Debian Bug report logs - #496395
The possibility of attack with the help of symlinks in some Debian packages

version graph

Package: apertium; Maintainer for apertium is Debian Science Team <debian-science-maintainers@lists.alioth.debian.org>; Source for apertium is src:apertium.

Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>

Date: Sun, 24 Aug 2008 18:10:35 UTC

Severity: grave

Tags: confirmed, patch, security

Found in versions apertium/3.0.7+1-1, apertium/3.0.7+1-2~lenny2

Fixed in versions 3.0.7+1-3, apertium/3.1.0-1.1

Done: Miguel Gea Milvaques <xerakko@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Francis Tyers <ftyers@prompsit.com>:
Bug#496395; Package apertium. Full text and rfc822 format available.

Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to Francis Tyers <ftyers@prompsit.com>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: submit@bugs.debian.org
Cc: dimka@uvw.ru
Subject: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 22:05:29 +0400
Package: apertium
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
    http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
    file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
    file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
    file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
    file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
    file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
    file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
    file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
    file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
    file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
    file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
    file: /usr/share/dtc/admin/accesslog.php
    file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
    file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
    file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
    file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
    file: /usr/share/linuxtrade/bin/linuxtrade.wn
    file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
    file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
    file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
    file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
    file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
    file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
    file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
    file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
    file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
    file: /usr/bin/impose
Binary-package: mgt (2.31-5)
    file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
    file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
    file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
    file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
    file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
    file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
    file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
    file: /usr/lib/lmbench/scripts/rccs
    file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
    file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
    file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
    file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
    file: /usr/bin/optics2rad
    file: /usr/bin/pdelta
    file: /usr/bin/dayfact
    file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
    file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
    file: /usr/share/convirt/image_store/_template_/provision.sh
    file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
    file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/common/provision.sh
    file: /usr/share/convirt/image_store/example/provision.sh
    file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
    file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
    file: /usr/lib/R/bin/javareconf
    file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
    file: /usr/share/xmcd/scripts/ncsarmt
    file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
    file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
    file: /usr/lib/scilab-4.1.2/bin/scilink
    file: /usr/lib/scilab-4.1.2/util/scidoc
    file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
    file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
    file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
    file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
    file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
    file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
    file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
    file: /usr/sbin/checksendmail
    file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
    file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
    file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
    file: /usr/bin/patcil
    file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
    file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
    file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
    file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
    file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
    file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
    file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
    file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
    file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
    file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
    file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
    file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
    file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
    file: /usr/lib/arb/SH/arb_fastdnaml
    file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
    file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
    file: /usr/bin/apertium-gen-deformat
    file: /usr/bin/apertium-gen-reformat
    file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
    file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
    file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
    file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
    file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
    file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
    file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
    file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
    file: /var/lib/wims/public_html/bin/coqweb
    file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
    file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
    file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
    file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
    file: /usr/share/bulmages/examples/scripts/actualizabulmacont
    file: /usr/share/bulmages/examples/scripts/installbulmages-db
    file: /usr/share/bulmages/examples/scripts/creabulmafact
    file: /usr/share/bulmages/examples/scripts/creabulmacont
    file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
    file: /usr/lib/xastir/get-maptools.sh
    file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
    file: /usr/bin/plaiter
    file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
    file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
    file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
    file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
    file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh




Tags added: Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:45:35 GMT) Full text and rfc822 format available.

Tags added: security Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:57:25 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Francis Tyers <ftyers@prompsit.com>:
Bug#496395; Package apertium. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Francis Tyers <ftyers@prompsit.com>. Full text and rfc822 format available.

Message #14 received at 496395@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 496395@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: The possibility of attack with the help of symlinks in some Debian packages
Date: Wed, 27 Aug 2008 16:01:14 +0200
[Message part 1 (text/plain, inline)]
tags 496395 confirmed patch
thanks

Dmitry E. Oboukhov wrote:
> Package: apertium
> Severity: grave
> 
> Hi, maintainer!
> 
> This message about the error concerns a few packages  at  once.   I've
> tested all the packages (for Lenny) on my Debian mirror.  All  scripts
> of packages (marked as executable) were tested.

