Debian Bug report logs - #521107
unsafe /tmp usage

version graph

Package: xfs; Maintainer for xfs is Debian QA Group <packages@qa.debian.org>; Source for xfs is src:xfs.

Reported by: Kees Cook <kees@debian.org>

Date: Tue, 24 Mar 2009 21:51:06 UTC

Severity: normal

Tags: security

Found in version xfs/1:1.0.8-2.1

Fixed in versions xfs/1:1.0.8-6, xfs/1:1.0.8-2.2+lenny1

Done: Luciano Bello <luciano@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#521107; Package xfs. (Tue, 24 Mar 2009 21:51:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kees Cook <kees@debian.org>:
New Bug report received and forwarded. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Tue, 24 Mar 2009 21:51:09 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Kees Cook <kees@debian.org>
To: Debian Bugs <submit@bugs.debian.org>
Subject: unsafe /tmp usage
Date: Tue, 24 Mar 2009 14:50:25 -0700
Package: xfs
Version: 1:1.0.8-2.1
Severity: normal
Tags: security
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu jaunty

Hello,

There is a bug in the Ubuntu bug tracker about xfs's init script being used
in an unsafe fashion.  It seems that OpenSUSE has solved this as well:

"set_up_socket_dir moves /tmp/.font-unix to /tmp/.font-unix.$$.
Unfortunately $$ is predictable and there is no test, that
/tmp/.font-unix.$$ does not already exist. So especially symlink attacks
are possible. The attack is only possible, if /tmp/.font-unix does not
already exist. Then an attacker could create an /tmp/.font-unix file (not
directory) and create some symlinks in the form /tmp/.font-unix.XXXX (where
XXXX are possible PID numbers). The start script than moves /tmp/.font-unix
to an symlinked directory /tmp/.font-unix.XXXX."

-Kees

[1] https://bugs.launchpad.net/bugs/299560
[2] https://bugzilla.novell.com/show_bug.cgi?id=408006

-- 
Kees Cook                                            @debian.org




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#521107; Package xfs. (Wed, 25 Mar 2009 13:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Wed, 25 Mar 2009 13:03:06 GMT) Full text and rfc822 format available.

Message #10 received at 521107@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Kees Cook <kees@debian.org>, 521107@bugs.debian.org
Subject: Re: Bug#521107: unsafe /tmp usage
Date: Wed, 25 Mar 2009 14:03:14 +0100
On Tue, 2009-03-24 at 14:50 -0700, Kees Cook wrote:
> There is a bug in the Ubuntu bug tracker about xfs's init script being used
> in an unsafe fashion.  It seems that OpenSUSE has solved this as well:
> 
> "set_up_socket_dir moves /tmp/.font-unix to /tmp/.font-unix.$$.
> Unfortunately $$ is predictable and there is no test, that
> /tmp/.font-unix.$$ does not already exist. So especially symlink attacks
> are possible. The attack is only possible, if /tmp/.font-unix does not
> already exist. Then an attacker could create an /tmp/.font-unix file (not
> directory) and create some symlinks in the form /tmp/.font-unix.XXXX (where
> XXXX are possible PID numbers). The start script than moves /tmp/.font-unix
> to an symlinked directory /tmp/.font-unix.XXXX."

Do we want to keep shipping xfs in squeeze?  What are its use cases
these days?

Cheers,
Julien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#521107; Package xfs. (Wed, 25 Mar 2009 15:57:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kees Cook <kees@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Wed, 25 Mar 2009 15:57:02 GMT) Full text and rfc822 format available.

Message #15 received at 521107@bugs.debian.org (full text, mbox):

From: Kees Cook <kees@debian.org>
To: Julien Cristau <jcristau@debian.org>
Cc: 521107@bugs.debian.org
Subject: Re: Bug#521107: unsafe /tmp usage
Date: Wed, 25 Mar 2009 08:53:32 -0700
On Wed, Mar 25, 2009 at 02:03:14PM +0100, Julien Cristau wrote:
> Do we want to keep shipping xfs in squeeze?  What are its use cases
> these days?

I think there may be things like LTSP that use it (where client-side fonts
aren't much fun).  However, I'm not entirely certain since I stopped using
xfs a looong time ago.  :)

-- 
Kees Cook                                            @debian.org




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#521107; Package xfs. (Fri, 03 Apr 2009 22:09:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Fri, 03 Apr 2009 22:09:05 GMT) Full text and rfc822 format available.

