Debian Bug report logs - #577014
Several security issues

version graph

Package: abcm2ps; Maintainer for abcm2ps is Anselm Lingnau <lingnau@debian.org>; Source for abcm2ps is src:abcm2ps (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Thu, 8 Apr 2010 21:48:01 UTC

Severity: grave

Tags: patch, security

Fixed in version abcm2ps/5.9.13-0.1

Done: Alexander Reichle-Schmehl <tolimar@debian.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Anselm Lingnau <lingnau@debian.org>:
Bug#577014; Package abcm2ps. (Thu, 08 Apr 2010 21:48:04 GMT) (full text, mbox, link).


Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Anselm Lingnau <lingnau@debian.org>. (Thu, 08 Apr 2010 21:48:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Several security issues
Date: Thu, 08 Apr 2010 23:41:58 +0200
Package: abcm2ps
Severity: grave
Tags: security

Hi,
the following was reported to the oss-security mailing list:

  Abcm2ps upstream has released:
    [1] http://moinejf.free.fr/
    [2] http://moinejf.free.fr/abcm2ps-5.9.12.tar.gz

  latest v5.9.12 version, addressing
  "some security vulnerabilities"
    [3] http://moinejf.free.fr/abcm2ps-5.txt

  References:
    [4] http://secunia.com/advisories/39345/

This doesn't warrant a DSA, but it would be nice if you would fix this
through a point update.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-4-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages abcm2ps depends on:
ii  libc6                         2.10.2-6   Embedded GNU C Library: Shared lib

abcm2ps recommends no packages.

abcm2ps suggests no packages.




Information forwarded to debian-bugs-dist@lists.debian.org, Anselm Lingnau <lingnau@debian.org>:
Bug#577014; Package abcm2ps. (Fri, 23 Apr 2010 08:27:08 GMT) (full text, mbox, link).


Acknowledgement sent to Alexander Reichle-Schmehl <tolimar@debian.org>:
Extra info received and forwarded to list. Copy sent to Anselm Lingnau <lingnau@debian.org>. (Fri, 23 Apr 2010 08:27:08 GMT) (full text, mbox, link).


Message #10 received at 577014@bugs.debian.org (full text, mbox, reply):

From: Alexander Reichle-Schmehl <tolimar@debian.org>
To: 577014@bugs.debian.org
Subject: abcm2ps: diff for NMU version 5.9.13-0.1
Date: Fri, 23 Apr 2010 10:24:30 +0200
[Message part 1 (text/plain, inline)]
tags 577014 + patch
thanks

Dear maintainer,

I've prepared an NMU for abcm2ps (versioned as 5.9.13-0.1) and
uploaded it to DELAYED/15, as it introduces a new upstream version.
Please note, that I picked 5.9.13 instead of 5.9.12 as reported by
Moritz, as 5.9.13 is to "Fix more security vulnerabilities".

Best regards,
  Alexander

PS:  debscripts nmudiff shows all changes between the versions, however
my changes are just to copy your debian directory and adding a changelog
entry.
[abcm2ps-5.9.13-0.1-nmu.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Added tag(s) patch. Request was from Alexander Reichle-Schmehl <tolimar@debian.org> to control@bugs.debian.org. (Fri, 23 Apr 2010 12:15:10 GMT) (full text, mbox, link).


Reply sent to Alexander Reichle-Schmehl <tolimar@debian.org>:
You have taken responsibility. (Sat, 08 May 2010 09:36:03 GMT) (full text, mbox, link).


Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sat, 08 May 2010 09:36:03 GMT) (full text, mbox, link).


Message #17 received at 577014-close@bugs.debian.org (full text, mbox, reply):

From: Alexander Reichle-Schmehl <tolimar@debian.org>
To: 577014-close@bugs.debian.org
Subject: Bug#577014: fixed in abcm2ps 5.9.13-0.1
Date: Sat, 08 May 2010 09:32:19 +0000
Source: abcm2ps
Source-Version: 5.9.13-0.1