Two patches fixing these issues are attached.

Cheers,
        Moritz
[apertium-tmp1.patch (text/x-diff, attachment)]
[apertium-tmp2.patch (text/x-diff, attachment)]

Tags added: confirmed, patch Request was from Moritz Muehlenhoff <jmm@inutil.org> to control@bugs.debian.org. (Wed, 27 Aug 2008 14:09:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Francis Tyers <ftyers@prompsit.com>:
Bug#496395; Package apertium. Full text and rfc822 format available.

Acknowledgement sent to Chris Lamb <chris@chris-lamb.co.uk>:
Extra info received and forwarded to list. Copy sent to Francis Tyers <ftyers@prompsit.com>. Full text and rfc822 format available.

Message #21 received at 496395@bugs.debian.org (full text, mbox):

From: Chris Lamb <chris@chris-lamb.co.uk>
To: 496395@bugs.debian.org
Subject: apertium: diff for NMU version 3.0.7+1-1.1
Date: Sat, 6 Sep 2008 23:04:56 +0100
[Message part 1 (text/plain, inline)]
Hi,

The attached file is the diff for my apertium 3.0.7+1-1.1 NMU. The
associated changelog entry is:

 apertium (3.0.7+1-1.1) unstable; urgency=medium

   * Non-maintainer upload.
   * Replace pid-based, hardcoded and $RANDOM-based temporary file names
     to prevent against symlink attacks. Based mostly on a patch by Moritz
     Muehlenhoff <jmm@inutil.org>. (Closes: #496395)


Regards,

-- 
Chris Lamb, UK                                       chris@chris-lamb.co.uk
                                                            GPG: 0x634F9A20
[apertium-3.0.7+1-1.1-nmu.diff.txt (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Francis Tyers <ftyers@prompsit.com>:
Bug#496395; Package apertium. Full text and rfc822 format available.

Acknowledgement sent to Chris Lamb <chris@chris-lamb.co.uk>:
Extra info received and forwarded to list. Copy sent to Francis Tyers <ftyers@prompsit.com>. Full text and rfc822 format available.

Message #26 received at 496395@bugs.debian.org (full text, mbox):

From: Chris Lamb <chris@chris-lamb.co.uk>
To: 496395@bugs.debian.org
Subject: apertium: updated diff for NMU version 3.0.7+1-1.1
Date: Sat, 6 Sep 2008 23:48:32 +0100
[Message part 1 (text/plain, inline)]
Hi,

The attached file is the updated diff for my apertium 3.0.7+1-1.1 NMU. The
associated changelog entry is:

 apertium (3.0.7+1-1.1) unstable; urgency=medium

   * Non-maintainer upload.
   * Replace pid-based, hardcoded and $RANDOM-based temporary file names
     to prevent against symlink attacks. Based mostly on a patch by Moritz
     Muehlenhoff <jmm@inutil.org>. (Closes: #496395)

The changes are moving the changes from Makefile.in to Makefile.am and
calling autoconf in debian/rules. Thanks to Thomas Viehmann <tv@beamnet.de>.


Regards,

-- 
Chris Lamb, UK                                       chris@chris-lamb.co.uk
                                                            GPG: 0x634F9A20
[apertium-3.0.7+1-1.1-nmu.diff.txt (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]

Reply sent to Chris Lamb <chris@chris-lamb.co.uk>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #31 received at 496395-close@bugs.debian.org (full text, mbox):

From: Chris Lamb <chris@chris-lamb.co.uk>
To: 496395-close@bugs.debian.org
Subject: Bug#496395: fixed in apertium 3.0.7+1-1.1
Date: Sat, 06 Sep 2008 23:02:03 +0000
Source: apertium
Source-Version: 3.0.7+1-1.1