Message #20 received at 521107@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 521107@bugs.debian.org
Subject: Re: unsafe /tmp usage
Date: Fri, 3 Apr 2009 23:55:25 +0200
On Tue, Mar 24, 2009 at 02:50:25PM -0700, Kees Cook wrote:
> Package: xfs
> Version: 1:1.0.8-2.1
> Severity: normal
> Tags: security
> User: ubuntu-devel@lists.ubuntu.com
> Usertags: origin-ubuntu jaunty
> 
> Hello,
> 
> There is a bug in the Ubuntu bug tracker about xfs's init script being used
> in an unsafe fashion.  It seems that OpenSUSE has solved this as well:
> 
> "set_up_socket_dir moves /tmp/.font-unix to /tmp/.font-unix.$$.
> Unfortunately $$ is predictable and there is no test, that
> /tmp/.font-unix.$$ does not already exist. So especially symlink attacks
> are possible. The attack is only possible, if /tmp/.font-unix does not
> already exist. Then an attacker could create an /tmp/.font-unix file (not
> directory) and create some symlinks in the form /tmp/.font-unix.XXXX (where
> XXXX are possible PID numbers). The start script than moves /tmp/.font-unix
> to an symlinked directory /tmp/.font-unix.XXXX."

This appears to be a re-introduction of the fix from xfs 1:1.0.4-2?

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#521107; Package xfs. (Thu, 14 May 2009 19:39:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Thu, 14 May 2009 19:39:02 GMT) Full text and rfc822 format available.

Message #25 received at 521107@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>, 521107@bugs.debian.org
Subject: Re: Bug#521107: unsafe /tmp usage
Date: Thu, 14 May 2009 21:36:12 +0200
On Fri, Apr  3, 2009 at 23:55:25 +0200, Moritz Muehlenhoff wrote:

> This appears to be a re-introduction of the fix from xfs 1:1.0.4-2?
> 
Not really, it was an incomplete fix.

Cheers,
Julien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#521107; Package xfs. (Tue, 20 Oct 2009 18:27:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Tue, 20 Oct 2009 18:27:06 GMT) Full text and rfc822 format available.

Message #30 received at 521107@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: 521107@bugs.debian.org
Subject: #521107: xfs, unsafe /tmp usage
Date: Tue, 20 Oct 2009 15:20:48 -0300
Maybe I'm missing something... but, why this doesn't fix the bug?

--- xfs.orig    2009-10-20 15:06:31.000000000 -0300
+++ xfs 2009-10-20 15:13:47.000000000 -0300
@@ -49,7 +49,8 @@
 set_up_socket_dir () {
   echo -n "Setting up X font server socket directory $SOCKET_DIR..."
   if [ -e $SOCKET_DIR ] && ! [ -d $SOCKET_DIR ]; then
-    mv $SOCKET_DIR $SOCKET_DIR.$$
+    $SOCKET_DIR_TMP=mktemp -d $SOCKET_DIR.XX
+    mv $SOCKET_DIR/* $SOCKET_DIR.$$
   fi
   mkdir -p $SOCKET_DIR
   chown 0:0 $SOCKET_DIR

luciano




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#521107; Package xfs. (Tue, 20 Oct 2009 19:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Tue, 20 Oct 2009 19:54:03 GMT) Full text and rfc822 format available.

Message #35 received at 521107@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: Julien Cristau <jcristau@debian.org>
Cc: 521107@bugs.debian.org
Subject: Re: #521107: unsafe /tmp usage in xfs (yes, I know that you orphan it)
Date: Tue, 20 Oct 2009 16:41:16 -0300
El Mar 20 Oct 2009, Julien Cristau escribió:
> this is completely broken, you're missing $() around the mktemp
> invocation, you're never using SOCKET_DIR_TMP, your mktemp call has
> only 2 X's, and you're not removing the existing $SOCKET_DIR.  So, what
> exactly are you trying to fix?

Sorry. 
-    mv $SOCKET_DIR $SOCKET_DIR.$$
+    $SOCKET_DIR_TMP=$(mktemp -d $SOCKET_DIR.XXXXX)
+    mv $SOCKET_DIR/* $SOCKET_DIR_TMP/

and I badcopied the bug number (is #521107)

The point is fix the Insecure Temporary File Creation Vulnerability.

luciano




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#521107; Package xfs. (Tue, 20 Oct 2009 21:15:42 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Tue, 20 Oct 2009 21:15:43 GMT) Full text and rfc822 format available.

