Debian Bug report logs - #598424
texmacs: CVE-2010-3394: insecure library loading

version graph

Package: texmacs; Maintainer for texmacs is Atsuhito KOHDA <kohda@debian.org>; Source for texmacs is src:texmacs.

Reported by: Raphael Geissert <geissert@debian.org>

Date: Tue, 28 Sep 2010 21:09:21 UTC

Severity: grave

Tags: patch, security

Found in versions texmacs/1:1.0.7.4-3, texmacs/1:1.0.7.4-2

Fixed in versions texmacs/1:1.0.7.7-1.1, texmacs/1:1.0.7.4-3.1

Done: Mehdi Dogguy <mehdi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Tue, 28 Sep 2010 21:09:24 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
New Bug report received and forwarded. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Tue, 28 Sep 2010 21:09:24 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: submit@bugs.debian.org
Subject: texmacs: CVE-2010-3394: insecure library loading
Date: Tue, 28 Sep 2010 21:07:36 +0000
Package: texmacs
Version: 1:1.0.7.4-2
Severity: grave
Tags: security
User: team@security.debian.org
Usertags: ldpath

Hello,

During a review of the Debian archive, I've found your package to
contain a script that can be abused by an attacker to execute arbitrary
code.

The vulnerability is introduced by an insecure change to
LD_LIBRARY_PATH, an environment variable used by ld.so(8) to look for
libraries on a directory other than the standard paths.

Vulnerable code follows:

/usr/lib/texmacs/TeXmacs/bin/tm_mupad_help line 29:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${MuPAD_ROOT_PATH}/${SYSINFO}/lib:/usr/local/X11R6/motif-2.0/lib:/usr/local/X11R6/lib:$MuPAD_ROOT_PATH/$SYSINFO/bin
/usr/bin/texmacs line 30:
LD_LIBRARY_PATH="$TEXMACS_BIN_PATH/lib${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}"

When there's an empty item on the colon-separated list of
LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.)
If the given script is executed from a directory where a potential,
local, attacker can write files to, there's a chance to exploit this
bug.

This vulnerability has been assigned the CVE id CVE-2010-3394. Please make sure
you mention it when forwarding this report to upstream and when fixing
this bug (everywhere: upstream and here at Debian.)

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3394
[1] http://security-tracker.debian.org/tracker/CVE-2010-3394

Sincerely,
Raphael Geissert




Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Fri, 15 Oct 2010 07:54:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Etienne Millon <etienne.millon@gmail.com>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Fri, 15 Oct 2010 07:54:02 GMT) Full text and rfc822 format available.

Message #10 received at 598424@bugs.debian.org (full text, mbox):

From: Etienne Millon <etienne.millon@gmail.com>
To: 598424@bugs.debian.org
Subject: Patch for CVE-2010-3394
Date: Fri, 15 Oct 2010 09:51:07 +0200
[Message part 1 (text/plain, inline)]
tags 598424 patch
thanks

Dear maintainer,

Here is a patch that fixes this issue. I believe that the second warning can be
safely ignored.

Regards,

-- 
Etienne Millon
[texmacs-CVE-2010-3394.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Added tag(s) patch. Request was from Etienne Millon <etienne.millon@gmail.com> to control@bugs.debian.org. (Fri, 15 Oct 2010 08:15:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Wed, 20 Oct 2010 07:48:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Etienne Millon <etienne.millon@gmail.com>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Wed, 20 Oct 2010 07:48:11 GMT) Full text and rfc822 format available.

Message #17 received at 598424@bugs.debian.org (full text, mbox):

From: Etienne Millon <etienne.millon@gmail.com>
To: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
Cc: 598424@bugs.debian.org, geissert@debian.org
Subject: Re: Bug#598424: Patch for CVE-2010-3394
Date: Wed, 20 Oct 2010 09:44:56 +0200
[Message part 1 (text/plain, inline)]
Hello,

> Does the following sentence relate to my question?
> 
> > I believe that the second warning can be
> > safely ignored.

It does, indeed. On line 30 of /usr/bin/texmacs, the inclusion of
"$TEXMACS_BIN_PATH/lib" is properly done, because :
  
  - if LD_LIBRARY_PATH is empty before, the ${LD_LIBRARY_PATH+...}
  	constructs evaluates to the empty string (and no colon is added)
  - if LD_LIBRARY_PATH was non-empty, the construct evaluates to
  	":$LD_LIBRARY_PATH" and no "single colon" is present

So, this part is safe.