We believe that the bug you reported is fixed in the latest version of
apertium, which is due to be installed in the Debian FTP archive:

apertium_3.0.7+1-1.1.diff.gz
  to pool/main/a/apertium/apertium_3.0.7+1-1.1.diff.gz
apertium_3.0.7+1-1.1.dsc
  to pool/main/a/apertium/apertium_3.0.7+1-1.1.dsc
apertium_3.0.7+1-1.1_amd64.deb
  to pool/main/a/apertium/apertium_3.0.7+1-1.1_amd64.deb
libapertium3-3.0-0-dev_3.0.7+1-1.1_amd64.deb
  to pool/main/a/apertium/libapertium3-3.0-0-dev_3.0.7+1-1.1_amd64.deb
libapertium3-3.0-0_3.0.7+1-1.1_amd64.deb
  to pool/main/a/apertium/libapertium3-3.0-0_3.0.7+1-1.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496395@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <chris@chris-lamb.co.uk> (supplier of updated apertium package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 06 Sep 2008 22:36:07 +0100
Source: apertium
Binary: apertium libapertium3-3.0-0-dev libapertium3-3.0-0
Architecture: source amd64
Version: 3.0.7+1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Francis Tyers <ftyers@prompsit.com>
Changed-By: Chris Lamb <chris@chris-lamb.co.uk>
Description: 
 apertium   - Shallow-transfer machine translation engine
 libapertium3-3.0-0 - Shared library for Apertium
 libapertium3-3.0-0-dev - Development library for Apertium
Closes: 496395
Changes: 
 apertium (3.0.7+1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Replace pid-based, hardcoded and $RANDOM-based temporary file names
     to prevent against symlink attacks. Based mostly on a patch by Moritz
     Muehlenhoff <jmm@inutil.org>. (Closes: #496395)
Checksums-Sha1: 
 ffecd1c57ff0b189f688fb82981bf63ca27b0d71 1243 apertium_3.0.7+1-1.1.dsc
 58ce8e4b71206f79b241d630d2136ee02d775387 6637 apertium_3.0.7+1-1.1.diff.gz
 f3763f9bdcd49799eba7703ae93ae5ee32a4ec40 507222 apertium_3.0.7+1-1.1_amd64.deb
 6dafdbda1c33b4abc5a9221d99edb4c983cd2bad 751668 libapertium3-3.0-0-dev_3.0.7+1-1.1_amd64.deb
 f171c936d37e813d0816a47a65763ebe239d191d 358502 libapertium3-3.0-0_3.0.7+1-1.1_amd64.deb
Checksums-Sha256: 
 ae1d0cca986469f89d4eccbf61464f959ceb0ec60dbe0f5c21548eab6e6e827f 1243 apertium_3.0.7+1-1.1.dsc
 a5bffc714da3745d4984112f4a2881bd8ff7e83e15cd8b3c7b7150682b638f11 6637 apertium_3.0.7+1-1.1.diff.gz
 a17f86161e1eaaccd5a70e4f2d29443a609f98585ae6fc776da42110de4a9675 507222 apertium_3.0.7+1-1.1_amd64.deb
 efae01dfbbcbd06807f410086fa57138d4ba35e9419a152ff0f66ae8dbc107a2 751668 libapertium3-3.0-0-dev_3.0.7+1-1.1_amd64.deb
 1789d75c02f988d2a92a63b9320cf39a0398459631f41a44e3ce7908da020138 358502 libapertium3-3.0-0_3.0.7+1-1.1_amd64.deb
Files: 
 e347dcd097203d223bbeaa768ac2ffd7 1243 libs optional apertium_3.0.7+1-1.1.dsc
 80dd0519f61db01b47088524b6714bca 6637 libs optional apertium_3.0.7+1-1.1.diff.gz
 16d9c736ae1abf7f1436ee3b37b79806 507222 libs optional apertium_3.0.7+1-1.1_amd64.deb
 727a9263af40c54ba8717c8dd7e3cf94 751668 libdevel optional libapertium3-3.0-0-dev_3.0.7+1-1.1_amd64.deb
 3b8a6dd6aba6b8eb1a36483161b576f4 358502 libs optional libapertium3-3.0-0_3.0.7+1-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjDCZkACgkQriZpaaIa1Pmw3QCg/HcFTxfZ4oVyIRIK7Jap/zoZ
7f4AoLBuqegaUy0wscKDnnZZuLBEWKZx
=6Bn0
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Francis Tyers <ftyers@prompsit.com>:
Bug#496395; Package apertium. (Sun, 12 Oct 2008 00:36:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Francis Tyers <ftyers@prompsit.com>. (Sun, 12 Oct 2008 00:36:02 GMT) Full text and rfc822 format available.

