Debian Bug report logs - #496406
The possibility of attack with the help of symlinks in some Debian packages

version graph

Package: fwbuilder; Maintainer for fwbuilder is Sylvestre Ledru <sylvestre@debian.org>; Source for fwbuilder is src:fwbuilder.

Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>

Date: Sun, 24 Aug 2008 18:11:05 UTC

Severity: grave

Tags: confirmed, patch, security

Fixed in version fwbuilder/2.1.19-5

Done: Sylvestre Ledru <sylvestre.ledru@inria.fr>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Sylvestre Ledru <sylvestre.ledru@inria.fr>:
Bug#496406; Package fwbuilder. Full text and rfc822 format available.

Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to Sylvestre Ledru <sylvestre.ledru@inria.fr>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: submit@bugs.debian.org
Cc: dimka@uvw.ru
Subject: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 22:05:29 +0400
Package: fwbuilder
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
    http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
    file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
    file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
    file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
    file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
    file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
    file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
    file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
    file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
    file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
    file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
    file: /usr/share/dtc/admin/accesslog.php
    file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
    file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
    file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
    file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
    file: /usr/share/linuxtrade/bin/linuxtrade.wn
    file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
    file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
    file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
    file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
    file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
    file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
    file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
    file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
    file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
    file: /usr/bin/impose
Binary-package: mgt (2.31-5)
    file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
    file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
    file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
    file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
    file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
    file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
    file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
    file: /usr/lib/lmbench/scripts/rccs
    file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
    file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
    file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
    file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
    file: /usr/bin/optics2rad
    file: /usr/bin/pdelta
    file: /usr/bin/dayfact
    file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
    file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
    file: /usr/share/convirt/image_store/_template_/provision.sh
    file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
    file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/common/provision.sh
    file: /usr/share/convirt/image_store/example/provision.sh
    file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
    file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
    file: /usr/lib/R/bin/javareconf
    file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
    file: /usr/share/xmcd/scripts/ncsarmt
    file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
    file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
    file: /usr/lib/scilab-4.1.2/bin/scilink
    file: /usr/lib/scilab-4.1.2/util/scidoc
    file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
    file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
    file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
    file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
    file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
    file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
    file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
    file: /usr/sbin/checksendmail
    file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
    file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
    file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
    file: /usr/bin/patcil
    file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
    file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
    file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
    file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
    file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
    file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
    file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
    file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
    file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
    file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
    file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
    file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
    file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
    file: /usr/lib/arb/SH/arb_fastdnaml
    file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
    file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
    file: /usr/bin/apertium-gen-deformat
    file: /usr/bin/apertium-gen-reformat
    file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
    file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
    file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
    file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
    file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
    file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
    file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
    file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
    file: /var/lib/wims/public_html/bin/coqweb
    file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
    file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
    file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
    file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
    file: /usr/share/bulmages/examples/scripts/actualizabulmacont
    file: /usr/share/bulmages/examples/scripts/installbulmages-db
    file: /usr/share/bulmages/examples/scripts/creabulmafact
    file: /usr/share/bulmages/examples/scripts/creabulmacont
    file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
    file: /usr/lib/xastir/get-maptools.sh
    file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
    file: /usr/bin/plaiter
    file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
    file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
    file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
    file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
    file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh




Information forwarded to debian-bugs-dist@lists.debian.org, Sylvestre Ledru <sylvestre.ledru@inria.fr>:
Bug#496406; Package fwbuilder. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Sylvestre Ledru <sylvestre.ledru@inria.fr>. Full text and rfc822 format available.

Message #10 received at 496406@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 496406@bugs.debian.org, control@bugs.debian.org
Subject: here's a patch
Date: Mon, 25 Aug 2008 21:39:00 +0200
[Message part 1 (text/plain, inline)]
tags 496406 security confirmed patch
thanks

Hi,

Yes, the bug is indeed present. Attached patch fixes it.


Thijs
[496411.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Tags added: security, confirmed, patch Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Mon, 25 Aug 2008 19:45:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Sylvestre Ledru <sylvestre.ledru@inria.fr>:
Bug#496406; Package fwbuilder. Full text and rfc822 format available.

Acknowledgement sent to Tomas Hoger <thoger@redhat.com>:
Extra info received and forwarded to list. Copy sent to Sylvestre Ledru <sylvestre.ledru@inria.fr>. Full text and rfc822 format available.