However, in plugins/mupad/bin/tm_mupad_help, its use is not escaped
and will add a leading colon, and my previous patch addresses that.

Hope that clarifies,

-- 
Etienne Millon
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Wed, 20 Oct 2010 08:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Wed, 20 Oct 2010 08:09:03 GMT) Full text and rfc822 format available.

Message #22 received at 598424@bugs.debian.org (full text, mbox):

From: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
To: etienne.millon@gmail.com, 598424@bugs.debian.org, geissert@debian.org
Subject: Re: Bug#598424: Patch for CVE-2010-3394
Date: Wed, 20 Oct 2010 16:23:23 +0900 (JST)
Hi all, sorry for delay.

On Fri, 15 Oct 2010 09:51:07 +0200, Etienne Millon wrote:

> Here is a patch that fixes this issue. I believe that the second warning can be
> safely ignored.

I'm preparing a fixed package but I've a question which
I' like to solve before upload it.

A patch of Etienne doesn't modify /usr/bin/texmacs at all 
but, apparently, an original bug report of Raphael
mentioned it.

On Tue, 28 Sep 2010 21:07:36 +0000, Raphael Geissert wrote:

> /usr/bin/texmacs line 30:
> LD_LIBRARY_PATH="$TEXMACS_BIN_PATH/lib${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}"

Is it intentional, or is the patch enough to fix 
the security bug?

Does the following sentence relate to my question?

> I believe that the second warning can be
> safely ignored.

Thanks for your contributions and I appreciate any
comment on my question.

Regards,			2010-10-20(Wed)

-- 
 Debian Developer - much more I18N of Debian
 Atsuhito Kohda <kohda AT debian.org>
 Department of Math., Univ. of Tokushima




Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Wed, 20 Oct 2010 10:27:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Wed, 20 Oct 2010 10:27:09 GMT) Full text and rfc822 format available.

Message #27 received at 598424@bugs.debian.org (full text, mbox):

From: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
To: etienne.millon@gmail.com, 598424@bugs.debian.org
Cc: geissert@debian.org
Subject: Re: Bug#598424: Patch for CVE-2010-3394
Date: Wed, 20 Oct 2010 19:26:23 +0900 (JST)
Hi Etienne,

On Wed, 20 Oct 2010 09:44:56 +0200, Etienne Millon wrote:

>> Does the following sentence relate to my question?
>> 
>> > I believe that the second warning can be
>> > safely ignored.
> 
> It does, indeed. On line 30 of /usr/bin/texmacs, the inclusion of
> "$TEXMACS_BIN_PATH/lib" is properly done, because :
>   
>   - if LD_LIBRARY_PATH is empty before, the ${LD_LIBRARY_PATH+...}
>   	constructs evaluates to the empty string (and no colon is added)
>   - if LD_LIBRARY_PATH was non-empty, the construct evaluates to
>   	":$LD_LIBRARY_PATH" and no "single colon" is present
> 
> So, this part is safe.
> 
> However, in plugins/mupad/bin/tm_mupad_help, its use is not escaped
> and will add a leading colon, and my previous patch addresses that.
> 
> Hope that clarifies,

Thanks for your clarification.  I'll upload a fixed package
as soon as possible.  Thanks again.

Regards,   	      	     2010-10-20(Wed)

-- 
 Debian Developer - much more I18N of Debian
 Atsuhito Kohda <kohda AT debian.org>
 Department of Math., Univ. of Tokushima




Reply sent to Atsuhito KOHDA <kohda@debian.org>:
You have taken responsibility. (Wed, 20 Oct 2010 12:06:05 GMT) Full text and rfc822 format available.

Notification sent to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer. (Wed, 20 Oct 2010 12:06:05 GMT) Full text and rfc822 format available.