Message #36 received at 496395@bugs.debian.org (full text, mbox):

From: Chris Lamb <lamby@debian.org>
To: 496395@bugs.debian.org
Subject: Re: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 12 Oct 2008 01:34:32 +0100
[Message part 1 (text/plain, inline)]
> Source: apertium
> Source-Version: 3.0.7+1-1.1
> 
> We believe that the bug you reported is fixed in the latest version of
> apertium, which is due to be installed in the Debian FTP archive:

For the benefit of anyone following this bug via turmzimmer.net whilst
tracking lenny RC issues, a version of apertium which fixes this bug is
being blocked by #500171.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org
       `-
[signature.asc (application/pgp-signature, attachment)]

Bug reopened, originator not changed. Request was from Francis Tyers <ftyers@prompsit.com> to control@bugs.debian.org. (Wed, 26 Nov 2008 14:36:02 GMT) Full text and rfc822 format available.

Reply sent to Francis Tyers <ftyers@prompsit.com>:
You have taken responsibility. (Thu, 27 Nov 2008 22:27:06 GMT) Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. (Thu, 27 Nov 2008 22:27:07 GMT) Full text and rfc822 format available.

Message #43 received at 496395-close@bugs.debian.org (full text, mbox):

From: Francis Tyers <ftyers@prompsit.com>
To: 496395-close@bugs.debian.org
Subject: Bug#496395: fixed in apertium 3.0.7+1-3
Date: Thu, 27 Nov 2008 22:02:08 +0000
Source: apertium
Source-Version: 3.0.7+1-3

We believe that the bug you reported is fixed in the latest version of
apertium, which is due to be installed in the Debian FTP archive:

