Debian Bug report logs - #496381
The possibility of attack with the help of symlinks in some Debian packages

version graph

Package: plait; Maintainer for plait is Debian QA Group <packages@qa.debian.org>; Source for plait is src:plait (PTS, buildd, popcon).

Reported by: johfel@gmx.de

Date: Sun, 24 Aug 2008 18:09:57 UTC

Severity: grave

Tags: patch, security

Fixed in version plait/1.5.2-2

Done: Johann Felix Soden <johfel@gmx.de>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, David Symons <david.symons@liberatedcomputing.net>:
Bug#496381; Package plait. (full text, mbox, link).


Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to David Symons <david.symons@liberatedcomputing.net>. (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: submit@bugs.debian.org
Cc: dimka@uvw.ru
Subject: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 22:05:30 +0400
Package: plait
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
    http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
    file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
    file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
    file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
    file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
    file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
    file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
    file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
    file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
    file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
    file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
    file: /usr/share/dtc/admin/accesslog.php
    file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
    file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
    file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
    file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
    file: /usr/share/linuxtrade/bin/linuxtrade.wn
    file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
    file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
    file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
    file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
    file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
    file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
    file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
    file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
    file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
    file: /usr/bin/impose
Binary-package: mgt (2.31-5)
    file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
    file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
    file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
    file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
    file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
    file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
    file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
    file: /usr/lib/lmbench/scripts/rccs
    file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
    file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
    file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
    file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
    file: /usr/bin/optics2rad
    file: /usr/bin/pdelta
    file: /usr/bin/dayfact
    file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
    file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
    file: /usr/share/convirt/image_store/_template_/provision.sh
    file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
    file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/common/provision.sh
    file: /usr/share/convirt/image_store/example/provision.sh
    file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
    file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
    file: /usr/lib/R/bin/javareconf
    file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
    file: /usr/share/xmcd/scripts/ncsarmt
    file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
    file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
    file: /usr/lib/scilab-4.1.2/bin/scilink
    file: /usr/lib/scilab-4.1.2/util/scidoc
    file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
    file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
    file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
    file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
    file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
    file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
    file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
    file: /usr/sbin/checksendmail
    file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
    file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
    file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
    file: /usr/bin/patcil
    file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
    file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
    file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
    file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
    file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
    file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
    file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
    file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
    file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
    file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
    file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
    file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
    file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
    file: /usr/lib/arb/SH/arb_fastdnaml
    file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
    file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
    file: /usr/bin/apertium-gen-deformat
    file: /usr/bin/apertium-gen-reformat
    file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
    file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
    file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
    file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
    file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
    file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
    file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
    file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
    file: /var/lib/wims/public_html/bin/coqweb
    file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
    file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
    file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
    file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
    file: /usr/share/bulmages/examples/scripts/actualizabulmacont
    file: /usr/share/bulmages/examples/scripts/installbulmages-db
    file: /usr/share/bulmages/examples/scripts/creabulmafact
    file: /usr/share/bulmages/examples/scripts/creabulmacont
    file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
    file: /usr/lib/xastir/get-maptools.sh
    file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
    file: /usr/bin/plaiter
    file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
    file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
    file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
    file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
    file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh




Tags added: Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:45:25 GMT) (full text, mbox, link).


Tags added: security Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:57:17 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, David Symons <david.symons@liberatedcomputing.net>:
Bug#496381; Package plait. (full text, mbox, link).


Acknowledgement sent to Vincent Bernat <bernat@luffy.cx>:
Extra info received and forwarded to list. Copy sent to David Symons <david.symons@liberatedcomputing.net>. (full text, mbox, link).


Message #14 received at 496381@bugs.debian.org (full text, mbox, reply):

From: Vincent Bernat <bernat@luffy.cx>
To: 496381@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Patch to fix this issue
Date: Thu, 28 Aug 2008 11:10:26 +0200
[Message part 1 (text/plain, inline)]
tags 496381 + patch
thanks

Hi!

Here is a patch to fix this issue.

