Debian Bug report logs - #496418
The possibility of attack with the help of symlinks in some Debian packages

version graph

Package: r-base-core; Maintainer for r-base-core is Dirk Eddelbuettel <edd@debian.org>; Source for r-base-core is src:r-base.

Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>

Date: Sun, 24 Aug 2008 18:11:38 UTC

Severity: grave

Tags: confirmed

Fixed in versions r-base/2.7.2-1, r-base/2.7.1-1+lenny1

Done: Thijs Kinkhorst <thijs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Dirk Eddelbuettel <edd@debian.org>:
Bug#496418; Package r-base-core. Full text and rfc822 format available.

Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to Dirk Eddelbuettel <edd@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: submit@bugs.debian.org
Cc: dimka@uvw.ru
Subject: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 22:05:29 +0400
Package: r-base-core
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
    http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
    file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
    file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
    file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
    file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
    file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
    file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
    file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
    file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
    file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
    file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
    file: /usr/share/dtc/admin/accesslog.php
    file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
    file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
    file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
    file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
    file: /usr/share/linuxtrade/bin/linuxtrade.wn
    file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
    file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
    file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
    file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
    file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
    file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
    file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
    file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
    file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
    file: /usr/bin/impose
Binary-package: mgt (2.31-5)
    file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
    file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
    file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
    file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
    file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
    file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
    file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
    file: /usr/lib/lmbench/scripts/rccs
    file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
    file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
    file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
    file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
    file: /usr/bin/optics2rad
    file: /usr/bin/pdelta
    file: /usr/bin/dayfact
    file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
    file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
    file: /usr/share/convirt/image_store/_template_/provision.sh
    file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
    file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/common/provision.sh
    file: /usr/share/convirt/image_store/example/provision.sh
    file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
    file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
    file: /usr/lib/R/bin/javareconf
    file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
    file: /usr/share/xmcd/scripts/ncsarmt
    file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
    file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
    file: /usr/lib/scilab-4.1.2/bin/scilink
    file: /usr/lib/scilab-4.1.2/util/scidoc
    file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
    file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
    file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
    file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
    file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
    file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
    file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
    file: /usr/sbin/checksendmail
    file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
    file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
    file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
    file: /usr/bin/patcil
    file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
    file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
    file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
    file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
    file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
    file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
    file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
    file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
    file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
    file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
    file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
    file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
    file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
    file: /usr/lib/arb/SH/arb_fastdnaml
    file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
    file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
    file: /usr/bin/apertium-gen-deformat
    file: /usr/bin/apertium-gen-reformat
    file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
    file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
    file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
    file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
    file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
    file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
    file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
    file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
    file: /var/lib/wims/public_html/bin/coqweb
    file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
    file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
    file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
    file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
    file: /usr/share/bulmages/examples/scripts/actualizabulmacont
    file: /usr/share/bulmages/examples/scripts/installbulmages-db
    file: /usr/share/bulmages/examples/scripts/creabulmafact
    file: /usr/share/bulmages/examples/scripts/creabulmacont
    file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
    file: /usr/lib/xastir/get-maptools.sh
    file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
    file: /usr/bin/plaiter
    file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
    file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
    file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
    file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
    file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#496418; Package r-base-core. Full text and rfc822 format available.

Acknowledgement sent to Dirk Eddelbuettel <edd@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 496418@bugs.debian.org (full text, mbox):

From: Dirk Eddelbuettel <edd@debian.org>
To: "Dmitry E. Oboukhov" <dimka@uvw.ru>, 496418@bugs.debian.org
Subject: Re: Bug#496418: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 19:15:00 -0500
This is the same as the one I just answered for r-base-core-ra as
r-base-core-ra is an extension/specialisation of r-base-core.

So again:

# test functionality of the compiler
javac_works='not present'
if test -n "$JAVAC"; then
    javac_works='not functional'
    rm -rf /tmp/A.java /tmp/A.class
    echo "public class A { }" > /tmp/A.java
    if test -e /tmp/A.java; then
        if "${JAVAC}" /tmp/A.java >/dev/null; then
            if test -e /tmp/A.class; then
                javac_works=yes
            fi
        fi
    fi
    rm -rf /tmp/A.java /tmp/A.class
fi


rm just before file creation should prevent any symlink attack vectors, no?

Dirk

-- 
Three out of two people have difficulties with fractions.