apertium_3.0.7+1-3.diff.gz
  to pool/main/a/apertium/apertium_3.0.7+1-3.diff.gz
apertium_3.0.7+1-3.dsc
  to pool/main/a/apertium/apertium_3.0.7+1-3.dsc
apertium_3.0.7+1-3_amd64.deb
  to pool/main/a/apertium/apertium_3.0.7+1-3_amd64.deb
libapertium3-3.0-0-dev_3.0.7+1-3_amd64.deb
  to pool/main/a/apertium/libapertium3-3.0-0-dev_3.0.7+1-3_amd64.deb
libapertium3-3.0-0_3.0.7+1-3_amd64.deb
  to pool/main/a/apertium/libapertium3-3.0-0_3.0.7+1-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496395@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Francis Tyers <ftyers@prompsit.com> (supplier of updated apertium package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 3 Nov 2008 22:47:00 +0000
Source: apertium
Binary: apertium libapertium3-3.0-0-dev libapertium3-3.0-0
Architecture: source amd64
Version: 3.0.7+1-3
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Francis Tyers <ftyers@prompsit.com>
Changed-By: Francis Tyers <ftyers@prompsit.com>
Description: 
 apertium   - Shallow-transfer machine translation engine
 libapertium3-3.0-0 - Shared library for Apertium
 libapertium3-3.0-0-dev - Development library for Apertium
Closes: 496395 503861
Changes: 
 apertium (3.0.7+1-3) testing-proposed-updates; urgency=low
 .
   * Fix PCRE dependency nightmare. (Closes: #503861)
   * Fix mktemp security symlink thing. (Closes: #496395)
Checksums-Sha1: 
 6ed02cb29144539e91cbf6ceeb1a2a7cde5762fb 1225 apertium_3.0.7+1-3.dsc
 3d4922de82831f3a15bcb20ad2fdc3e3fd96c56d 6854 apertium_3.0.7+1-3.diff.gz
 c5168895d3dd009e6557b4ebaaab739e604029c3 500894 apertium_3.0.7+1-3_amd64.deb
 320efdb9e746489d3b24854d973a511f26488f5e 753776 libapertium3-3.0-0-dev_3.0.7+1-3_amd64.deb
 1346e52f3f5780e8ad9d8f844ccb153e74d70e47 358558 libapertium3-3.0-0_3.0.7+1-3_amd64.deb
Checksums-Sha256: 
 fd1a051209747dc4fe215a6173ce42d7d09b47ad554c1e6f47b72ad252805065 1225 apertium_3.0.7+1-3.dsc
 0e2bf446180e95d052853990ee3648dfc640c5196a1ec7d76b65608ddf4e5183 6854 apertium_3.0.7+1-3.diff.gz
 bb249f090473874de0ec86d659180704e3086a00cac621301688a60dd5f78ca8 500894 apertium_3.0.7+1-3_amd64.deb
 764960a3ae92d7ef5439974a362994ccac4678a59014e63c4556daaad66149d5 753776 libapertium3-3.0-0-dev_3.0.7+1-3_amd64.deb
 5650a76997f6f45d94eb9685954c6d524788c718d69c19000c8e09a22289f61a 358558 libapertium3-3.0-0_3.0.7+1-3_amd64.deb
Files: 
 dfe29a56ce9dc51ff2f2d9611fc76a8b 1225 libs optional apertium_3.0.7+1-3.dsc
 775c4f69ff3a32ac4850727d3db60b87 6854 libs optional apertium_3.0.7+1-3.diff.gz
 6ad47336789ef8e049e3af97069c209c 500894 libs optional apertium_3.0.7+1-3_amd64.deb
 79d6d2a855c7e12c7eb8c67a0a545b16 753776 libdevel optional libapertium3-3.0-0-dev_3.0.7+1-3_amd64.deb
 5e4a0b4c5d23f9310bf67dea4a6485b6 358558 libs optional libapertium3-3.0-0_3.0.7+1-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkvFTQACgkQNTNQylgICMSOFQCeIHpdfHyotdmcAkqJubkPGJJR
WxQAmgL8mkGqj+jP5ogp1PPRn/EnVPQE
=qjCq
-----END PGP SIGNATURE-----





Reply sent to Francis Tyers <ftyers@prompsit.com>:
You have taken responsibility. (Sat, 10 Jan 2009 00:09:04 GMT) Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. (Sat, 10 Jan 2009 00:09:04 GMT) Full text and rfc822 format available.

Message #48 received at 496395-close@bugs.debian.org (full text, mbox):

From: Francis Tyers <ftyers@prompsit.com>
To: 496395-close@bugs.debian.org
Subject: Bug#496395: fixed in apertium 3.0.7+1-2~lenny2
Date: Fri, 09 Jan 2009 23:47:03 +0000
Source: apertium
Source-Version: 3.0.7+1-2~lenny2

