Debian Bug report logs - #496371
The possibility of attack with the help of symlinks in some Debian packages

version graph

Package: lustre-tests; Maintainer for lustre-tests is Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>;

Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>

Date: Sun, 24 Aug 2008 18:09:30 UTC

Severity: grave

Tags: security

Fixed in version lustre/1.6.5.1-1

Done: Patrick Winnertz <winnie@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>:
Bug#496371; Package lustre-tests. Full text and rfc822 format available.

Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: submit@bugs.debian.org
Cc: dimka@uvw.ru
Subject: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 22:05:28 +0400
Package: lustre-tests
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
    http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
    file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
    file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
    file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
    file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
    file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
    file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
    file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
    file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
    file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
    file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
    file: /usr/share/dtc/admin/accesslog.php
    file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
    file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
    file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
    file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
    file: /usr/share/linuxtrade/bin/linuxtrade.wn
    file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
    file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
    file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
    file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
    file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
    file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
    file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
    file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
    file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
    file: /usr/bin/impose
Binary-package: mgt (2.31-5)
    file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
    file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
    file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
    file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
    file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
    file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
    file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
    file: /usr/lib/lmbench/scripts/rccs
    file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
    file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
    file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
    file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
    file: /usr/bin/optics2rad
    file: /usr/bin/pdelta
    file: /usr/bin/dayfact
    file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
    file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
    file: /usr/share/convirt/image_store/_template_/provision.sh
    file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
    file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/common/provision.sh
    file: /usr/share/convirt/image_store/example/provision.sh
    file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
    file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
    file: /usr/lib/R/bin/javareconf
    file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
    file: /usr/share/xmcd/scripts/ncsarmt
    file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
    file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
    file: /usr/lib/scilab-4.1.2/bin/scilink
    file: /usr/lib/scilab-4.1.2/util/scidoc
    file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
    file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
    file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
    file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
    file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
    file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
    file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
    file: /usr/sbin/checksendmail
    file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
    file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
    file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
    file: /usr/bin/patcil
    file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
    file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
    file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
    file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
    file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
    file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
    file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
    file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
    file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
    file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
    file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
    file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
    file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
    file: /usr/lib/arb/SH/arb_fastdnaml
    file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
    file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
    file: /usr/bin/apertium-gen-deformat
    file: /usr/bin/apertium-gen-reformat
    file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
    file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
    file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
    file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
    file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
    file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
    file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
    file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
    file: /var/lib/wims/public_html/bin/coqweb
    file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
    file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
    file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
    file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
    file: /usr/share/bulmages/examples/scripts/actualizabulmacont
    file: /usr/share/bulmages/examples/scripts/installbulmages-db
    file: /usr/share/bulmages/examples/scripts/creabulmafact
    file: /usr/share/bulmages/examples/scripts/creabulmacont
    file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
    file: /usr/lib/xastir/get-maptools.sh
    file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
    file: /usr/bin/plaiter
    file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
    file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
    file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
    file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
    file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh




Tags added: Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:45:18 GMT) Full text and rfc822 format available.

Tags added: security Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:57:12 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>:
Bug#496371; Package lustre-tests. Full text and rfc822 format available.

Acknowledgement sent to Patrick Winnertz <winnie@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #14 received at 496371@bugs.debian.org (full text, mbox):

From: Patrick Winnertz <winnie@debian.org>
To: "Dmitry E. Oboukhov" <dimka@uvw.ru>, 496371@bugs.debian.org
Subject: Re: [Pkg-lustre-maintainers] Bug#496371: The possibility of attack with the help of symlinks in some Debian packages
Date: Wed, 27 Aug 2008 14:26:32 +0200
[Message part 1 (text/plain, inline)]
Hello Dmitry,
Thanks for your test, but atm I've some problems to fix this issue for lustre-
tests
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files or user's files.
>
> For example if a script uses in its work a temp file which is  created
> in /tmp directory, then every user can create symlink  with  the  same
> name in this directory in order to  destroy  or  rewrite  some  system
> or user file.  Symlink attack may also  lead  not  only  to  the  data
> desctruction but to denial of service as well.
Btw: lustre-tests is a package which contains only binaries for debugging 
lustre, and is therefore only needed on very very few systems. 

But nevertheless this should be fixed. 

I guess the part which is critical is this one:
-----------snip------------------
while date; do
	LOOP=`expr $LOOP + 1`
	echo "Test #$LOOP"
	iozone $VERIFY $ODIR -r $REC -i 0 -i 1 -f $FILE -s $SIZE 2>&1 || exit $?
	[ -f endiozone -o $LOOP -ge $COUNT ] && rm -f endiozone && exit 0
done | tee /tmp/iozone.log
------------snap----------------

This small script creates a log of the iozone run in /tmp without checking if 
this file exists there.  Do you have any hints how to fix this issue? 

Greetings
Winnie


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>:
Bug#496371; Package lustre-tests. Full text and rfc822 format available.

Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #19 received at 496371@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: Patrick Winnertz <winnie@debian.org>, 496371@bugs.debian.org
Cc: "Dmitry E. Oboukhov" <dimka@uvw.ru>
Subject: Re: Bug#496371: [Pkg-lustre-maintainers] Bug#496371: The possibility of attack with the help of symlinks in some Debian packages
Date: Wed, 27 Aug 2008 14:00:22 +0100
[Message part 1 (text/plain, inline)]
This one time, at band camp, Patrick Winnertz said:
> I guess the part which is critical is this one:

tmpfile=$(mktemp /tmp/iozone.XXXXXXXXXX)
> -----------snip------------------
> while date; do
> 	LOOP=`expr $LOOP + 1`
> 	echo "Test #$LOOP"
> 	iozone $VERIFY $ODIR -r $REC -i 0 -i 1 -f $FILE -s $SIZE 2>&1 || exit $?
> 	[ -f endiozone -o $LOOP -ge $COUNT ] && rm -f endiozone && exit 0
> ------------snap----------------
done | tee $tmpfile
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>:
Bug#496371; Package lustre-tests. Full text and rfc822 format available.

Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Extra info received and forwarded to list. Copy sent to Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #24 received at 496371@bugs.debian.org (full text, mbox):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: Patrick Winnertz <winnie@debian.org>, 496371@bugs.debian.org
Subject: Re: [Pkg-lustre-maintainers] Bug#496371: The possibility of attack with the help of symlinks in some Debian packages
Date: Wed, 27 Aug 2008 17:08:21 +0400
[Message part 1 (text/plain, inline)]
SG> tmpfile=$(mktemp /tmp/iozone.XXXXXXXXXX)

use 'mktemp -t iozone.XXXXXXXXXX' instead 'mktemp /tmp/iozone.XXXXXXXXXX'
--
... mpd paused: Manowar - Gloves of Metal

. ''`. Dmitry E. Oboukhov
: :’  : unera@debian.org
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>:
Bug#496371; Package lustre-tests. Full text and rfc822 format available.

Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #29 received at 496371@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: Patrick Winnertz <winnie@debian.org>, 496371@bugs.debian.org
Subject: Re: Bug#496371: [Pkg-lustre-maintainers] Bug#496371: The possibility of attack with the help of symlinks in some Debian packages
Date: Wed, 27 Aug 2008 15:28:49 +0100
[Message part 1 (text/plain, inline)]
This one time, at band camp, Patrick Winnertz said:
> Thanks Stephen,
> 
> > tmpfile=$(mktemp /tmp/iozone.XXXXXXXXXX)
> I know that this way it is possible. But as the user should find the log 
> afterwards I would prefer to use /tmp/iozone.log or something else, nothing 
> random. 
> But as I wrote in my previous email I don't have a idea how to fix this without 
> using mktemp.

You can echo what file to look at.
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]

Reply sent to Patrick Winnertz <winnie@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #34 received at 496371-close@bugs.debian.org (full text, mbox):

From: Patrick Winnertz <winnie@debian.org>
To: 496371-close@bugs.debian.org
Subject: Bug#496371: fixed in lustre 1.6.5.1-1
Date: Fri, 29 Aug 2008 07:02:05 +0000
Source: lustre
Source-Version: 1.6.5.1-1

We believe that the bug you reported is fixed in the latest version of
lustre, which is due to be installed in the Debian FTP archive:

liblustre_1.6.5.1-1_i386.deb
  to pool/main/l/lustre/liblustre_1.6.5.1-1_i386.deb
linux-patch-lustre_1.6.5.1-1_all.deb
  to pool/main/l/lustre/linux-patch-lustre_1.6.5.1-1_all.deb
lustre-dev_1.6.5.1-1_i386.deb
  to pool/main/l/lustre/lustre-dev_1.6.5.1-1_i386.deb
lustre-source_1.6.5.1-1_all.deb
  to pool/main/l/lustre/lustre-source_1.6.5.1-1_all.deb
lustre-tests_1.6.5.1-1_i386.deb
  to pool/main/l/lustre/lustre-tests_1.6.5.1-1_i386.deb
lustre-utils_1.6.5.1-1_i386.deb
  to pool/main/l/lustre/lustre-utils_1.6.5.1-1_i386.deb
lustre_1.6.5.1-1.diff.gz
  to pool/main/l/lustre/lustre_1.6.5.1-1.diff.gz
lustre_1.6.5.1-1.dsc
  to pool/main/l/lustre/lustre_1.6.5.1-1.dsc
lustre_1.6.5.1.orig.tar.gz
  to pool/main/l/lustre/lustre_1.6.5.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496371@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Winnertz <winnie@debian.org> (supplier of updated lustre package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 27 Aug 2008 16:59:29 +0200
Source: lustre
Binary: linux-patch-lustre lustre-source lustre-utils lustre-tests liblustre lustre-dev
Architecture: source all i386
Version: 1.6.5.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian Lustre Packaging team <pkg-lustre-maintainers@lists.alioth.debian.org>
Changed-By: Patrick Winnertz <winnie@debian.org>
Description: 
 liblustre  - Runtime library for Lustre filesystem utilities
 linux-patch-lustre - Linux kernel patch for the Lustre Filesystem
 lustre-dev - Development files for the Lustre filesystem
 lustre-source - source for Lustre filesystem client kernel modules
 lustre-tests - Test suite for the Lustre filesystem
 lustre-utils - Userspace utilities for the Lustre filesystem
Closes: 496371
Changes: 
 lustre (1.6.5.1-1) unstable; urgency=low
 .
   * New upstream version
   * Add README.Debian also to lustre-source
   * Fix possible symlink attack in lustre-tests. (Closes: #496371)
Checksums-Sha1: 
 b7b173efc4d3490be6e4ed64eb25237587b44b5e 1488 lustre_1.6.5.1-1.dsc
 e51c7c2ead94abb99249ac2e22e383b21018ce79 4485031 lustre_1.6.5.1.orig.tar.gz
 5f927df8d81f22a7159dca58bc15599202dbc409 26917 lustre_1.6.5.1-1.diff.gz
 bf6b03b17ed6de1a41fcd710a7f15d8d4982ae4e 465242 linux-patch-lustre_1.6.5.1-1_all.deb
 69a702fe8fa0835b7939232e216873b47b01adf4 3054826 lustre-source_1.6.5.1-1_all.deb
 67f6aa4516da1be4c31fef11b2bd6b439a24c023 533866 lustre-utils_1.6.5.1-1_i386.deb
 88943cdab62f9311c2e58e7b942e607218c18890 360576 lustre-tests_1.6.5.1-1_i386.deb
 c8761534073e2105e581e083aadb54b099434abb 4585414 lustre-dev_1.6.5.1-1_i386.deb
 233ad00d0a58f98c3981a9b13f81960b5609f8c4 669830 liblustre_1.6.5.1-1_i386.deb
Checksums-Sha256: 
 6030a4688050bede5d74e818e858a5d85223e6983a190c58f4a6ffa026362eaf 1488 lustre_1.6.5.1-1.dsc
 28d2a0e4f43c9f28e362e5c4e238b79cdbbc097b0cbb79a7c88ddd884ffdb703 4485031 lustre_1.6.5.1.orig.tar.gz
 e6ba04d8871ce656610943c24eeb3a0c53a00024b8ca0c2428ce7a521dd20d47 26917 lustre_1.6.5.1-1.diff.gz
 4572cd01d402f52e81f36e8cb503361299741101470aa0ce877c6254f0848c47 465242 linux-patch-lustre_1.6.5.1-1_all.deb
 7f9c46a2fbde6d700c083631603c7287def427286edb6021b2681ddbc9b3d200 3054826 lustre-source_1.6.5.1-1_all.deb
 134eb99ae1c5d8743ba55d68b4ad6416fbd8a71ff7986d81e6aff6fa688fca55 533866 lustre-utils_1.6.5.1-1_i386.deb
 03aa06c89d07e94c608fe341c78acf291f740e899dada645b199f74a38c4d260 360576 lustre-tests_1.6.5.1-1_i386.deb
 040a94becfcfb4b78930665f24cb16dada9dc56be8c471fbba24ab46b110ecda 4585414 lustre-dev_1.6.5.1-1_i386.deb
 6e90b58cecb145cb5d062dee90075dc37ccba4dd474f454a4f2c71eca180ac92 669830 liblustre_1.6.5.1-1_i386.deb
Files: 
 081a85161e3f1fb5949a51a78d39cb97 1488 admin optional lustre_1.6.5.1-1.dsc
 fd81b70d94a70762af17e98086d3d537 4485031 admin optional lustre_1.6.5.1.orig.tar.gz
 e0fad1b944474f50a72bd30184a7887c 26917 admin optional lustre_1.6.5.1-1.diff.gz
 beb6452fe3d81a8ce3e1f75df4db0210 465242 devel optional linux-patch-lustre_1.6.5.1-1_all.deb
 29fb0f19ea7569fba4d8753579f63214 3054826 base optional lustre-source_1.6.5.1-1_all.deb
 71ff3c3882c9305543c711611ed1d913 533866 utils optional lustre-utils_1.6.5.1-1_i386.deb
 6dd38633ed2c7ad62cfd031ea56c387d 360576 admin optional lustre-tests_1.6.5.1-1_i386.deb
 79a614000330642a6075b92d9c5c1400 4585414 libdevel optional lustre-dev_1.6.5.1-1_i386.deb
 36b64cea5fca7ffff962e00b1b5ef495 669830 otherosfs optional liblustre_1.6.5.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAki3mCwACgkQzgm26bkTFDoyXQCdFqNoX+K/NkJd52ZrrOIB8LIl
gFAAn3ttuxyhxDYkWofKm9MW6ybgz6/d
=LT6x
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 07 Oct 2008 07:31:01 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 20:59:52 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.