Information forwarded to debian-bugs-dist@lists.debian.org, Dirk Eddelbuettel <edd@debian.org>:
Bug#496418; Package r-base-core. Full text and rfc822 format available.

Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to Dirk Eddelbuettel <edd@debian.org>. Full text and rfc822 format available.

Message #15 received at 496418@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: Dirk Eddelbuettel <edd@debian.org>, 496418@bugs.debian.org
Cc: "Dmitry E. Oboukhov" <dimka@uvw.ru>
Subject: Re: Bug#496418: The possibility of attack with the help of symlinks in some Debian packages
Date: Mon, 25 Aug 2008 01:43:35 +0100
[Message part 1 (text/plain, inline)]
This one time, at band camp, Dirk Eddelbuettel said:
> 
> This is the same as the one I just answered for r-base-core-ra as
> r-base-core-ra is an extension/specialisation of r-base-core.
> 
> So again:
> 
> # test functionality of the compiler
> javac_works='not present'
> if test -n "$JAVAC"; then
>     javac_works='not functional'
>     rm -rf /tmp/A.java /tmp/A.class
>     echo "public class A { }" > /tmp/A.java
>     if test -e /tmp/A.java; then
>         if "${JAVAC}" /tmp/A.java >/dev/null; then
>             if test -e /tmp/A.class; then
>                 javac_works=yes
>             fi
>         fi
>     fi
>     rm -rf /tmp/A.java /tmp/A.class
> fi
> 
> 
> rm just before file creation should prevent any symlink attack vectors, no?

No.
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#496418; Package r-base-core. Full text and rfc822 format available.

Acknowledgement sent to Dirk Eddelbuettel <edd@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #20 received at 496418@bugs.debian.org (full text, mbox):

From: Dirk Eddelbuettel <edd@debian.org>
To: Stephen Gran <sgran@debian.org>
Cc: Dirk Eddelbuettel <edd@debian.org>, 496418@bugs.debian.org, "Dmitry E. Oboukhov" <dimka@uvw.ru>
Subject: Re: Bug#496418: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 19:56:41 -0500
On 25 August 2008 at 01:43, Stephen Gran wrote:
| This one time, at band camp, Dirk Eddelbuettel said:
| > 
| > This is the same as the one I just answered for r-base-core-ra as
| > r-base-core-ra is an extension/specialisation of r-base-core.
| > 
| > So again:
| > 
| > # test functionality of the compiler
| > javac_works='not present'
| > if test -n "$JAVAC"; then
| >     javac_works='not functional'
| >     rm -rf /tmp/A.java /tmp/A.class
| >     echo "public class A { }" > /tmp/A.java
| >     if test -e /tmp/A.java; then
| >         if "${JAVAC}" /tmp/A.java >/dev/null; then
| >             if test -e /tmp/A.class; then
| >                 javac_works=yes
| >             fi
| >         fi
| >     fi
| >     rm -rf /tmp/A.java /tmp/A.class
| > fi
| > 
| > 
| > rm just before file creation should prevent any symlink attack vectors, no?
| 
| No.

Allright, so what is a better way?  Use of tempfile(1) or mktemp(1) ?

Dirk


| -- 
|  -----------------------------------------------------------------
| |   ,''`.                                            Stephen Gran |
| |  : :' :                                        sgran@debian.org |
| |  `. `'                        Debian user, admin, and developer |
| |    `-                                     http://www.debian.org |
|  -----------------------------------------------------------------

-- 
Three out of two people have difficulties with fractions.




Information forwarded to debian-bugs-dist@lists.debian.org, Dirk Eddelbuettel <edd@debian.org>:
Bug#496418; Package r-base-core. Full text and rfc822 format available.

Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to Dirk Eddelbuettel <edd@debian.org>. Full text and rfc822 format available.