[plait-mktemp.patch (text/x-diff, inline)]
diff --git a/plait b/plait
index da29326..4631565 100755
--- a/plait
+++ b/plait
@@ -498,16 +498,18 @@ querystream ()
 
   if test $ORDER = "random"
   then
+    tmpfile="$(mktemp)"
     cat "$HOME/.plait/playlist.m3u" | awk 'BEGIN{srand()} {print rand() "\t" $0}' | \
-      sort -n | cut -f "2-" > /tmp/cut.$$
-    mv /tmp/cut.$$ "$HOME/.plait/playlist.m3u"
+      sort -n | cut -f "2-" > "$tmpfile"
+    mv "$tmpfile" "$HOME/.plait/playlist.m3u"
   fi
 
   # trim the playlist if it has not been edited interactively
   if test $INTERACTIVE = 0
   then
-    head -n $TRACKS > /tmp/head.$$ "$HOME/.plait/playlist.m3u"
-    mv /tmp/head.$$ "$HOME/.plait/playlist.m3u"
+    tmpfile="$(mktemp)"
+    head -n $TRACKS > "$tmpfile" "$HOME/.plait/playlist.m3u"
+    mv "$tmpfile" "$HOME/.plait/playlist.m3u"
   fi
 }
 
@@ -552,10 +554,11 @@ translate_to_windows_file_paths_old ()
   root="`head -n 1 \"$HOME/.plait/playlist.m3u\" | awk \
     '{match($0, "/*[^/]*/[^/]*/"); print substr($0, RSTART, RLENGTH)}'`"
   root="`cygpath -am $root`"
-  cat "$HOME/.plait/playlist.m3u" | awk > /tmp/awk.$$ -v r="$root" \
+  tmpfile="$(mktemp)"
+  cat "$HOME/.plait/playlist.m3u" | awk > "$tmpfile" -v r="$root" \
     'BEGIN { if (r !~ /\/$/) r = r "/"; gsub (/\//, "\\", r) } \
      { s = $0; sub ("^/*[^/]*/[^/]*/", "", s); gsub (/\//, "\\", s); print r s}'
-  mv /tmp/awk.$$ "$HOME/.plait/playlist2.m3u"
+  mv "$tmpfile" "$HOME/.plait/playlist2.m3u"
 }
 
 
@@ -566,10 +569,11 @@ translate_to_windows_file_paths ()
     cat "$HOME/.plait/playlist.m3u" | xargs > "$HOME/.plait/playlist2.m3u" -i cygpath -am "{}"
   else
     root="`cygpath -am \"$MUSICDIR\"`"
-    cat "$HOME/.plait/playlist.m3u" | awk > /tmp/awk.$$ -v r="$root" -v d="$MUSICDIR" \
+    tmpfile="$(mktemp)"
+    cat "$HOME/.plait/playlist.m3u" | awk > "$tmpfile" -v r="$root" -v d="$MUSICDIR" \
       'BEGIN {if (r !~ /\/$/) r = r "/"; gsub (/\//, "\\", r)} \
        {s = $0; sub (d "/", "", s); gsub (/\//, "\\", s); print r s}'
-    mv /tmp/awk.$$ "$HOME/.plait/playlist2.m3u"
+    mv "$tmpfile" "$HOME/.plait/playlist2.m3u"
   fi
 }
 
diff --git a/plaiter b/plaiter
index 9fcef12..d548362 100755
--- a/plaiter
+++ b/plaiter
@@ -237,8 +237,9 @@ handle_interrupt ()
     tries=0
     while true
     do
-      ps -p $playerpid > /tmp/ps.$$
-      foo=`grep "$HELPERNAME" /tmp/ps.$$`
+      tmpfile="$(mktemp)"
+      ps -p $playerpid > "$tmpfile"
+      foo=`grep "$HELPERNAME" "$tmpfile"`
       if test "-$foo-" = "--"
       then
         if test $VERBOSE -gt 0
@@ -670,9 +671,10 @@ controller_mode ()
   # possibly shuffle the playlist
   if test $ORDER = "random"
   then
+    tmpfile="$(mktemp)"
     cat "$HOME/.plait/plaiter0.m3u" | awk 'BEGIN{srand()} {print rand() "\t" $0}' | \
-      sort -n | cut -f "2-" > /tmp/cut.$$
-    mv /tmp/cut.$$ "$HOME/.plait/plaiter0.m3u"
+      sort -n | cut -f "2-" > "$tmpfile"
+    mv "$tmpfile" "$HOME/.plait/plaiter0.m3u"
   fi
 
