Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Anselm Lingnau <lingnau@debian.org>.
(Thu, 08 Apr 2010 21:48:04 GMT) (full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Several security issues
Date: Thu, 08 Apr 2010 23:41:58 +0200
Package: abcm2ps
Severity: grave
Tags: security
Hi,
the following was reported to the oss-security mailing list:
Abcm2ps upstream has released:
[1] http://moinejf.free.fr/
[2] http://moinejf.free.fr/abcm2ps-5.9.12.tar.gz
latest v5.9.12 version, addressing
"some security vulnerabilities"
[3] http://moinejf.free.fr/abcm2ps-5.txt
References:
[4] http://secunia.com/advisories/39345/
This doesn't warrant a DSA, but it would be nice if you would fix this
through a point update.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-4-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages abcm2ps depends on:
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
abcm2ps recommends no packages.
abcm2ps suggests no packages.
Information forwarded
to debian-bugs-dist@lists.debian.org, Anselm Lingnau <lingnau@debian.org>: Bug#577014; Package abcm2ps.
(Fri, 23 Apr 2010 08:27:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Alexander Reichle-Schmehl <tolimar@debian.org>:
Extra info received and forwarded to list. Copy sent to Anselm Lingnau <lingnau@debian.org>.
(Fri, 23 Apr 2010 08:27:08 GMT) (full text, mbox, link).
tags 577014 + patch
thanks
Dear maintainer,
I've prepared an NMU for abcm2ps (versioned as 5.9.13-0.1) and
uploaded it to DELAYED/15, as it introduces a new upstream version.
Please note, that I picked 5.9.13 instead of 5.9.12 as reported by
Moritz, as 5.9.13 is to "Fix more security vulnerabilities".
Best regards,
Alexander
PS: debscripts nmudiff shows all changes between the versions, however
my changes are just to copy your debian directory and adding a changelog
entry.
From: Alexander Reichle-Schmehl <tolimar@debian.org>
To: 577014-close@bugs.debian.org
Subject: Bug#577014: fixed in abcm2ps 5.9.13-0.1
Date: Sat, 08 May 2010 09:32:19 +0000
Source: abcm2ps
Source-Version: 5.9.13-0.1
We believe that the bug you reported is fixed in the latest version of
abcm2ps, which is due to be installed in the Debian FTP archive:
abcm2ps_5.9.13-0.1.debian.tar.gz
to main/a/abcm2ps/abcm2ps_5.9.13-0.1.debian.tar.gz
abcm2ps_5.9.13-0.1.dsc
to main/a/abcm2ps/abcm2ps_5.9.13-0.1.dsc
abcm2ps_5.9.13-0.1_amd64.deb
to main/a/abcm2ps/abcm2ps_5.9.13-0.1_amd64.deb
abcm2ps_5.9.13.orig.tar.gz
to main/a/abcm2ps/abcm2ps_5.9.13.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 577014@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Reichle-Schmehl <tolimar@debian.org> (supplier of updated abcm2ps package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 23 Apr 2010 10:15:13 +0200
Source: abcm2ps
Binary: abcm2ps
Architecture: source amd64
Version: 5.9.13-0.1
Distribution: unstable
Urgency: low
Maintainer: Anselm Lingnau <lingnau@debian.org>
Changed-By: Alexander Reichle-Schmehl <tolimar@debian.org>
Description:
abcm2ps - Translates ABC music description files to PostScript
Closes: 577014
Changes:
abcm2ps (5.9.13-0.1) unstable; urgency=low
.
* Non-maintainer upload.
* Upload new upstream release to fix "some security vulnerabilities" and
"more security vulnerabilities" (Closes: #577014)
Checksums-Sha1:
22436f6633aa7dbd607cd1124a9da7f9ccebc566 1024 abcm2ps_5.9.13-0.1.dsc
55f2d36358cae94619bc647c52cf685184013e8c 252876 abcm2ps_5.9.13.orig.tar.gz
f11f5518fbcacdc8261554762146926cd1f21057 20386 abcm2ps_5.9.13-0.1.debian.tar.gz
37579f198661685fbbf1b0276c646ee532dcf0d7 192836 abcm2ps_5.9.13-0.1_amd64.deb
Checksums-Sha256:
0c3a8d187c7745006c385afd28c16cecd66185688c06613489d668d11ed2ecd6 1024 abcm2ps_5.9.13-0.1.dsc
0698db3183ee2f010a850b5a94809ecb596e85a682c0e16c541c4b241c15607f 252876 abcm2ps_5.9.13.orig.tar.gz
982d2b916d3f4f57a4388eb6aabc6780ed2caff25125c5d4d2fd7160b5e89671 20386 abcm2ps_5.9.13-0.1.debian.tar.gz
f03706956c7cd0517a5ff5fcf9f36a089289ff3a27c7bd712b466c669bc49109 192836 abcm2ps_5.9.13-0.1_amd64.deb
Files:
2c18186c1f873520df1393422c7c9548 1024 text optional abcm2ps_5.9.13-0.1.dsc
1c9295da42959534f2dfc5a7d87b04b4 252876 text optional abcm2ps_5.9.13.orig.tar.gz
73e45ef89dffd8fd4ac9b8a26f0a2d25 20386 text optional abcm2ps_5.9.13-0.1.debian.tar.gz
e61d216a009336c43fa63f51c38572ab 192836 text optional abcm2ps_5.9.13-0.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvRWV4ACgkQBxd04ADYzRavLwCdE9TYPhHDzTIjMa5pO0ASVtup
lCgAnjtaVCr6Hx7TRY6jg9pgpE2hLZtv
=m5Kt
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Anselm Lingnau <lingnau@debian.org>: Bug#577014; Package abcm2ps.
(Thu, 24 Feb 2011 11:21:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Anselm Lingnau <lingnau@debian.org>.
(Thu, 24 Feb 2011 11:21:06 GMT) (full text, mbox, link).
(CC NMU-er)
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
lenny (5.0.9)
squeeze (6.0.1)
Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.
I will happily assist you at any stage if the patch is straightforward and
you need help or lack time. Please keep me in CC at all times so I can
track the progress of this request.
For details of this process and the rationale, please see the original
announcement [1] and my blog post [2].
0: debian-release@lists.debian.org
1: <201101232332.11736.thijs@debian.org>
2: http://deb.li/prsc
Thanks,
with his security hat on:
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.