Message #25 received at 496418@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: Dirk Eddelbuettel <edd@debian.org>
Cc: 496418@bugs.debian.org, "Dmitry E. Oboukhov" <dimka@uvw.ru>
Subject: Re: Bug#496418: The possibility of attack with the help of symlinks in some Debian packages
Date: Mon, 25 Aug 2008 02:16:00 +0100
[Message part 1 (text/plain, inline)]
This one time, at band camp, Dirk Eddelbuettel said:
> 
> On 25 August 2008 at 01:43, Stephen Gran wrote:
> | This one time, at band camp, Dirk Eddelbuettel said:
> | > 
> | > This is the same as the one I just answered for r-base-core-ra as
> | > r-base-core-ra is an extension/specialisation of r-base-core.
> | > 
> | > So again:
> | > 
> | > # test functionality of the compiler
> | > javac_works='not present'
> | > if test -n "$JAVAC"; then
> | >     javac_works='not functional'
> | >     rm -rf /tmp/A.java /tmp/A.class
> | >     echo "public class A { }" > /tmp/A.java
> | >     if test -e /tmp/A.java; then
> | >         if "${JAVAC}" /tmp/A.java >/dev/null; then
> | >             if test -e /tmp/A.class; then
> | >                 javac_works=yes
> | >             fi
> | >         fi
> | >     fi
> | >     rm -rf /tmp/A.java /tmp/A.class
> | > fi
> | > 
> | > 
> | > rm just before file creation should prevent any symlink attack vectors, no?
> | 
> | No.
> 
> Allright, so what is a better way?  Use of tempfile(1) or mktemp(1) ?

Yes, something like that would be better - the current approach leaves a
small but exploitable race condition.  I have no opinion on whether the
race condition matters in practice, of course, but my gut says that the
extra effort to use safe coding practices is so small that it's probably 
worth it.
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Dirk Eddelbuettel <edd@debian.org>:
Bug#496418; Package r-base-core. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Dirk Eddelbuettel <edd@debian.org>. Full text and rfc822 format available.

Message #30 received at 496418@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 496418@bugs.debian.org
Subject: Re: Bug#496418: The possibility of attack with the help of symlinks in some Debian packages
Date: Mon, 25 Aug 2008 13:16:36 +0200
[Message part 1 (text/plain, inline)]
> Yes, something like that would be better - the current approach leaves a
> small but exploitable race condition.  I have no opinion on whether the
> race condition matters in practice, of course, but my gut says that the
> extra effort to use safe coding practices is so small that it's probably 
> worth it.

Yes, please fix this for lenny. Thanks!


Thijs
[Message part 2 (application/pgp-signature, inline)]

Tags added: confirmed Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Mon, 25 Aug 2008 11:18:08 GMT) Full text and rfc822 format available.

Reply sent to Dirk Eddelbuettel <edd@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #37 received at 496418-close@bugs.debian.org (full text, mbox):

From: Dirk Eddelbuettel <edd@debian.org>
To: 496418-close@bugs.debian.org
Subject: Bug#496418: fixed in r-base 2.7.2-1
Date: Mon, 25 Aug 2008 12:02:20 +0000
Source: r-base
Source-Version: 2.7.2-1

We believe that the bug you reported is fixed in the latest version of
r-base, which is due to be installed in the Debian FTP archive:

r-base-core-dbg_2.7.2-1_i386.deb
  to pool/main/r/r-base/r-base-core-dbg_2.7.2-1_i386.deb
r-base-core_2.7.2-1_i386.deb
  to pool/main/r/r-base/r-base-core_2.7.2-1_i386.deb
r-base-dev_2.7.2-1_all.deb
  to pool/main/r/r-base/r-base-dev_2.7.2-1_all.deb
r-base-html_2.7.2-1_all.deb
  to pool/main/r/r-base/r-base-html_2.7.2-1_all.deb
r-base-latex_2.7.2-1_all.deb
  to pool/main/r/r-base/r-base-latex_2.7.2-1_all.deb
r-base_2.7.2-1.diff.gz
  to pool/main/r/r-base/r-base_2.7.2-1.diff.gz
r-base_2.7.2-1.dsc
  to pool/main/r/r-base/r-base_2.7.2-1.dsc
r-base_2.7.2-1_all.deb
  to pool/main/r/r-base/r-base_2.7.2-1_all.deb
r-base_2.7.2.orig.tar.gz
  to pool/main/r/r-base/r-base_2.7.2.orig.tar.gz
r-doc-html_2.7.2-1_all.deb
  to pool/main/r/r-base/r-doc-html_2.7.2-1_all.deb
r-doc-info_2.7.2-1_all.deb
  to pool/main/r/r-base/r-doc-info_2.7.2-1_all.deb
r-doc-pdf_2.7.2-1_all.deb
  to pool/main/r/r-base/r-doc-pdf_2.7.2-1_all.deb
r-mathlib_2.7.2-1_i386.deb
  to pool/main/r/r-base/r-mathlib_2.7.2-1_i386.deb
r-recommended_2.7.2-1_all.deb
  to pool/main/r/r-base/r-recommended_2.7.2-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496418@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dirk Eddelbuettel <edd@debian.org> (supplier of updated r-base package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 25 Aug 2008 06:37:14 -0500
Source: r-base
Binary: r-base r-base-core r-base-dev r-mathlib r-base-html r-base-latex r-doc-pdf r-doc-html r-doc-info r-recommended r-base-core-dbg
Architecture: source i386 all
Version: 2.7.2-1
Distribution: unstable
Urgency: low
Maintainer: Dirk Eddelbuettel <edd@debian.org>
Changed-By: Dirk Eddelbuettel <edd@debian.org>
Description: 
 r-base     - GNU R statistical computing language and environment
 r-base-core - GNU R core of statistical computing language and environment
 r-base-core-dbg - GNU R debug symbols for statistical comp. language and environmen
 r-base-dev - GNU R installation of auxiliary GNU R packages
 r-base-html - GNU R html docs for statistical computing system functions
 r-base-latex - GNU R LaTeX docs for statistical computing system functions
 r-doc-html - GNU R html manuals for statistical computing system
 r-doc-info - GNU R info manuals statistical computing system
 r-doc-pdf  - GNU R pdf manuals for statistical computing system
 r-mathlib  - GNU R standalone mathematics library
 r-recommended - GNU R collection of recommended packages [metapackage]
Closes: 496418
Changes: 
 r-base (2.7.2-1) unstable; urgency=low
 .
   * New upstream version released a few hours ago
 .
   * src/scripts/javareconf: Replace use of /tmp with result of
     `mktemp -t -d` to avoid symlink attacks		(Closes: #496418)
Checksums-Sha1: 
 e94cb7240e11e1a9b49f0312368a7d234406822e 1664 r-base_2.7.2-1.dsc
 0de9f00ae58e67840fc2daab8973d37d97d78535 16466658 r-base_2.7.2.orig.tar.gz
 f02349ee14c4fe9bf2bd437ad3870d75d376dfe8 62546 r-base_2.7.2-1.diff.gz
 364b58f6f19e50c8e29717fbb2f6d0918c662583 10279602 r-base-core_2.7.2-1_i386.deb
 fafe40d3135e91179e695297cd1ca40030204235 497330 r-mathlib_2.7.2-1_i386.deb
 1be65bdffd4aea90f5bedc58ad550bb9e6086620 2330102 r-base-core-dbg_2.7.2-1_i386.deb
 323e8f670b1fa39dca5d3d4905218ab483a0d474 29764 r-base_2.7.2-1_all.deb
 e15840d65a2ead233157c21f5a4fc5edfd5033a5 2920 r-base-dev_2.7.2-1_all.deb
 93ce1cb426b658ec6d517df1dc8a6b560d7c3bc8 1286006 r-base-html_2.7.2-1_all.deb