   cat "$HOME/.plait/plaiter0.m3u" >> "$HOME/.plait/plaiter.m3u"
[Message part 3 (text/plain, inline)]
-- 
No fortunes found

Tags added: patch Request was from Vincent Bernat <bernat@luffy.cx> to control@bugs.debian.org. (Thu, 28 Aug 2008 09:18:29 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, David Symons <david.symons@liberatedcomputing.net>:
Bug#496381; Package plait. (full text, mbox, link).


Acknowledgement sent to Vincent Bernat <bernat@debian.org>:
Extra info received and forwarded to list. Copy sent to David Symons <david.symons@liberatedcomputing.net>. (full text, mbox, link).


Message #21 received at 496381@bugs.debian.org (full text, mbox, reply):

From: Vincent Bernat <bernat@debian.org>
To: 496381@bugs.debian.org
Subject: Re: Patch to fix this issue
Date: Thu, 28 Aug 2008 11:23:34 +0200
[Message part 1 (text/plain, inline)]
Hi!

I have uploaded an NMU with  this fix in delayed+4. Feel free to prepare
a new  version with the  fix if you  want. I can  upload it for  you. My
upload will appear here shortly:
 http://people.debian.org/~djpig/delayed/
 http://people.debian.org/~djpig/delayed.html
-- 
No fortunes found
[Message part 2 (application/pgp-signature, inline)]

Tags added: pending Request was from Vincent Bernat <bernat@luffy.cx> to control@bugs.debian.org. (Fri, 29 Aug 2008 13:45:07 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, David Symons <david.symons@liberatedcomputing.net>:
Bug#496381; Package plait. (full text, mbox, link).


Acknowledgement sent to David Symons <david.symons@une.edu.au>:
Extra info received and forwarded to list. Copy sent to David Symons <david.symons@liberatedcomputing.net>. (full text, mbox, link).


Message #28 received at 496381@bugs.debian.org (full text, mbox, reply):

From: David Symons <david.symons@une.edu.au>
To: Vincent Bernat <bernat@luffy.cx>, 496381@bugs.debian.org
Subject: Re: Bug#496381: Patch to fix this issue
Date: Sat, 30 Aug 2008 07:50:17 +1000
On Thu, 2008-08-28 at 11:10 +0200, Vincent Bernat wrote:
> Hi!
> 
> Here is a patch to fix this issue.

Hi Vincent,

Thanks for the patch.  I've incorporated it and uploaded here:

- URL: http://mentors.debian.net/debian/pool/main/p/plait
- Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free
- dget http://mentors.debian.net/debian/pool/main/p/plait/plait_1.5.2-2.dsc

Please tell me if I am breaching etiquette/protocol in any way.

Regards, David.
-- 
David Symons
Solutions Analyst (Applications)
Information Technology Directorate
The University of New England
Armidale NSW 2351

Phone:  02 6773 2578
Fax:    02 6773 3424
Mobile: 0428 854 784





Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#496381; Package plait. (full text, mbox, link).


Acknowledgement sent to David Symons <david.symons@liberatedcomputing.net>:
Extra info received and forwarded to list. (full text, mbox, link).


Message #33 received at 496381@bugs.debian.org (full text, mbox, reply):

From: David Symons <david.symons@liberatedcomputing.net>
To: Vincent Bernat <bernat@luffy.cx>, 496381@bugs.debian.org
Subject: Re: Bug#496381: Patch to fix this issue
Date: Sat, 30 Aug 2008 07:56:16 +1000
[Message part 1 (text/plain, inline)]
On Thu, 2008-08-28 at 11:10 +0200, Vincent Bernat wrote:
> Hi!
> 
> Here is a patch to fix this issue.

