0278d04833ca39cb0626cdc07dad2b45d 227717 donkey-bolonkey_2008.orig.tar.gz
0d548a425cc5992ea889670496ba7eff5c1b533d1e905e83d13398919ab65199 5145 donkey-bolonkey_2008-1.diff.gz
ac44a2308634ac2cf5041e117024ce5dd6e2faf818229d98abbc75157e2eced5 209752 donkey-bolonkey_2008-1_i386.deb
Files:
cec14f57699129cba76e7d62518391cf 1312 games extra donkey-bolonkey_2008-1.dsc
3b3f183c1ae130d1e2dc0c42aa33eebb 227717 games extra donkey-bolonkey_2008.orig.tar.gz
8f5cd5bedaef58da0e18316cd084b587 5145 games extra donkey-bolonkey_2008-1.diff.gz
55f4f2499774ba7d8bde17ef9dfd4884 209752 games extra donkey-bolonkey_2008-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksETiQACgkQ5ItltUs5T36wNwCgm9zEUeu7NsOlqtu+1Rd/b0vp
RsQAn1BDpo77H/O+TqJU5U8LI/nr4t2u
=G8Ud
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 28 Dec 2009 07:27:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 14:42:04 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.