 86300486f6f15e9691ec2fc6911e4a5977b9c050 1198618 r-base-latex_2.7.2-1_all.deb
 5c649a5f56e5e03704ed442589c6440b8c826852 6698876 r-doc-pdf_2.7.2-1_all.deb
 b090751d3e2676e2a906eb85b4d988077c304c36 605704 r-doc-html_2.7.2-1_all.deb
 6fde7901b1f4001bf08428b689d7e8973fd24ca0 529346 r-doc-info_2.7.2-1_all.deb
 c791fd07562fb0e25d4c431ed3154fa739d0a2af 2192 r-recommended_2.7.2-1_all.deb
Checksums-Sha256: 
 f488f5ab911168ed501cb24f4ff03c4b9db3fd7fc27500e3f23743354af09fc6 1664 r-base_2.7.2-1.dsc
 7184c1f85fafce518e6dbccb5a64ba47a62d8694c7019da0e1c1e83ff98c3ff4 16466658 r-base_2.7.2.orig.tar.gz
 7686beec046c6ca9c6b7f6c39af067e925f3e18f7a9636a132f02d5ce503d101 62546 r-base_2.7.2-1.diff.gz
 cce084b72909eba25026a07ddbb3ccda5581abe5002a6de50fa9830f74b7133b 10279602 r-base-core_2.7.2-1_i386.deb
 dc8a6dcebedc3c2a35d63de5d653cb9d7c396e253010897ba120818532cb4bc7 497330 r-mathlib_2.7.2-1_i386.deb
 2b558f12787fe83533e80abc124cbad2ae8b7a708dd4929caf4dd77054e42665 2330102 r-base-core-dbg_2.7.2-1_i386.deb
 31195d7bf9dfbc26b592650aa615a7d3cb82799f9c95344390b3a76a8b3044b0 29764 r-base_2.7.2-1_all.deb
 07dcee7a5a47c84f6e70bae547e4b98b6fe4f413ea9cab6e7358d6ffa07b785d 2920 r-base-dev_2.7.2-1_all.deb
 866aface6305b5d5ed2d2b6ead8c7fc11152c8ffc6a07424749839b95b3c4a29 1286006 r-base-html_2.7.2-1_all.deb
 f97ed56aab2052a386e74e50f2c065ce0a0cf49e199c286ab0ccb4df21ea3dd4 1198618 r-base-latex_2.7.2-1_all.deb
 c0bb62fcd2fb7e3f67f7f933e8d81fd2c10e118aaecc51ea095544089f04817f 6698876 r-doc-pdf_2.7.2-1_all.deb
 d6c3d6bb74372a8c5528160e25440788f61d6e578760996110ed9a1b15584ded 605704 r-doc-html_2.7.2-1_all.deb
 acefa4f05ee1a6254306e2626c3c5dc117a491637b23796278faadbf0e4314c5 529346 r-doc-info_2.7.2-1_all.deb
 41429c3087745a9c227b25bb54fd6ac13035f8314d027a92ef7239b125abacdd 2192 r-recommended_2.7.2-1_all.deb
Files: 
 f2221fafdcc825db25c8cfe37342ce27 1664 math optional r-base_2.7.2-1.dsc
 6122945e9301825b97a506151b3cefde 16466658 math optional r-base_2.7.2.orig.tar.gz
 caba9b66001da8bab2064cffa8f53860 62546 math optional r-base_2.7.2-1.diff.gz
 4b0a9696f195b5ac2e94615b6eaeffd8 10279602 math optional r-base-core_2.7.2-1_i386.deb
 7794253cd7c6afb7508f0fce05e5e5a0 497330 math optional r-mathlib_2.7.2-1_i386.deb
 9868ac74186a81c7948c253a3364c248 2330102 math extra r-base-core-dbg_2.7.2-1_i386.deb
 fa2e56c1070320136e9554a6788e1bc4 29764 math optional r-base_2.7.2-1_all.deb
 9e670096397d4818970198a1bd3e8143 2920 devel optional r-base-dev_2.7.2-1_all.deb
 15b7ae1191a3be7ba6e86852e82a38c6 1286006 math extra r-base-html_2.7.2-1_all.deb
 d9cdd9e9207801956a22f35f87c5c927 1198618 math extra r-base-latex_2.7.2-1_all.deb
 2ef9201223664722099cb32f383f33aa 6698876 doc optional r-doc-pdf_2.7.2-1_all.deb
 eace7538efe0b1f9617b80f8c239c6b1 605704 doc optional r-doc-html_2.7.2-1_all.deb
 cdddc6b45569a843846d1a3eef0a577b 529346 doc optional r-doc-info_2.7.2-1_all.deb
 a30987f3348ad335c950f4a5f2a9f7e5 2192 math optional r-recommended_2.7.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIspxXCZSR95Gw07cRAqjbAJ9oNFUPMtWj/g6fXfOwlD5OufjTeACfSCJ6
b5NYcqv03kHA+MydWHtd7Js=
=vpg2
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Dirk Eddelbuettel <edd@debian.org>:
Bug#496418; Package r-base-core. (Tue, 28 Oct 2008 23:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Dirk Eddelbuettel <edd@debian.org>. (Tue, 28 Oct 2008 23:33:02 GMT) Full text and rfc822 format available.