Thanks Vincent,

I've incorporated the patch into this upload:
- URL: http://mentors.debian.net/debian/pool/main/p/plait
- Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free
- dget http://mentors.debian.net/debian/pool/main/p/plait/plait_1.5.2-2.dsc

Please let me know if there are any issues with it.

Regards, David.
-- 
David Symons
Armidale NSW Australia
http://www.liberatedcomputing.net
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, David Symons <david.symons@liberatedcomputing.net>:
Bug#496381; Package plait. (full text, mbox, link).


Acknowledgement sent to Vincent Bernat <bernat@debian.org>:
Extra info received and forwarded to list. Copy sent to David Symons <david.symons@liberatedcomputing.net>. (full text, mbox, link).


Message #38 received at 496381@bugs.debian.org (full text, mbox, reply):

From: Vincent Bernat <bernat@debian.org>
To: David Symons <david.symons@une.edu.au>
Cc: 496381@bugs.debian.org
Subject: Re: Bug#496381: Patch to fix this issue
Date: Sat, 30 Aug 2008 15:46:21 +0200
[Message part 1 (text/plain, inline)]
OoO La  nuit ayant déjà  recouvert d'encre ce  jour du vendredi  29 août
2008, vers 23:50, David Symons <david.symons@une.edu.au> disait :

>> Here is a patch to fix this issue.

> Hi Vincent,

> Thanks for the patch.  I've incorporated it and uploaded here:

> - URL: http://mentors.debian.net/debian/pool/main/p/plait
> - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free
> - dget http://mentors.debian.net/debian/pool/main/p/plait/plait_1.5.2-2.dsc

> Please tell me if I am breaching etiquette/protocol in any way.

If you want, you can set urgency=high since this fixes a security issue.
-- 
 /* After several hours of tedious analysis, the following hash
  * function won.  Do not mess with it... -DaveM
  */
	2.2.16 /usr/src/linux/fs/buffer.c
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#496381; Package plait. (full text, mbox, link).


Acknowledgement sent to David Symons <david.symons@liberatedcomputing.net>:
Extra info received and forwarded to list. (full text, mbox, link).


Message #43 received at 496381@bugs.debian.org (full text, mbox, reply):

From: David Symons <david.symons@liberatedcomputing.net>
To: Vincent Bernat <bernat@debian.org>
Cc: 496381@bugs.debian.org
Subject: Re: Bug#496381: Patch to fix this issue
Date: Sun, 31 Aug 2008 00:12:23 +1000
[Message part 1 (text/plain, inline)]
Hi Vincent,

On Sat, 2008-08-30 at 15:46 +0200, Vincent Bernat wrote:
> If you want, you can set urgency=high since this fixes a security issue.

Done - and reuploaded to mentors.d.n.

Cheers, David.
-- 
David Symons
Armidale NSW Australia
http://www.liberatedcomputing.net
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, David Symons <david.symons@liberatedcomputing.net>:
Bug#496381; Package plait. (full text, mbox, link).


Acknowledgement sent to Vincent Bernat <bernat@debian.org>:
Extra info received and forwarded to list. Copy sent to David Symons <david.symons@liberatedcomputing.net>. (full text, mbox, link).


Message #48 received at 496381@bugs.debian.org (full text, mbox, reply):

From: Vincent Bernat <bernat@debian.org>
To: David Symons <david.symons@liberatedcomputing.net>
Cc: 496381@bugs.debian.org
Subject: Re: Bug#496381: Patch to fix this issue
Date: Sat, 30 Aug 2008 17:33:13 +0200
[Message part 1 (text/plain, inline)]
OoO Vers  la fin  de l'après-midi  du samedi 30  août 2008,  vers 16:12,
David Symons <david.symons@liberatedcomputing.net> disait :

>> If you want, you can set urgency=high since this fixes a security issue.