We believe that the bug you reported is fixed in the latest version of
abcm2ps, which is due to be installed in the Debian FTP archive:

abcm2ps_5.9.13-0.1.debian.tar.gz
  to main/a/abcm2ps/abcm2ps_5.9.13-0.1.debian.tar.gz
abcm2ps_5.9.13-0.1.dsc
  to main/a/abcm2ps/abcm2ps_5.9.13-0.1.dsc
abcm2ps_5.9.13-0.1_amd64.deb
  to main/a/abcm2ps/abcm2ps_5.9.13-0.1_amd64.deb
abcm2ps_5.9.13.orig.tar.gz
  to main/a/abcm2ps/abcm2ps_5.9.13.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 577014@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Reichle-Schmehl <tolimar@debian.org> (supplier of updated abcm2ps package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 23 Apr 2010 10:15:13 +0200
Source: abcm2ps
Binary: abcm2ps
Architecture: source amd64
Version: 5.9.13-0.1
Distribution: unstable
Urgency: low
Maintainer: Anselm Lingnau <lingnau@debian.org>
Changed-By: Alexander Reichle-Schmehl <tolimar@debian.org>
Description: 
 abcm2ps    - Translates ABC music description files to PostScript
Closes: 577014
Changes: 
 abcm2ps (5.9.13-0.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Upload new upstream release to fix "some security vulnerabilities" and
     "more security vulnerabilities" (Closes: #577014)
Checksums-Sha1: 
 22436f6633aa7dbd607cd1124a9da7f9ccebc566 1024 abcm2ps_5.9.13-0.1.dsc
 55f2d36358cae94619bc647c52cf685184013e8c 252876 abcm2ps_5.9.13.orig.tar.gz
 f11f5518fbcacdc8261554762146926cd1f21057 20386 abcm2ps_5.9.13-0.1.debian.tar.gz
 37579f198661685fbbf1b0276c646ee532dcf0d7 192836 abcm2ps_5.9.13-0.1_amd64.deb
Checksums-Sha256: 
 0c3a8d187c7745006c385afd28c16cecd66185688c06613489d668d11ed2ecd6 1024 abcm2ps_5.9.13-0.1.dsc
 0698db3183ee2f010a850b5a94809ecb596e85a682c0e16c541c4b241c15607f 252876 abcm2ps_5.9.13.orig.tar.gz
 982d2b916d3f4f57a4388eb6aabc6780ed2caff25125c5d4d2fd7160b5e89671 20386 abcm2ps_5.9.13-0.1.debian.tar.gz
 f03706956c7cd0517a5ff5fcf9f36a089289ff3a27c7bd712b466c669bc49109 192836 abcm2ps_5.9.13-0.1_amd64.deb
Files: 
 2c18186c1f873520df1393422c7c9548 1024 text optional abcm2ps_5.9.13-0.1.dsc
 1c9295da42959534f2dfc5a7d87b04b4 252876 text optional abcm2ps_5.9.13.orig.tar.gz
 73e45ef89dffd8fd4ac9b8a26f0a2d25 20386 text optional abcm2ps_5.9.13-0.1.debian.tar.gz
 e61d216a009336c43fa63f51c38572ab 192836 text optional abcm2ps_5.9.13-0.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvRWV4ACgkQBxd04ADYzRavLwCdE9TYPhHDzTIjMa5pO0ASVtup
lCgAnjtaVCr6Hx7TRY6jg9pgpE2hLZtv
=m5Kt
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Anselm Lingnau <lingnau@debian.org>:
Bug#577014; Package abcm2ps. (Thu, 24 Feb 2011 11:21:06 GMT) (full text, mbox, link).


Acknowledgement sent to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Anselm Lingnau <lingnau@debian.org>. (Thu, 24 Feb 2011 11:21:06 GMT) (full text, mbox, link).


Message #22 received at 577014@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>
To: 577014@bugs.debian.org
Cc: Alexander Reichle-Schmehl <tolimar@debian.org>
Subject: (PRSC) Bug#577014: Several security issues
Date: Thu, 24 Feb 2011 11:19:32 +0000
[Message part 1 (text/plain, inline)]
(CC NMU-er)

Dear maintainer,

Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:

lenny (5.0.9)
squeeze (6.0.1)

Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

I will happily assist you at any stage if the patch is straightforward and
you need help or lack time. Please keep me in CC at all times so I can
track the progress of this request.

For details of this process and the rationale, please see the original
announcement [1] and my blog post [2].

0: debian-release@lists.debian.org
1: <201101232332.11736.thijs@debian.org>
2: http://deb.li/prsc

Thanks,

with his security hat on:
-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 25 Mar 2011 07:30:10 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 21:39:46 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.