Message #42 received at 496418@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 496418@bugs.debian.org
Subject: uploaded to testing-proposed-updates
Date: Wed, 29 Oct 2008 00:31:25 +0100
[Message part 1 (text/plain, inline)]
Hi,

Here's the patch I used for my upload to testing-proposed-updates to address 
this bug in lenny aswell.


cheers,
Thijs
[496418.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. (Tue, 28 Oct 2008 23:54:06 GMT) Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. (Tue, 28 Oct 2008 23:54:06 GMT) Full text and rfc822 format available.

Message #47 received at 496418-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 496418-close@bugs.debian.org
Subject: Bug#496418: fixed in r-base 2.7.1-1+lenny1
Date: Tue, 28 Oct 2008 23:32:10 +0000
Source: r-base
Source-Version: 2.7.1-1+lenny1

We believe that the bug you reported is fixed in the latest version of
r-base, which is due to be installed in the Debian FTP archive:

r-base-core-dbg_2.7.1-1+lenny1_i386.deb
  to pool/main/r/r-base/r-base-core-dbg_2.7.1-1+lenny1_i386.deb
r-base-core_2.7.1-1+lenny1_i386.deb
  to pool/main/r/r-base/r-base-core_2.7.1-1+lenny1_i386.deb
r-base-dev_2.7.1-1+lenny1_all.deb
  to pool/main/r/r-base/r-base-dev_2.7.1-1+lenny1_all.deb
r-base-html_2.7.1-1+lenny1_all.deb
  to pool/main/r/r-base/r-base-html_2.7.1-1+lenny1_all.deb
r-base-latex_2.7.1-1+lenny1_all.deb
  to pool/main/r/r-base/r-base-latex_2.7.1-1+lenny1_all.deb
r-base_2.7.1-1+lenny1.diff.gz
  to pool/main/r/r-base/r-base_2.7.1-1+lenny1.diff.gz
r-base_2.7.1-1+lenny1.dsc
  to pool/main/r/r-base/r-base_2.7.1-1+lenny1.dsc
r-base_2.7.1-1+lenny1_all.deb
  to pool/main/r/r-base/r-base_2.7.1-1+lenny1_all.deb
r-doc-html_2.7.1-1+lenny1_all.deb
  to pool/main/r/r-base/r-doc-html_2.7.1-1+lenny1_all.deb
r-doc-info_2.7.1-1+lenny1_all.deb
  to pool/main/r/r-base/r-doc-info_2.7.1-1+lenny1_all.deb
r-doc-pdf_2.7.1-1+lenny1_all.deb
  to pool/main/r/r-base/r-doc-pdf_2.7.1-1+lenny1_all.deb
r-mathlib_2.7.1-1+lenny1_i386.deb
  to pool/main/r/r-base/r-mathlib_2.7.1-1+lenny1_i386.deb
r-recommended_2.7.1-1+lenny1_all.deb
  to pool/main/r/r-base/r-recommended_2.7.1-1+lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496418@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated r-base package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 28 Oct 2008 22:38:33 +0000
Source: r-base
Binary: r-base r-base-core r-base-dev r-mathlib r-base-html r-base-latex r-doc-pdf r-doc-html r-doc-info r-recommended r-base-core-dbg
Architecture: source i386 all
Version: 2.7.1-1+lenny1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Dirk Eddelbuettel <edd@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 r-base     - GNU R statistical computing language and environment
 r-base-core - GNU R core of statistical computing language and environment
 r-base-core-dbg - GNU R debug symbols for statistical comp. language and environmen
 r-base-dev - GNU R installation of auxiliary GNU R packages
 r-base-html - GNU R html docs for statistical computing system functions
 r-base-latex - GNU R LaTeX docs for statistical computing system functions
 r-doc-html - GNU R html manuals for statistical computing system
 r-doc-info - GNU R info manuals statistical computing system
 r-doc-pdf  - GNU R pdf manuals for statistical computing system
 r-mathlib  - GNU R standalone mathematics library
 r-recommended - GNU R collection of recommended packages [metapackage]
Closes: 496418
Changes: 
 r-base (2.7.1-1+lenny1) testing-proposed-updates; urgency=low
 .
   * Non-maintainer upload.
   * Port temp file race in src/scripts/javareconf from 2.7.2-1.
     (CVE-2008-3931, closes: 496418)
Checksums-Sha1: 
 301308037a13a3ede606dbb1351a8cb2140ea00c 1984 r-base_2.7.1-1+lenny1.dsc
 ef0bacaee90efabb4bbe74e8d98fbe73a86fbceb 57395 r-base_2.7.1-1+lenny1.diff.gz
 db462500f67b4775f17844c01fe99b59b067ca63 10302426 r-base-core_2.7.1-1+lenny1_i386.deb
 2998ef65743852a0b410efbbc0c2981a1e4d1fef 493940 r-mathlib_2.7.1-1+lenny1_i386.deb