> Done - and reuploaded to mentors.d.n.

OK, uploaded.
-- 
panic("IRQ, you lose...");
	2.2.16 /usr/src/linux/arch/mips/sgi/kernel/indy_int.c
[Message part 2 (application/pgp-signature, inline)]

Reply sent to David Symons <david.symons@liberatedcomputing.net>:
You have taken responsibility. (full text, mbox, link).


Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. (full text, mbox, link).


Message #53 received at 496381-close@bugs.debian.org (full text, mbox, reply):

From: David Symons <david.symons@liberatedcomputing.net>
To: 496381-close@bugs.debian.org
Subject: Bug#496381: fixed in plait 1.5.2-2
Date: Sat, 30 Aug 2008 15:47:05 +0000
Source: plait
Source-Version: 1.5.2-2

We believe that the bug you reported is fixed in the latest version of
plait, which is due to be installed in the Debian FTP archive:

plait_1.5.2-2.diff.gz
  to pool/main/p/plait/plait_1.5.2-2.diff.gz
plait_1.5.2-2.dsc
  to pool/main/p/plait/plait_1.5.2-2.dsc
plait_1.5.2-2_all.deb
  to pool/main/p/plait/plait_1.5.2-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496381@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Symons <david.symons@liberatedcomputing.net> (supplier of updated plait package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 31 Aug 2008 00:02:13 +1000
Source: plait
Binary: plait
Architecture: source all
Version: 1.5.2-2
Distribution: unstable
Urgency: high
Maintainer: David Symons <david.symons@liberatedcomputing.net>
Changed-By: David Symons <david.symons@liberatedcomputing.net>
Description: 
 plait      - command-line jukebox
Closes: 496381
Changes: 
 plait (1.5.2-2) unstable; urgency=high
 .
   * Use mktemp for temporary files to prevent possible attack using
     symlinks in /tmp. (Closes: #496381)
     Thanks to Vincent Bernat for the patch.
Checksums-Sha1: 
 cd33f9011e3b8b1924b0fee4c903e34423b3d82d 1138 plait_1.5.2-2.dsc
 3ed3c0cf195957a86308221b6c6da3ae52169836 3173 plait_1.5.2-2.diff.gz
 afff456f48411771907320278a5d0bbe35b03051 41072 plait_1.5.2-2_all.deb
Checksums-Sha256: 
 1d1eca379702a8922c57696c69bb86233e6cc0ecd8c4da1c46c34f792329685f 1138 plait_1.5.2-2.dsc
 88f042c4db741011072a3f79f4fc7838476804fed14b77505b3187b256de6213 3173 plait_1.5.2-2.diff.gz
 aadb0224c855531dfb8d82209e340745c858c53d60dc5b6cc70ddcec6f722e19 41072 plait_1.5.2-2_all.deb
Files: 
 f46c84c0859b685eaed931c046b1b1de 1138 sound optional plait_1.5.2-2.dsc
 0eb4712e7d3f2436d143bbf292fe6e55 3173 sound optional plait_1.5.2-2.diff.gz
 6aaf46ded1c70aaa06323c1b3a9bbdd8 41072 sound optional plait_1.5.2-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAki5aFsACgkQKFvXofIqeU7neACgpsvxOkMrMkN/+h0Jcmj96W4T
OdoAoJwFNDg3BWqynTcFM/Ak6JsBKilf
=TCZe
-----END PGP SIGNATURE-----





Reply sent to David Symons <david.symons@une.edu.au>:
You have taken responsibility. (full text, mbox, link).


Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. (full text, mbox, link).


Message #58 received at 496381-done@bugs.debian.org (full text, mbox, reply):

From: David Symons <david.symons@une.edu.au>
To: 496381-done@bugs.debian.org
Subject: Closing
Date: Sat, 13 Sep 2008 06:59:10 +1000
Package: plait
Version: 1.5.2-2

--- Please enter the report below this line. ---

Upload of version 1.5.2-2 and migration to TESTING closes this bug.