Message #32 received at 598424-close@bugs.debian.org (full text, mbox):

From: Atsuhito KOHDA <kohda@debian.org>
To: 598424-close@bugs.debian.org
Subject: Bug#598424: fixed in texmacs 1:1.0.7.4-3
Date: Wed, 20 Oct 2010 12:02:30 +0000
Source: texmacs
Source-Version: 1:1.0.7.4-3

We believe that the bug you reported is fixed in the latest version of
texmacs, which is due to be installed in the Debian FTP archive:

texmacs-common_1.0.7.4-3_all.deb
  to main/t/texmacs/texmacs-common_1.0.7.4-3_all.deb
texmacs_1.0.7.4-3.diff.gz
  to main/t/texmacs/texmacs_1.0.7.4-3.diff.gz
texmacs_1.0.7.4-3.dsc
  to main/t/texmacs/texmacs_1.0.7.4-3.dsc
texmacs_1.0.7.4-3_i386.deb
  to main/t/texmacs/texmacs_1.0.7.4-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 598424@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Atsuhito KOHDA <kohda@debian.org> (supplier of updated texmacs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 20 Oct 2010 15:09:20 +0900
Source: texmacs
Binary: texmacs texmacs-common
Architecture: source all i386
Version: 1:1.0.7.4-3
Distribution: unstable
Urgency: high
Maintainer: Atsuhito KOHDA <kohda@debian.org>
Changed-By: Atsuhito KOHDA <kohda@debian.org>
Description: 
 texmacs    - WYSIWYG mathematical text editor using TeX fonts
 texmacs-common - WYSIWYG mathematical text editor using TeX fonts
Closes: 598424
Changes: 
 texmacs (1:1.0.7.4-3) unstable; urgency=high
 .
   * Contribution of Etienne Millon <etienne.millon AT gmail.com>.
     Thanks for Etienne.
    - Fix security issue CVE-2010-3394 (Closes: #598424)
      So urgency=high.
Checksums-Sha1: 
 0ed624ceb4782a77e57cc883dd893cbe70154cdd 1302 texmacs_1.0.7.4-3.dsc
 fe448d542ee646f866596b9d8ce0b28a6bfd9c30 32345 texmacs_1.0.7.4-3.diff.gz
 14ae68aacc287119f39d60a609c78a742ee7be0b 3875996 texmacs-common_1.0.7.4-3_all.deb
 b35b3d3fcd4922c9f3deb0a9a275f85df961fb56 1752732 texmacs_1.0.7.4-3_i386.deb
Checksums-Sha256: 
 4468b7775371f125d825440a313af492375e79dddb62868c15f78f918046d472 1302 texmacs_1.0.7.4-3.dsc
 d08d7153e414d97404e653deb330cce0f7ec6cebbcea6458a8af917a88eb80bc 32345 texmacs_1.0.7.4-3.diff.gz
 e17b29dc877f505139f1146c5d677f2f92ff26f3731b667e6a549a02e7762fd5 3875996 texmacs-common_1.0.7.4-3_all.deb
 05fa3a71c42f7a2e90034b3a03232e87e50b3caaed09573e41128869f623fbb3 1752732 texmacs_1.0.7.4-3_i386.deb
Files: 
 4274c1d6b724a1ec0acc7729c2d39e09 1302 editors optional texmacs_1.0.7.4-3.dsc
 99dfedbffb9d916844d1a1e4d25fc759 32345 editors optional texmacs_1.0.7.4-3.diff.gz
 d37e6782303dbc6a01e263db6809ecf6 3875996 editors optional texmacs-common_1.0.7.4-3_all.deb
 5bfbbea0ba3384b5af8a342c8e220888 1752732 editors optional texmacs_1.0.7.4-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAky+zIMACgkQ1IXdL1v6kOzfqwCeO4cKIyB5CMBNob7DWo3fqAHw
KwgAn1VxYfqAUsyXrLGLtxsf2oBsU1WT
=13W1
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Sun, 14 Nov 2010 14:12:14 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jakub Wilk <jwilk@debian.org>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Sun, 14 Nov 2010 14:12:14 GMT) Full text and rfc822 format available.