 56b4ef5d3a1e1f3e86bfad0735869a6873640404 2335604 r-base-core-dbg_2.7.1-1+lenny1_i386.deb
 28b2865516d38a891200fc88c5fb19485ee0d9f8 29704 r-base_2.7.1-1+lenny1_all.deb
 4d257aa61f3791b700570da384c3f86f557c3f3d 2930 r-base-dev_2.7.1-1+lenny1_all.deb
 72670fa70916f67ddda93ca017cf687ce30b7da6 1281312 r-base-html_2.7.1-1+lenny1_all.deb
 02eed19ed5b3e33d8165f7a50484fe9acefd5a96 1198862 r-base-latex_2.7.1-1+lenny1_all.deb
 a3798637fddc4603c75982b0debad6c5a2501cda 6678034 r-doc-pdf_2.7.1-1+lenny1_all.deb
 d40a0c098534bbc5dc2e1cf502950ff9b77d4a88 602398 r-doc-html_2.7.1-1+lenny1_all.deb
 836953fa076daf4e39fbf7656e8041ec1f9a9569 526484 r-doc-info_2.7.1-1+lenny1_all.deb
 080e72485324bd87ce158552ad59235ff8adc254 2208 r-recommended_2.7.1-1+lenny1_all.deb
Checksums-Sha256: 
 c6b34d83ccd2c4b4220469e6aaa5fdf06b2f203413250be518579b0e9bf97db4 1984 r-base_2.7.1-1+lenny1.dsc
 71b3860d10ef327dd31786f74ae80dd7f03e78f725d9029e222f34d51829c7e8 57395 r-base_2.7.1-1+lenny1.diff.gz
 49c9b766f0d56d7ba5278dee90886ce62678676346f41620c32ad96c30e11494 10302426 r-base-core_2.7.1-1+lenny1_i386.deb
 b15c627780e23a139e845c934c1e77335dbb0e269e397a39a045c7485089e267 493940 r-mathlib_2.7.1-1+lenny1_i386.deb
 bcfc9967d2adb65235bc92a568f291394c4bc2662e1bd7cf7f01bb3393d58c6a 2335604 r-base-core-dbg_2.7.1-1+lenny1_i386.deb
 719f44bd1024ff7dd018105d7cc2af5edf6593fa75fa6939f4cfcba652e286cb 29704 r-base_2.7.1-1+lenny1_all.deb
 0ec6ea35a027c40c5ef77ad3a0a408031b0434a3493ce501af36e446e694d593 2930 r-base-dev_2.7.1-1+lenny1_all.deb
 7934018a98893114f7d43fbda1bde0d144bb9095ddea79d99d282ed106857a20 1281312 r-base-html_2.7.1-1+lenny1_all.deb
 8e431e2c520bd800c136c587706c995925cfc9f56f05493d3bec885410ca980c 1198862 r-base-latex_2.7.1-1+lenny1_all.deb
 79e11b2a7d48e1c2bdcda1563408a35e3a5333cc92bd400ee1a31bee442a8c2d 6678034 r-doc-pdf_2.7.1-1+lenny1_all.deb
 cc8477e6f5f7eb85e1798c3576d43df9b61f06c9b6a8fa0757e52a5a57a8f96e 602398 r-doc-html_2.7.1-1+lenny1_all.deb
 a0d863a2ac5f658b4bdec2137826122267d2be34378787312e964a9a7b13ce0a 526484 r-doc-info_2.7.1-1+lenny1_all.deb
 aa30f93f3622ca71c3b83261fec631fddee886c73be6a3fc61c5d79f91050243 2208 r-recommended_2.7.1-1+lenny1_all.deb
Files: 
 d93f18938546e44c24b39b769df74c2a 1984 math optional r-base_2.7.1-1+lenny1.dsc
 724394b4591180a4f21391fea7002112 57395 math optional r-base_2.7.1-1+lenny1.diff.gz
 592e84356874fd5cba915de780910370 10302426 math optional r-base-core_2.7.1-1+lenny1_i386.deb
 cb9f8fc65d8d77f91a738038e569a1b3 493940 math optional r-mathlib_2.7.1-1+lenny1_i386.deb
 f85728833a637a44c103691bbe896e1b 2335604 math extra r-base-core-dbg_2.7.1-1+lenny1_i386.deb
 443d7ac72283805c4c7e45b1a03ceb27 29704 math optional r-base_2.7.1-1+lenny1_all.deb
 d87f680006503844c8132b6264b3ec06 2930 devel optional r-base-dev_2.7.1-1+lenny1_all.deb
 8051cf9672ac6f30856de9096f2ce5cf 1281312 math extra r-base-html_2.7.1-1+lenny1_all.deb
 a0e7202715799bbaa6da7ff23bf20b21 1198862 math extra r-base-latex_2.7.1-1+lenny1_all.deb
 3953f092ff57a3d30558e591b8b5f7d4 6678034 doc optional r-doc-pdf_2.7.1-1+lenny1_all.deb
 87548e040e8f679ebf970b0e008c8fe1 602398 doc optional r-doc-html_2.7.1-1+lenny1_all.deb
 60818fc16517a3a4da9f081f1beee280 526484 doc optional r-doc-info_2.7.1-1+lenny1_all.deb
 9e81f875b304c5fead55621b364b24de 2208 math optional r-recommended_2.7.1-1+lenny1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSQedd2z0hbPcukPfAQLCNgf+KEDfAa08rdcEGJPj19OdNMq+Ek9nJGsb
Iz+QxnzxLJSMiqChvl8T1DVY8w1So8SC0TvoOR7q7OcMbHeNL2FtMRqJGUHkoE3b
FaBtKnPqm0evSf4EMm+N6JDmfHRYtoCKZ8850/CZpSxKeJA62cg4yuy0tDiD/yiG
RaTGykP2qAr8kucz1PU9tqEBqjMz6dvwFJ4VG7j9YVx0MSzhpEJ+pjeqB3BeegKD
ozMgzoNsC5/aoYxEtmJfZRWM26X/yvhd6ql+Ia0HWNfFGyVk0gn+Ob6Sm0VxDrJF
eyF/xJ6PY966Ic3ADccFLz6dZkpNc+bplXPlEILuSv7bLnl4dAGZHg==
=VlFE
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#496418; Package r-base-core. (Wed, 29 Oct 2008 03:18:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Dirk Eddelbuettel <edd@debian.org>:
Extra info received and forwarded to list. (Wed, 29 Oct 2008 03:18:02 GMT) Full text and rfc822 format available.