Message #40 received at 521107@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Luciano Bello <luciano@debian.org>
Cc: 521107@bugs.debian.org
Subject: Re: #521107: unsafe /tmp usage in xfs (yes, I know that you orphan it)
Date: Tue, 20 Oct 2009 23:00:37 +0200
On Tue, Oct 20, 2009 at 16:41:16 -0300, Luciano Bello wrote:

> El Mar 20 Oct 2009, Julien Cristau escribió:
> > this is completely broken, you're missing $() around the mktemp
> > invocation, you're never using SOCKET_DIR_TMP, your mktemp call has
> > only 2 X's, and you're not removing the existing $SOCKET_DIR.  So, what
> > exactly are you trying to fix?
> 
> Sorry. 
> -    mv $SOCKET_DIR $SOCKET_DIR.$$
> +    $SOCKET_DIR_TMP=$(mktemp -d $SOCKET_DIR.XXXXX)
> +    mv $SOCKET_DIR/* $SOCKET_DIR_TMP/
> 
> and I badcopied the bug number (is #521107)
> 
> The point is fix the Insecure Temporary File Creation Vulnerability.
> 
It's still not clear to me what you think the above would fix.

Cheers,
Julien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#521107; Package xfs. (Tue, 17 Nov 2009 20:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Tue, 17 Nov 2009 20:06:03 GMT) Full text and rfc822 format available.

Message #45 received at 521107@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: Luciano Bello <luciano@debian.org>, Debian release coordination <debian-release@lists.debian.org>, 521107@bugs.debian.org
Subject: Re: s-p-u: security update for xfs package
Date: Tue, 17 Nov 2009 21:02:48 +0100
On Tue, Nov 17, 2009 at 19:10:01 +0000, Adam D. Barratt wrote:

> Hi,
> 
> On Tue, 2009-11-10 at 17:16 -0300, Luciano Bello wrote: 
> > (CC is appreciated. I'm not following this list)
> > 
> > Hey there,
> >     I would like to upload a new xfs package to stable in order to fix a the 
> > security issue 1447 [1], #521107 [2]. This was checked with the security team 
> > and is a non-dsa case.
> 
> >From reading the bug log for #521107, it appears that the maintainer
> disagrees either that there is an issue which requires fixing, or with
> the proposed fix (which of those two options is applicable wasn't
> entirely clear to me as there's no reply to his last message in the
> log).  Is that the case?
> 
This was clarified in a private discussion with Luciano, sorry for not
updating the bug log.

Luciano's last patch seems fine.  I still believe this is a pretty minor
issue, and I think it should be fixed in sid before being considered for
stable, but I don't have an objection to this update.

Cheers,
Julien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#521107; Package xfs. (Tue, 17 Nov 2009 20:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Tue, 17 Nov 2009 20:42:03 GMT) Full text and rfc822 format available.

Message #50 received at 521107@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Julien Cristau <jcristau@debian.org>
Cc: Luciano Bello <luciano@debian.org>, Debian release coordination <debian-release@lists.debian.org>, 521107@bugs.debian.org
Subject: Re: s-p-u: security update for xfs package
Date: Tue, 17 Nov 2009 20:17:16 +0000
On Tue, 2009-11-17 at 21:02 +0100, Julien Cristau wrote:
> On Tue, Nov 17, 2009 at 19:10:01 +0000, Adam D. Barratt wrote:
> > >From reading the bug log for #521107, it appears that the maintainer
> > disagrees either that there is an issue which requires fixing, or with
> > the proposed fix (which of those two options is applicable wasn't
> > entirely clear to me as there's no reply to his last message in the
> > log).  Is that the case?
> > 
> This was clarified in a private discussion with Luciano, sorry for not
> updating the bug log.

Ah; thanks for the clarification.

> Luciano's last patch seems fine.  I still believe this is a pretty minor
> issue, and I think it should be fixed in sid before being considered for
> stable, but I don't have an objection to this update.