We believe that the bug you reported is fixed in the latest version of
apertium, which is due to be installed in the Debian FTP archive:

apertium_3.0.7+1-2~lenny2.diff.gz
  to pool/main/a/apertium/apertium_3.0.7+1-2~lenny2.diff.gz
apertium_3.0.7+1-2~lenny2.dsc
  to pool/main/a/apertium/apertium_3.0.7+1-2~lenny2.dsc
apertium_3.0.7+1-2~lenny2_amd64.deb
  to pool/main/a/apertium/apertium_3.0.7+1-2~lenny2_amd64.deb
libapertium3-3.0-0-dev_3.0.7+1-2~lenny2_amd64.deb
  to pool/main/a/apertium/libapertium3-3.0-0-dev_3.0.7+1-2~lenny2_amd64.deb
libapertium3-3.0-0_3.0.7+1-2~lenny2_amd64.deb
  to pool/main/a/apertium/libapertium3-3.0-0_3.0.7+1-2~lenny2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496395@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Francis Tyers <ftyers@prompsit.com> (supplier of updated apertium package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 3 Nov 2008 22:47:00 +0000
Source: apertium
Binary: apertium libapertium3-3.0-0-dev libapertium3-3.0-0
Architecture: source amd64
Version: 3.0.7+1-2~lenny2
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Francis Tyers <ftyers@prompsit.com>
Changed-By: Francis Tyers <ftyers@prompsit.com>
Description: 
 apertium   - Shallow-transfer machine translation engine
 libapertium3-3.0-0 - Shared library for Apertium
 libapertium3-3.0-0-dev - Development library for Apertium
Closes: 496395 503861
Changes: 
 apertium (3.0.7+1-2~lenny2) testing-proposed-updates; urgency=low
 .
   * Fix PCRE dependency nightmare. (Closes: #503861)
   * Fix mktemp security symlink thing. (Closes: #496395)
Checksums-Sha1: 
 8ae3a425ec52fe39444e9f475371761a0569a30d 1263 apertium_3.0.7+1-2~lenny2.dsc
 a58a6cba2dd56a891c92417ab782cce68aebb8bf 7010 apertium_3.0.7+1-2~lenny2.diff.gz
 cc2f6faddfe179962dac91c94460428f02890042 500946 apertium_3.0.7+1-2~lenny2_amd64.deb
 49572e3eebc528787e0bca4c5064c76a40cecb87 753804 libapertium3-3.0-0-dev_3.0.7+1-2~lenny2_amd64.deb
 96565c327d5525ba65034bd1a8456bd14be836f2 358578 libapertium3-3.0-0_3.0.7+1-2~lenny2_amd64.deb
Checksums-Sha256: 
 d6fa88e23692f42fc2503f7b565826202921d120e22cf7ee8dc6b8cba9c37ddc 1263 apertium_3.0.7+1-2~lenny2.dsc
 4e908d0fc60955238f606cdf862a32a44372eb05e223852c46a6c897db38eb45 7010 apertium_3.0.7+1-2~lenny2.diff.gz
 2a488eecb23f0f9e3c5161e86b28d8bdfe1e0d304e4757ade5fb075f37de271e 500946 apertium_3.0.7+1-2~lenny2_amd64.deb
 8a52b41dc9e475ef463856b94f8b15020f6701bbd2662f40e75ef607413541c7 753804 libapertium3-3.0-0-dev_3.0.7+1-2~lenny2_amd64.deb
 9e583d1170289fb4c2d6895c49cef5356baae9ee25eed607f10e3ffe31e90471 358578 libapertium3-3.0-0_3.0.7+1-2~lenny2_amd64.deb
Files: 
 5d20dbf187b43600be567fd15d9da6cd 1263 libs optional apertium_3.0.7+1-2~lenny2.dsc
 3bea0021d81010712cfdbd0d7a88d5ae 7010 libs optional apertium_3.0.7+1-2~lenny2.diff.gz
 df10e294062e25a82021b706fd00f99c 500946 libs optional apertium_3.0.7+1-2~lenny2_amd64.deb
 4bf69d6cf8468ab3994cab376b94c32a 753804 libdevel optional libapertium3-3.0-0-dev_3.0.7+1-2~lenny2_amd64.deb
 15143093d7fbc402e9c6bf66a5b7c2a9 358578 libs optional libapertium3-3.0-0_3.0.7+1-2~lenny2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklVXscACgkQNTNQylgICMSTAQCfRGHbffIKmRKTgSaMBMlEwQwz
sXYAnjuvdiLJ4CLf5CVgTYMdYhq57ySH
=z7s1
-----END PGP SIGNATURE-----