Message #37 received at 598424@bugs.debian.org (full text, mbox):

From: Jakub Wilk <jwilk@debian.org>
To: Etienne Millon <etienne.millon@gmail.com>, 598424@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#598424: Patch for CVE-2010-3394
Date: Sun, 14 Nov 2010 14:11:47 +0100
[Message part 1 (text/plain, inline)]
found 598424 1:1.0.7.4-3
thanks

* Etienne Millon <etienne.millon@gmail.com>, 2010-10-20, 09:44:
>It does, indeed. On line 30 of /usr/bin/texmacs, the inclusion of
>"$TEXMACS_BIN_PATH/lib" is properly done, because :
>
>  - if LD_LIBRARY_PATH is empty before, the ${LD_LIBRARY_PATH+...}
>  	constructs evaluates to the empty string (and no colon is added)

No. It evalutes to empty string only if LD_LIBRARY_PATH is unset, not 
when it's empty:

$ LD_LIBRARY_PATH=
$ LD_LIBRARY_PATH="/foobar${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}"
$ echo $LD_LIBRARY_PATH 
/foobar:

-- 
Jakub Wilk
[signature.asc (application/pgp-signature, inline)]

Bug Marked as found in versions texmacs/1:1.0.7.4-3; no longer marked as fixed in versions texmacs/1:1.0.7.4-3 and reopened. Request was from Jakub Wilk <jwilk@debian.org> to control@bugs.debian.org. (Sun, 14 Nov 2010 14:12:16 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Thu, 25 Nov 2010 17:00:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Thu, 25 Nov 2010 17:00:05 GMT) Full text and rfc822 format available.

Message #44 received at 598424@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Etienne Millon <etienne.millon@gmail.com>, 598424@bugs.debian.org, kohda@debian.org
Subject: Re: Bug#598424: Patch for CVE-2010-3394
Date: Thu, 25 Nov 2010 17:58:18 +0100
On Sun, Nov 14, 2010 at 02:11:47PM +0100, Jakub Wilk wrote:
> found 598424 1:1.0.7.4-3
> thanks
>
> * Etienne Millon <etienne.millon@gmail.com>, 2010-10-20, 09:44:
>> It does, indeed. On line 30 of /usr/bin/texmacs, the inclusion of
>> "$TEXMACS_BIN_PATH/lib" is properly done, because :
>>
>>  - if LD_LIBRARY_PATH is empty before, the ${LD_LIBRARY_PATH+...}
>>  	constructs evaluates to the empty string (and no colon is added)
>
> No. It evalutes to empty string only if LD_LIBRARY_PATH is unset, not  
> when it's empty:
>
> $ LD_LIBRARY_PATH=
> $ LD_LIBRARY_PATH="/foobar${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}"
> $ echo $LD_LIBRARY_PATH /foobar:

What's the status?

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Thu, 25 Nov 2010 19:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Etienne Millon <etienne.millon@gmail.com>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Thu, 25 Nov 2010 19:39:03 GMT) Full text and rfc822 format available.

Message #49 received at 598424@bugs.debian.org (full text, mbox):

From: Etienne Millon <etienne.millon@gmail.com>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: 598424@bugs.debian.org
Subject: Re: Bug#598424: Patch for CVE-2010-3394
Date: Thu, 25 Nov 2010 20:35:13 +0100
[Message part 1 (text/plain, inline)]
On Thu, Nov 25, 2010 at 05:58:18PM +0100, Moritz Muehlenhoff wrote:
> On Sun, Nov 14, 2010 at 02:11:47PM +0100, Jakub Wilk wrote:
> > found 598424 1:1.0.7.4-3
> > thanks
> >
> > * Etienne Millon <etienne.millon@gmail.com>, 2010-10-20, 09:44:
> >> It does, indeed. On line 30 of /usr/bin/texmacs, the inclusion of
> >> "$TEXMACS_BIN_PATH/lib" is properly done, because :
> >>
> >>  - if LD_LIBRARY_PATH is empty before, the ${LD_LIBRARY_PATH+...}
> >>  	constructs evaluates to the empty string (and no colon is added)
> >
> > No. It evalutes to empty string only if LD_LIBRARY_PATH is unset, not  
> > when it's empty:
> >
> > $ LD_LIBRARY_PATH=
> > $ LD_LIBRARY_PATH="/foobar${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}"
> > $ echo $LD_LIBRARY_PATH /foobar:
> 
> What's the status?

LD_LIBRARY_PATH can be unset "naturally", ie without the user knowing.
It is actually the default. However, if it evaluates to the empty
string it comes from the environment, ie the user set it like that. We
can't blame texmacs for that, it is the user's fault.

So, I think we don't have to handle this case.

