Report forwarded to debian-bugs-dist@lists.debian.org, Kari Pahula <kaol@debian.org>: Bug#496358; Package crossfire-maps.
(full text, mbox, link).
Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to Kari Pahula <kaol@debian.org>.
(full text, mbox, link).
Subject: Bug#496358: fixed in crossfire-maps 1.11.0-2
Date: Sun, 24 Aug 2008 19:32:09 +0000
Source: crossfire-maps
Source-Version: 1.11.0-2
We believe that the bug you reported is fixed in the latest version of
crossfire-maps, which is due to be installed in the Debian FTP archive:
crossfire-maps_1.11.0-2.diff.gz
to pool/main/c/crossfire-maps/crossfire-maps_1.11.0-2.diff.gz
crossfire-maps_1.11.0-2.dsc
to pool/main/c/crossfire-maps/crossfire-maps_1.11.0-2.dsc
crossfire-maps_1.11.0-2_all.deb
to pool/main/c/crossfire-maps/crossfire-maps_1.11.0-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 496358@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kari Pahula <kaol@debian.org> (supplier of updated crossfire-maps package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 24 Aug 2008 22:01:07 +0300
Source: crossfire-maps
Binary: crossfire-maps
Architecture: source all
Version: 1.11.0-2
Distribution: unstable
Urgency: low
Maintainer: Kari Pahula <kaol@debian.org>
Changed-By: Kari Pahula <kaol@debian.org>
Description:
crossfire-maps - Standard set of maps for crossfire
Closes: 496358
Changes:
crossfire-maps (1.11.0-2) unstable; urgency=low
.
* Removed the Info/ and test/ subdirectories and the pshop_copier script
from the binary package (Closes: #496358)
Checksums-Sha1:
93951408c6d02272e2171691ca26ce3308002f79 1054 crossfire-maps_1.11.0-2.dsc
1d697b7de3b7fbf8f38d0cbd9d3eaf5b76b551b5 2553 crossfire-maps_1.11.0-2.diff.gz
8ead0253c2d1a6c8b67bc6f2e9058304fb962ed9 20777634 crossfire-maps_1.11.0-2_all.deb
Checksums-Sha256:
027f1e5f73fa8531adcdad123d1dba3c3c9c463eb5e1ccd37f34fd2e9c8d8adc 1054 crossfire-maps_1.11.0-2.dsc
c47188926a00d4ca795a83181845b11e60d739eebeb9b5953c60908652f11b36 2553 crossfire-maps_1.11.0-2.diff.gz
c49f83f31fe445d6af08875bb0c08663a4fd08dfbb4d516ac778a63fae6754bc 20777634 crossfire-maps_1.11.0-2_all.deb
Files:
afc78df389feb2e3b48b49f0e9d56a83 1054 games optional crossfire-maps_1.11.0-2.dsc
a31f90595a91fcf69e99fdeece09e897 2553 games optional crossfire-maps_1.11.0-2.diff.gz
5f0be4dfd92fdccaa62e0ab575385dfa 20777634 games optional crossfire-maps_1.11.0-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkixsPAACgkQeYl9593Atw3JjwCfa4F5Pj4mFwoURVBwBjD0tnaF
lrsAn0XTbmm4kWySMZZBWcap5gV1ucBo
=pp8w
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org, Kari Pahula <kaol@debian.org>: Bug#496358; Package crossfire-maps.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Kari Pahula <kaol@debian.org>.
(full text, mbox, link).
Subject: Re: The possibility of attack with the help of symlinks in some
Debian packages
Date: Sun, 24 Aug 2008 13:03:23 -0700
severity 496358 important
thanks
The vulnerable script in this package is
/usr/share/games/crossfire/maps/Info/combine.pl, which is not used by
default; it's provided only as a utility for possible use. I don't think
this should be considered grave.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
Severity set to `important' from `grave'
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(Sun, 24 Aug 2008 20:06:05 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 27 Sep 2008 07:28:46 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.