Bug marked as found in version 3.0.7+1-1. Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. (Sat, 17 Jan 2009 17:27:03 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 3.0.7+1-2. Request was from Stephane Glondu <steph@glondu.net> to control@bugs.debian.org. (Tue, 17 Feb 2009 23:33:04 GMT) Full text and rfc822 format available.

Bug no longer marked as fixed in version 3.0.7+1-2. Request was from Stephane Glondu <steph@glondu.net> to control@bugs.debian.org. (Tue, 17 Feb 2009 23:33:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Francis Tyers <ftyers@prompsit.com>:
Bug#496395; Package apertium. (Tue, 17 Feb 2009 23:45:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Francis Tyers <ftyers@prompsit.com>. (Tue, 17 Feb 2009 23:45:02 GMT) Full text and rfc822 format available.

Message #59 received at 496395@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: 496395@bugs.debian.org
Subject: Re: The possibility of attack with the help of symlinks in some Debian packages
Date: Wed, 18 Feb 2009 00:44:41 +0100
Hi

Can you please upload a fixed package to unstable, so it could migrate
together with pcre3, TIA?

Cheers

Luk




Bug marked as found in version 3.0.7+1-2~lenny2. Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. (Fri, 20 Feb 2009 21:54:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Francis Tyers <ftyers@prompsit.com>:
Bug#496395; Package apertium. (Fri, 20 Feb 2009 21:57:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Francis Tyers <ftyers@prompsit.com>. (Fri, 20 Feb 2009 21:57:02 GMT) Full text and rfc822 format available.

Message #66 received at 496395@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: 496395@bugs.debian.org
Subject: Only partially fixed
Date: Fri, 20 Feb 2009 22:54:53 +0100
It seems to me that there's still a bug if there's a race:

function random_suffix
{
        TEMP_FILE="$(mktemp)"
        TARGET="${TEMP_FILE}${1}"
        mv ${TEMP_FILE} ${TARGET} || exit 1
        echo "${TARGET}"
}

And further down:

  OTRASALIDA=$(random_suffix odtsalida.zip)

Followed by no check for failure.  This means that OTRASALIDA can be
the empty string if the mv fails.  I'm not sure how well the script
copes with that, but I couldn't see that it's readily exploitable,
either.

Fix is to create a temporary directory using "mktemp -d" and put the
files into that.




Reply sent to Miguel Gea Milvaques <xerakko@debian.org>:
You have taken responsibility. (Sat, 21 Feb 2009 11:00:06 GMT) Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. (Sat, 21 Feb 2009 11:00:06 GMT) Full text and rfc822 format available.

Message #71 received at 496395-close@bugs.debian.org (full text, mbox):

From: Miguel Gea Milvaques <xerakko@debian.org>
To: 496395-close@bugs.debian.org
Subject: Bug#496395: fixed in apertium 3.1.0-1.1
Date: Sat, 21 Feb 2009 10:25:42 +0000
Source: apertium
Source-Version: 3.1.0-1.1