Message #17 received at 496406@bugs.debian.org (full text, mbox):

From: Tomas Hoger <thoger@redhat.com>
To: Thijs Kinkhorst <thijs@debian.org>, 496406@bugs.debian.org
Subject: Re: here's a patch (fwbuilder, #496406)
Date: Mon, 25 Aug 2008 22:21:03 +0200
Hi Thijs!

Just out of curiosity, why bother with temp file and not use:

  eval `ssh-agent -s` > /dev/null

?  (I haven't checked the actual script, just the patch, so apologies
if I'm missing some important bits.)

-- 
Tomas Hoger




Information forwarded to debian-bugs-dist@lists.debian.org, Sylvestre Ledru <sylvestre.ledru@inria.fr>:
Bug#496406; Package fwbuilder. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Sylvestre Ledru <sylvestre.ledru@inria.fr>. Full text and rfc822 format available.

Message #22 received at 496406@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: Tomas Hoger <thoger@redhat.com>
Cc: 496406@bugs.debian.org
Subject: Re: here's a patch (fwbuilder, #496406)
Date: Mon, 25 Aug 2008 22:28:20 +0200
[Message part 1 (text/plain, inline)]
Hi Tomas,

On Monday 25 August 2008 22:21, Tomas Hoger wrote:
> Just out of curiosity, why bother with temp file and not use:
>
>   eval `ssh-agent -s` > /dev/null
>
> ?  (I haven't checked the actual script, just the patch, so apologies
> if I'm missing some important bits.)

Thank you for your concern. Yes, that's probably equivalent. However, I took 
the approach that I thought would be absolutely minimal: replace existing 
temp file usage with safe temp file usage. In this case the difference is 
indeed small, but I leave that up to the maintainer.

cheers,
Thijs
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#496406; Package fwbuilder. Full text and rfc822 format available.

Acknowledgement sent to Sylvestre Ledru <sylvestre.ledru@inria.fr>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #27 received at 496406@bugs.debian.org (full text, mbox):

From: Sylvestre Ledru <sylvestre.ledru@inria.fr>
To: Thijs Kinkhorst <thijs@debian.org>, 496406@bugs.debian.org
Subject: Re: Bug#496406: here's a patch
Date: Mon, 25 Aug 2008 22:48:13 +0200
Hello,

Thank you very much for your patch.
It has been added [1] but fwbuilder is currently in NEW (for a new
package).
Torsten or I are going to upload it in unstable when the version -4 will
be processed.

Thanks again,
Sylvestre

[1] https://bollin.googlecode.com/svn/fwbuilder/trunk


> tags 496406 security confirmed patch
> thanks
> 
> Hi,
> 
> Yes, the bug is indeed present. Attached patch fixes it.
> 
> 
> Thijs





Tags added: Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:45:44 GMT) Full text and rfc822 format available.

Tags added: security Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:57:34 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Sylvestre Ledru <sylvestre.ledru@inria.fr>:
Bug#496406; Package fwbuilder. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Sylvestre Ledru <sylvestre.ledru@inria.fr>. Full text and rfc822 format available.

Message #36 received at 496406@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: Sylvestre Ledru <sylvestre.ledru@inria.fr>
Cc: 496406@bugs.debian.org
Subject: Re: Bug#496406: here's a patch
Date: Tue, 26 Aug 2008 12:38:09 +0200
[Message part 1 (text/plain, inline)]
On Monday 25 August 2008 22:48, Sylvestre Ledru wrote:
> Thank you very much for your patch.
> It has been added [1] but fwbuilder is currently in NEW (for a new
> package).
> Torsten or I are going to upload it in unstable when the version -4 will
> be processed.

Thanks, but please note that this fix should go into lenny. I'm not sure that 
that NEW package is going into lenny, so maybe you need to prepare a version 
for testing proposed updates?


cheers,
Thijs
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#496406; Package fwbuilder. Full text and rfc822 format available.