Message #52 received at 496418@bugs.debian.org (full text, mbox):

From: Dirk Eddelbuettel <edd@debian.org>
To: Thijs Kinkhorst <thijs@debian.org>, 496418@bugs.debian.org
Subject: Re: Bug#496418: uploaded to testing-proposed-updates
Date: Tue, 28 Oct 2008 22:15:49 -0500
Thijs,

On 29 October 2008 at 00:31, Thijs Kinkhorst wrote:
| Hi,
| 
| Here's the patch I used for my upload to testing-proposed-updates to address 
| this bug in lenny aswell.

Thanks for doing that, I really appreciate it.

May I ask two questionWhat I don't understand is

i)  why didn't my 2.7.1-2 with the timely initial patch get through?  Should
    I have uploaded to t-p-u ?

ii) why didn't you ping me?  I could have taken this load off your shoulders.

Anyway, good to see it fixed.

Cheers, Dirk

-- 
Three out of two people have difficulties with fractions.




Information forwarded to debian-bugs-dist@lists.debian.org, Dirk Eddelbuettel <edd@debian.org>:
Bug#496418; Package r-base-core. (Wed, 29 Oct 2008 20:09:22 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Dirk Eddelbuettel <edd@debian.org>. (Wed, 29 Oct 2008 20:09:24 GMT) Full text and rfc822 format available.

Message #57 received at 496418@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: Dirk Eddelbuettel <edd@debian.org>
Cc: 496418@bugs.debian.org
Subject: Re: Bug#496418: uploaded to testing-proposed-updates
Date: Wed, 29 Oct 2008 20:35:13 +0100
[Message part 1 (text/plain, inline)]
Hi Dirk,

On Wednesday 29 October 2008 04:15, Dirk Eddelbuettel wrote:
> i)  why didn't my 2.7.1-2 with the timely initial patch get through? 
> Should I have uploaded to t-p-u ?

I'm not sure, it's a bit hard to reproduce now what factors caused that at 
that time.

> ii) why didn't you ping me?  I could have taken this load off your
> shoulders.

I just had a bit of time to fix an RC bug, so I went ahead and took one which 
went unfixed for a prolonged period of time.


cheers,
Thijs
[Message part 2 (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Feb 2009 07:51:21 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 16:18:15 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.