We believe that the bug you reported is fixed in the latest version of
apertium, which is due to be installed in the Debian FTP archive:

apertium_3.1.0-1.1.diff.gz
  to pool/main/a/apertium/apertium_3.1.0-1.1.diff.gz
apertium_3.1.0-1.1.dsc
  to pool/main/a/apertium/apertium_3.1.0-1.1.dsc
apertium_3.1.0-1.1_amd64.deb
  to pool/main/a/apertium/apertium_3.1.0-1.1_amd64.deb
libapertium3-3.1-0-dev_3.1.0-1.1_amd64.deb
  to pool/main/a/apertium/libapertium3-3.1-0-dev_3.1.0-1.1_amd64.deb
libapertium3-3.1-0_3.1.0-1.1_amd64.deb
  to pool/main/a/apertium/libapertium3-3.1-0_3.1.0-1.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496395@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Miguel Gea Milvaques <xerakko@debian.org> (supplier of updated apertium package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 20 Feb 2009 00:00:27 +0100
Source: apertium
Binary: apertium libapertium3-3.1-0-dev libapertium3-3.1-0
Architecture: source amd64
Version: 3.1.0-1.1
Distribution: unstable
Urgency: low
Maintainer: Francis Tyers <ftyers@prompsit.com>
Changed-By: Miguel Gea Milvaques <xerakko@debian.org>
Description: 
 apertium   - Shallow-transfer machine translation engine
 libapertium3-3.1-0 - Shared library for Apertium
 libapertium3-3.1-0-dev - Development library for Apertium
Closes: 496395 503861
Changes: 
 apertium (3.1.0-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Changed Provides: apertium-pcre1 -> apertium-pcr2  (Closes: #503861)
   * Closes security in unstable that was in t-p-u. (Closes: #496395)
Checksums-Sha1: 
 ce01542c56035200a08872efad7526a909b6b096 1227 apertium_3.1.0-1.1.dsc
 e55d98761c717743c5e2094e1e6a65e2e18ff4cb 5810 apertium_3.1.0-1.1.diff.gz
 5172078082fbc0d0346ad82dc781ca352b419a89 382200 apertium_3.1.0-1.1_amd64.deb
 2bf5a1dff546dc8d911c7d818da0938c5384f4cd 827304 libapertium3-3.1-0-dev_3.1.0-1.1_amd64.deb
 70181d9098b333c857fd8628466ff104ed3c0c06 377792 libapertium3-3.1-0_3.1.0-1.1_amd64.deb
Checksums-Sha256: 
 62bd1cdcfc8e1789117eff56f69c24466239d4eb4fc011ff8fae21ec9176e2e8 1227 apertium_3.1.0-1.1.dsc
 69341b69b48298836f4d82ad2e19ef1b22b69590e83f754d5f5482ee3e4d8462 5810 apertium_3.1.0-1.1.diff.gz
 20b512f5e43a2649e63e8e7fe4d736911c07344a11034ae9014d47c4b8c7c4fa 382200 apertium_3.1.0-1.1_amd64.deb
 aceb433dfc3a58949d1497ea4f3265a19619d6bab42732de0ae421b40fac60d5 827304 libapertium3-3.1-0-dev_3.1.0-1.1_amd64.deb
 22bc284eebb602f0ffec5dd94616c2a3e775a902032e0ae388090ee0ed63693c 377792 libapertium3-3.1-0_3.1.0-1.1_amd64.deb
Files: 
 3ef95ebc3ecc2c24eaed4fa24989a34a 1227 libs optional apertium_3.1.0-1.1.dsc
 1f4951e9b8a48dad63eb064df46b6000 5810 libs optional apertium_3.1.0-1.1.diff.gz
 8bb2f98b73c48fe6f29b29b5bf37a04c 382200 libs optional apertium_3.1.0-1.1_amd64.deb
 b665f2c454e1ca78977c002ba9d63784 827304 libdevel optional libapertium3-3.1-0-dev_3.1.0-1.1_amd64.deb
 bd4282e023aaa4e2c0248c4cd83f6010 377792 libs optional libapertium3-3.1-0_3.1.0-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmd8KwACgkQNTNQylgICMQrAACdGn574CeTgxQKP7rkiSXlfwqB
+IIAnjBIvaFxxLpVRVSiJf8oTLOh6Nt+
=spz0
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 07 Mar 2011 10:25:15 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 19:15:09 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.