Acknowledgement sent to Sylvestre Ledru <sylvestre.ledru@inria.fr>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #41 received at 496406@bugs.debian.org (full text, mbox):

From: Sylvestre Ledru <sylvestre.ledru@inria.fr>
To: Thijs Kinkhorst <thijs@debian.org>
Cc: 496406@bugs.debian.org
Subject: Re: Bug#496406: here's a patch
Date: Tue, 26 Aug 2008 12:52:51 +0200
Le mardi 26 août 2008 à 12:38 +0200, Thijs Kinkhorst a écrit :
> On Monday 25 August 2008 22:48, Sylvestre Ledru wrote:
> > Thank you very much for your patch.
> > It has been added [1] but fwbuilder is currently in NEW (for a new
> > package).
> > Torsten or I are going to upload it in unstable when the version -4 will
> > be processed.
> 
> Thanks, but please note that this fix should go into lenny. I'm not sure that 
> that NEW package is going into lenny, so maybe you need to prepare a version 
> for testing proposed updates?
Yep, I agree that should be fixed in Lenny too. I will ask for the
package to be unblocked.

Sylvestre






Reply sent to Sylvestre Ledru <sylvestre.ledru@inria.fr>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #46 received at 496406-close@bugs.debian.org (full text, mbox):

From: Sylvestre Ledru <sylvestre.ledru@inria.fr>
To: 496406-close@bugs.debian.org
Subject: Bug#496406: fixed in fwbuilder 2.1.19-5
Date: Mon, 01 Sep 2008 12:32:05 +0000
Source: fwbuilder
Source-Version: 2.1.19-5

We believe that the bug you reported is fixed in the latest version of
fwbuilder, which is due to be installed in the Debian FTP archive:

fwbuilder-bsd_2.1.19-5_i386.deb
  to pool/main/f/fwbuilder/fwbuilder-bsd_2.1.19-5_i386.deb
fwbuilder-cisco_2.1.19-5_i386.deb
  to pool/main/f/fwbuilder/fwbuilder-cisco_2.1.19-5_i386.deb
fwbuilder-common_2.1.19-5_all.deb
  to pool/main/f/fwbuilder/fwbuilder-common_2.1.19-5_all.deb
fwbuilder-dbg_2.1.19-5_i386.deb
  to pool/main/f/fwbuilder/fwbuilder-dbg_2.1.19-5_i386.deb
fwbuilder-doc_2.1.19-5_all.deb
  to pool/main/f/fwbuilder/fwbuilder-doc_2.1.19-5_all.deb
fwbuilder-linux_2.1.19-5_i386.deb
  to pool/main/f/fwbuilder/fwbuilder-linux_2.1.19-5_i386.deb
fwbuilder_2.1.19-5.diff.gz
  to pool/main/f/fwbuilder/fwbuilder_2.1.19-5.diff.gz
fwbuilder_2.1.19-5.dsc
  to pool/main/f/fwbuilder/fwbuilder_2.1.19-5.dsc
fwbuilder_2.1.19-5_i386.deb
  to pool/main/f/fwbuilder/fwbuilder_2.1.19-5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496406@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sylvestre Ledru <sylvestre.ledru@inria.fr> (supplier of updated fwbuilder package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 25 Aug 2008 21:57:00 +0200
Source: fwbuilder
Binary: fwbuilder fwbuilder-common fwbuilder-doc fwbuilder-linux fwbuilder-bsd fwbuilder-cisco fwbuilder-dbg
Architecture: source all i386
Version: 2.1.19-5
Distribution: unstable
Urgency: low
Maintainer: Sylvestre Ledru <sylvestre.ledru@inria.fr>
Changed-By: Sylvestre Ledru <sylvestre.ledru@inria.fr>
Description: 
 fwbuilder  - Firewall administration tool GUI
 fwbuilder-bsd - Firewall Builder policy compiler(s) for BSD based firewalls
 fwbuilder-cisco - Firewall Builder policy compiler(s) for Cisco based firewalls
 fwbuilder-common - Firewall administration tool GUI (common files)
 fwbuilder-dbg - Firewall administration tool GUI (debugging symbols)
 fwbuilder-doc - Firewall administration tool GUI documentation
 fwbuilder-linux - Firewall Builder policy compiler(s) for Linux based firewalls
Closes: 496406
Changes: 
 fwbuilder (2.1.19-5) unstable; urgency=low
 .
   * Fix a security issue. Thanks to Thijs Kinkhorst. (Closes: #496406)
Checksums-Sha1: 
 def142ac83e36a23f42baf4c250b5f8c871a7639 1470 fwbuilder_2.1.19-5.dsc
 e177e187eba0c5f9a6b79486d6f3173d3da39622 9340 fwbuilder_2.1.19-5.diff.gz
 a286c5e53b2bcd67447ef7bf93d4bcd72cfb0cc8 388486 fwbuilder-common_2.1.19-5_all.deb
 1a212a044cf6a01b68de0a050b9abd6c3378c4ab 158028 fwbuilder-doc_2.1.19-5_all.deb
 2f208190effb1fc56dfdf0a97a09f8fbf05b2a0e 1497994 fwbuilder_2.1.19-5_i386.deb
 c5c8c7e60a481c1d7fa77cf734683e8c170c0750 344000 fwbuilder-linux_2.1.19-5_i386.deb
 b5e72ee26b542130bc5f27268458245209111ecd 526774 fwbuilder-bsd_2.1.19-5_i386.deb
 15ed0d191e1e7fa5d0a68ee4f5936a487b909719 381878 fwbuilder-cisco_2.1.19-5_i386.deb
 958a4561c881c19ff68cfb221633b3e3b027ae45 15992960 fwbuilder-dbg_2.1.19-5_i386.deb
Checksums-Sha256: 
 87001e7bf8a34f15403b01748163f876e8b74bde355b297f5b79193cc1587b72 1470 fwbuilder_2.1.19-5.dsc
 a84d669692c5cf14e7de0f81c0753a096757763b9c29478d021a1b58d9893503 9340 fwbuilder_2.1.19-5.diff.gz
 a97738e669015956ac8198017ff58015915d1558ddb99f29edb8ccd9b423e931 388486 fwbuilder-common_2.1.19-5_all.deb
 fe188f1f865734149a8f2c517ca38297a86a367d79e166b91b3b1684f2be463c 158028 fwbuilder-doc_2.1.19-5_all.deb
 7723d3f91fa4dc4bb2fc49a828c330970bd0fc25a4112c8983466faaf4469ca5 1497994 fwbuilder_2.1.19-5_i386.deb
 3a24c17049353b7ab84274364763bd0b2f30df9e05c2d5874158e4a4e516e35f 344000 fwbuilder-linux_2.1.19-5_i386.deb
 e7cabbebfe40d077c491e3e674892c3dfc4233e8a31bd636760e354be0a47fbe 526774 fwbuilder-bsd_2.1.19-5_i386.deb
 fe50a5e1f493807119cce73c3ec9a79d127f3b8b78b9d4f0c72e0cf2788669ff 381878 fwbuilder-cisco_2.1.19-5_i386.deb
 ab3d68435d14db92242ae14b3e7917a72544b1efb70abffbc25c44a362d030b9 15992960 fwbuilder-dbg_2.1.19-5_i386.deb
Files: 
 7d5bb352c2df9b2ecfba238b43d862ed 1470 net optional fwbuilder_2.1.19-5.dsc
 af065c1865229c5a52f4e2e10e8c2978 9340 net optional fwbuilder_2.1.19-5.diff.gz
 2f04e63d505fd949cf51a82cb91057c7 388486 net optional fwbuilder-common_2.1.19-5_all.deb
 9d9cabdebc30c63d8b0ea50fa28e1142 158028 doc optional fwbuilder-doc_2.1.19-5_all.deb
 f68835b89cb29f0b7207c0d5bf3fe2e0 1497994 net optional fwbuilder_2.1.19-5_i386.deb
 d6cf7f6c56b0e2b99f88d9be8b47373b 344000 net optional fwbuilder-linux_2.1.19-5_i386.deb
 7f414f6b806442c0e60f7ad5173bde65 526774 net optional fwbuilder-bsd_2.1.19-5_i386.deb
 d49101caef2b847b7387d736a94b54a5 381878 net optional fwbuilder-cisco_2.1.19-5_i386.deb
 92e45fce12914a4dd6bb6ba41a30c924 15992960 net extra fwbuilder-dbg_2.1.19-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAki73dIACgkQiOXXM92JlhAZ0ACfVPjfQ9+2hMA0M4ZFAPon/XNs
lFsAmwUO1XczP9Y8pEqWwqk7IaZMqGj/
=VNs2
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Feb 2009 07:41:42 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 19:10:25 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.