>From a stable-update point-of-view, I'd also prefer that it was fixed in
unstable first.  It's a lot easier to fix sid if any unforeseen problems
arise. :)

Regards,

Adam




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#521107; Package xfs. (Wed, 18 Nov 2009 04:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Wed, 18 Nov 2009 04:36:03 GMT) Full text and rfc822 format available.

Message #55 received at 521107@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: Julien Cristau <jcristau@debian.org>, Debian release coordination <debian-release@lists.debian.org>, 521107@bugs.debian.org
Subject: Re: s-p-u: security update for xfs package
Date: Wed, 18 Nov 2009 01:25:37 -0300
El Mar 17 Nov 2009, Adam D. Barratt escribió:
> >From a stable-update point-of-view, I'd also prefer that it was fixed in
>
> unstable first.  It's a lot easier to fix sid if any unforeseen problems
> arise. :)

So, I made the QA upload few minutes ago.

luciano




Reply sent to Luciano Bello <luciano@debian.org>:
You have taken responsibility. (Wed, 18 Nov 2009 05:12:08 GMT) Full text and rfc822 format available.

Notification sent to Kees Cook <kees@debian.org>:
Bug acknowledged by developer. (Wed, 18 Nov 2009 05:12:08 GMT) Full text and rfc822 format available.

Message #60 received at 521107-close@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: 521107-close@bugs.debian.org
Subject: Bug#521107: fixed in xfs 1:1.0.8-6
Date: Wed, 18 Nov 2009 05:08:46 +0000
Source: xfs
Source-Version: 1:1.0.8-6

We believe that the bug you reported is fixed in the latest version of
xfs, which is due to be installed in the Debian FTP archive:

xfs_1.0.8-6.diff.gz
  to main/x/xfs/xfs_1.0.8-6.diff.gz
xfs_1.0.8-6.dsc
  to main/x/xfs/xfs_1.0.8-6.dsc
xfs_1.0.8-6_i386.deb
  to main/x/xfs/xfs_1.0.8-6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 521107@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated xfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 18 Nov 2009 03:08:34 -0300
Source: xfs
Binary: xfs
Architecture: source i386
Version: 1:1.0.8-6
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
Description: 
 xfs        - X font server
Closes: 521107
Changes: 
 xfs (1:1.0.8-6) unstable; urgency=low
 .
   * QA upload.
   * Unsafe /tmp usage fixed in the init script. (Closes: #521107)
Checksums-Sha1: 
 81ef70e3fb82ce242f03ce2f55594c1bcb792712 1146 xfs_1.0.8-6.dsc
 f725af155fabe26ffd392ca5909e896f116be355 26679 xfs_1.0.8-6.diff.gz
 90746e84803621908afb40640653bba3858a01cd 83938 xfs_1.0.8-6_i386.deb
Checksums-Sha256: 
 f128934c6096fe8f466a8bcde19cd5d20a541f0f5d814c6a5fdc0aab524e8fe8 1146 xfs_1.0.8-6.dsc
 560a477f0e656b8457e2e75986d7eaa02345c99c48bea4df11b1ed89ead115a5 26679 xfs_1.0.8-6.diff.gz
 e6575137c80e8e1edc72bc2f02bfc20d5f67347385b96b60b4ad8e33f85090ae 83938 xfs_1.0.8-6_i386.deb
Files: 
 925c85b4d6f04ca856cb2d80f40b76f1 1146 x11 optional xfs_1.0.8-6.dsc
 c1689b9eac7ff2d647add06cd1920840 26679 x11 optional xfs_1.0.8-6.diff.gz
 51f249ccaf05f7f700513b1974926fa6 83938 x11 optional xfs_1.0.8-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksDdwgACgkQQWTRs4lLtHllDACgtvH1t7TzOcuwawBk4a4F30+N
A5kAoKkvN1F6/9IOwVaYIUuLuVgxjhv5
=Lqcs
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#521107; Package xfs. (Mon, 30 Nov 2009 20:48:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Mon, 30 Nov 2009 20:48:06 GMT) Full text and rfc822 format available.