Reply sent to David Symons <david.symons@liberatedcomputing.net>:
You have taken responsibility. (full text, mbox, link).


Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. (full text, mbox, link).


Message #63 received at 496381-done@bugs.debian.org (full text, mbox, reply):

From: David Symons <david.symons@liberatedcomputing.net>
To: 496381-done@bugs.debian.org
Subject: Retry closure (using correct email address)
Date: Sat, 13 Sep 2008 22:24:52 +1000
[Message part 1 (text/plain, inline)]
Package: plait
Version: 1.5.2-2

--- Please enter the report below this line. ---


[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 12 Oct 2008 07:36:05 GMT) (full text, mbox, link).


Bug unarchived. Request was from Johann Felix Soden <johfel@gmx.de> to control@bugs.debian.org. (Sat, 28 Nov 2009 23:36:09 GMT) (full text, mbox, link).


Changed Bug submitter to 'johfel@gmx.de' from '"Dmitry E. Oboukhov" <dimka@uvw.ru>' Request was from Johann Felix Soden <johfel@gmx.de> to control@bugs.debian.org. (Sat, 28 Nov 2009 23:42:06 GMT) (full text, mbox, link).


Bug No longer marked as fixed in versions plait/1.5.2-2 and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 28 Nov 2009 23:42:06 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, David Symons <david.symons@liberatedcomputing.net>:
Bug#496381; Package plait. (Sat, 28 Nov 2009 23:57:06 GMT) (full text, mbox, link).


Acknowledgement sent to Johann Felix Soden <johfel@gmx.de>:
Extra info received and forwarded to list. Copy sent to David Symons <david.symons@liberatedcomputing.net>. (Sat, 28 Nov 2009 23:57:07 GMT) (full text, mbox, link).


Message #76 received at 496381@bugs.debian.org (full text, mbox, reply):

From: Johann Felix Soden <johfel@gmx.de>
To: 496381@bugs.debian.org
Subject: Not fixed in 1.5.2-2.
Date: Sun, 29 Nov 2009 00:51:36 +0100
The changelog is not correct because the patch is not applied in version
1.5.2-2 of plait. So this vulnerability still exists.








Bug Marked as found in versions plait/1.5.2-2. Request was from Johann Felix Soden <johfel@gmx.de> to control@bugs.debian.org. (Sun, 29 Nov 2009 00:03:10 GMT) (full text, mbox, link).


Reply sent to Johann Felix Soden <johfel@gmx.de>:
You have taken responsibility. (Sun, 29 Nov 2009 11:36:09 GMT) (full text, mbox, link).


Notification sent to johfel@gmx.de:
Bug acknowledged by developer. (Sun, 29 Nov 2009 11:36:09 GMT) (full text, mbox, link).


Message #83 received at 496381-done@bugs.debian.org (full text, mbox, reply):

From: Johann Felix Soden <johfel@gmx.de>
To: 496381-done@bugs.debian.org
Subject: bug wronly reopened
Date: Sun, 29 Nov 2009 12:33:45 +0100
Package: plait
Version: 1.5.2-2

I was wrong: the patch was applied correctly - sorry for the noise.






Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#496381; Package plait. (Sun, 29 Nov 2009 12:05:33 GMT) (full text, mbox, link).


Acknowledgement sent to David Symons <david.symons@liberatedcomputing.net>:
Extra info received and forwarded to list. (Sun, 29 Nov 2009 12:05:33 GMT) (full text, mbox, link).


Message #88 received at 496381@bugs.debian.org (full text, mbox, reply):

From: David Symons <david.symons@liberatedcomputing.net>
To: 496381@bugs.debian.org
Subject: Re:bug wronly reopened
Date: Sun, 29 Nov 2009 23:03:33 +1100
Hi.

No worries.  I was concerned (of course) but verified this myself also.

(Just to show I'm still watching.)

Regard, Dave.
-- 
David Symons
Armidale NSW Australia
http://www.liberatedcomputing.net




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 28 Dec 2009 07:36:22 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 13:20:25 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.