Message #65 received at 521107@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Luciano Bello <luciano@debian.org>
Cc: Julien Cristau <jcristau@debian.org>, Debian release coordination <debian-release@lists.debian.org>, 521107@bugs.debian.org
Subject: Re: s-p-u: security update for xfs package
Date: Mon, 30 Nov 2009 20:44:49 +0000
On Wed, 2009-11-18 at 01:25 -0300, Luciano Bello wrote:
> El Mar 17 Nov 2009, Adam D. Barratt escribió:
> > >From a stable-update point-of-view, I'd also prefer that it was fixed in
> >
> > unstable first.  It's a lot easier to fix sid if any unforeseen problems
> > arise. :)
> 
> So, I made the QA upload few minutes ago.

As that upload has now migrated to testing without any reported issues,
please go ahead with the upload to p-u.

Regards,

Adam




Reply sent to Luciano Bello <luciano@debian.org>:
You have taken responsibility. (Sat, 05 Dec 2009 21:57:09 GMT) Full text and rfc822 format available.

Notification sent to Kees Cook <kees@debian.org>:
Bug acknowledged by developer. (Sat, 05 Dec 2009 21:57:10 GMT) Full text and rfc822 format available.

Message #70 received at 521107-close@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: 521107-close@bugs.debian.org
Subject: Bug#521107: fixed in xfs 1:1.0.8-2.2+lenny1
Date: Sat, 05 Dec 2009 21:54:52 +0000
Source: xfs
Source-Version: 1:1.0.8-2.2+lenny1

We believe that the bug you reported is fixed in the latest version of
xfs, which is due to be installed in the Debian FTP archive:

xfs_1.0.8-2.2+lenny1.diff.gz
  to main/x/xfs/xfs_1.0.8-2.2+lenny1.diff.gz
xfs_1.0.8-2.2+lenny1.dsc
  to main/x/xfs/xfs_1.0.8-2.2+lenny1.dsc
xfs_1.0.8-2.2+lenny1_i386.deb
  to main/x/xfs/xfs_1.0.8-2.2+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 521107@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated xfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 10 Nov 2009 16:19:20 -0300
Source: xfs
Binary: xfs
Architecture: source i386
Version: 1:1.0.8-2.2+lenny1
Distribution: stable-proposed-updates
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
Description: 
 xfs        - X font server
Closes: 521107
Changes: 
 xfs (1:1.0.8-2.2+lenny1) stable-proposed-updates; urgency=high
 .
   * Unsafe /tmp usage fixed in the init script. Closes: #521107.
Checksums-Sha1: 
 1d0920f9d8bf4644957cc09e912be7c5d4f37a28 1261 xfs_1.0.8-2.2+lenny1.dsc
 5ae2fe90899600f58f8ff01a364d4a52394e2ae5 197220 xfs_1.0.8.orig.tar.gz
 e6002aba90e6a84eb0fcb64db4060b661fd46457 39216 xfs_1.0.8-2.2+lenny1.diff.gz
 8ad90d53fabe9d922f3ac7cf2be7b415cf7557f9 92118 xfs_1.0.8-2.2+lenny1_i386.deb
Checksums-Sha256: 
 a7da0aa8ff3069be38fa131daf6e91a146c8515d10df99d1ffdd5eb6346f9fb2 1261 xfs_1.0.8-2.2+lenny1.dsc
 8722c0226556ec430052e9c2b01083faf3c261e7184d0af57f159c8afa73b375 197220 xfs_1.0.8.orig.tar.gz
 f7a19fed172d6a7db02569e4c35d275a07e23999dbe99a63c95e3666d918ee54 39216 xfs_1.0.8-2.2+lenny1.diff.gz
 f057d83d67eac7188042aad7820926533e223fe90f70f49693ad4973b4a0068b 92118 xfs_1.0.8-2.2+lenny1_i386.deb
Files: 
 a30847bd9ff08f6b76d175384d43d4cf 1261 x11 optional xfs_1.0.8-2.2+lenny1.dsc
 6c9e85034871db0caa4f47cc7d3cd409 197220 x11 optional xfs_1.0.8.orig.tar.gz
 af7a5e89608219977ec1c97e8f4f771d 39216 x11 optional xfs_1.0.8-2.2+lenny1.diff.gz
 90f55b1fff288db8451fa12563b702a8 92118 x11 optional xfs_1.0.8-2.2+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksVXA4ACgkQQWTRs4lLtHmT4QCePQHOY1MHOK5TvaGCKenknuj+
u/4An1sHOXSBSObVJ/BlpgaLOkwY/GW6
=DZrF
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 03 Jan 2010 07:27:13 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 04:29:13 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.