-- 
Etienne Millon
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Sat, 04 Dec 2010 20:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mehdi Dogguy <mehdi@dogguy.org>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Sat, 04 Dec 2010 20:09:03 GMT) Full text and rfc822 format available.

Message #54 received at 598424@bugs.debian.org (full text, mbox):

From: Mehdi Dogguy <mehdi@dogguy.org>
To: 598424@bugs.debian.org
Subject: texmacs: diff for NMU version 1:1.0.7.7-1.1
Date: Sat, 4 Dec 2010 21:01:30 +0100
[Message part 1 (text/plain, inline)]
tags 598424 + pending
thanks

Dear maintainer,

I've prepared an NMU for texmacs (versioned as 1:1.0.7.7-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

I also intend to fix testing's version because there is no chance to
accept 1.0.7.7 in Squeeze.

Regards.

-- 
Mehdi Dogguy
[texmacs-1.0.7.7-1.1-nmu.diff (text/x-diff, attachment)]

Added tag(s) pending. Request was from Mehdi Dogguy <mehdi@dogguy.org> to control@bugs.debian.org. (Sat, 04 Dec 2010 20:09:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Sat, 04 Dec 2010 20:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mehdi Dogguy <mehdi@dogguy.org>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Sat, 04 Dec 2010 20:39:03 GMT) Full text and rfc822 format available.

Message #61 received at 598424@bugs.debian.org (full text, mbox):

From: Mehdi Dogguy <mehdi@dogguy.org>
To: 598424@bugs.debian.org
Subject: texmacs: diff for NMU version 1:1.0.7.4-3.1
Date: Sat, 4 Dec 2010 21:32:32 +0100
[Message part 1 (text/plain, inline)]
Dear maintainer,

I've prepared an NMU for texmacs (versioned as 1:1.0.7.4-3.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

This upload targets testing-proposed-updates.

Regards.

-- 
Mehdi Dogguy
[texmacs-1.0.7.4-3.1-nmu.diff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Sun, 05 Dec 2010 12:09:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Sun, 05 Dec 2010 12:09:06 GMT) Full text and rfc822 format available.

Message #66 received at 598424@bugs.debian.org (full text, mbox):

From: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
To: mehdi@dogguy.org, 598424@bugs.debian.org
Subject: Re: Bug#598424: texmacs: diff for NMU version 1:1.0.7.4-3.1
Date: Sun, 05 Dec 2010 20:41:41 +0900 (JST)
Dear Mehdi,

On Sat, 4 Dec 2010 21:32:32 +0100, Mehdi Dogguy wrote:

> I've prepared an NMU for texmacs (versioned as 1:1.0.7.4-3.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.

Thanks for your contribution or help.

Regards,   		     	2010-12-5(Sun)

-- 
 Debian Developer - much more I18N of Debian
 Atsuhito Kohda <kohda AT debian.org>
 Department of Math., Univ. of Tokushima




Reply sent to Mehdi Dogguy <mehdi@debian.org>:
You have taken responsibility. (Mon, 06 Dec 2010 20:39:07 GMT) Full text and rfc822 format available.

Notification sent to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer. (Mon, 06 Dec 2010 20:39:08 GMT) Full text and rfc822 format available.

Message #71 received at 598424-close@bugs.debian.org (full text, mbox):

From: Mehdi Dogguy <mehdi@debian.org>
To: 598424-close@bugs.debian.org
Subject: Bug#598424: fixed in texmacs 1:1.0.7.7-1.1
Date: Mon, 06 Dec 2010 20:34:32 +0000
Source: texmacs
Source-Version: 1:1.0.7.7-1.1

We believe that the bug you reported is fixed in the latest version of
texmacs, which is due to be installed in the Debian FTP archive:

texmacs-common_1.0.7.7-1.1_all.deb
  to main/t/texmacs/texmacs-common_1.0.7.7-1.1_all.deb
texmacs_1.0.7.7-1.1.diff.gz
  to main/t/texmacs/texmacs_1.0.7.7-1.1.diff.gz
texmacs_1.0.7.7-1.1.dsc
  to main/t/texmacs/texmacs_1.0.7.7-1.1.dsc
texmacs_1.0.7.7-1.1_amd64.deb
  to main/t/texmacs/texmacs_1.0.7.7-1.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 598424@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mehdi Dogguy <mehdi@debian.org> (supplier of updated texmacs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 04 Dec 2010 20:40:54 +0100
Source: texmacs
Binary: texmacs texmacs-common
Architecture: source all amd64
Version: 1:1.0.7.7-1.1
Distribution: unstable
Urgency: high
Maintainer: Atsuhito KOHDA <kohda@debian.org>
Changed-By: Mehdi Dogguy <mehdi@debian.org>
Description: 
 texmacs    - WYSIWYG mathematical text editor using TeX fonts
 texmacs-common - WYSIWYG mathematical text editor using TeX fonts
Closes: 598424
Changes: 
 texmacs (1:1.0.7.7-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix security issue CVE-2010-3394 (Closes: #598424)
     - Also make the substitutions in misc/bundle/TeXmacs
Checksums-Sha1: 
 cbeb0bcb5a0d3624ab26473203c5b4224762b0a1 1950 texmacs_1.0.7.7-1.1.dsc
 40c5d29e1291c3e1c2be793ceee9f2d107745d61 32736 texmacs_1.0.7.7-1.1.diff.gz
 149a29a878061ce5e6ce2c1992875ed3ef7ec8cf 3959828 texmacs-common_1.0.7.7-1.1_all.deb
 252c61c2312bbe0fa3d41b828318113ae675bcfc 2123032 texmacs_1.0.7.7-1.1_amd64.deb
Checksums-Sha256: 
 7c1d1077d9cd5d169e21bc50d0c06c601512ed31cdca9b85d4a7f049bc3a98e6 1950 texmacs_1.0.7.7-1.1.dsc
 960b61d56854408fa129e2279bcd21cedc8d2b820ec3820dd5934c652e3503bd 32736 texmacs_1.0.7.7-1.1.diff.gz
 3f30543576e655f6053c3db4d61768afb693a9c17b521df79c301dd1092dc38e 3959828 texmacs-common_1.0.7.7-1.1_all.deb
 69328278fa27fe807ad954c2193602f82fd5198aa03e09f126a58739a17d148e 2123032 texmacs_1.0.7.7-1.1_amd64.deb
Files: 
 358818a2e1c7203fad2df12d0d0a49e1 1950 editors optional texmacs_1.0.7.7-1.1.dsc
 a22b859a7dc67c602b4d5be064b2b0c3 32736 editors optional texmacs_1.0.7.7-1.1.diff.gz
 bdc0817ec5144a01a0b4e281a9f5b43a 3959828 editors optional texmacs-common_1.0.7.7-1.1_all.deb
 d3173828a899c0fa1e2a7ad3c56314ee 2123032 editors optional texmacs_1.0.7.7-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJM+p4SAAoJEDO+GgqMLtj/rV8P/Ap4dLeP9u9FTOcizOvhZZp4
cBzw9LQ7C01EyWWU7c7YJx2MP2KZ3nqKurdH0iW5i8cuusKjlRVjGzcSBapVI2by
/DIhDoLqY3UYzT2rCg4SiUmj4WO3lEGH2zOaiyd2GQXBwARcI3t39cd72ZGX+YhF
262KGg1jNkJ1IYXxU5e5zmTWH1B7+iLi/jOqezh9Z13PVSIb/f8TGte7Xa0WTajy
JxMXSD2yGfLEqYTnRllziWT5iAjmZiJop2JYfkaNGhEz5VXbVk+y0quX0lV1LnTV
+igLZ1uxBEaLrV2GngWFGSmOj6itdNrlQ7+H1ENPRkZJI0kG4k0/CSw3ZKl2ubnb
VN7mMMp+cMk8CYy/j3mqG1TDH03MesIXEcnakx11+7Tja+9A+UoLH4Ie8p2+kyyP
zzbNWVz7bGE1T0eCbCfDieQlcnF+pEGLP2rkaG4Bm/s8hgM5MtY608olHhkvQLKd
l6oEN5/cYFl0OJ1bATyHlMAbFsXM3xlwLpW2bAXMhreM/3QgT8+jpVQJ1Pu1XDbz
XR7UNkCGttbqUQkP+MdG37p1YCOTO5mXySz31avjPGXGVWE87W8ujBcmCWhlhgqf
2dLugyZPqrSYnPA+4TnIW6JS5VBC/e44FiRhFI5cWzDIIG4X/qdgy/FW44XFJBV+
dEGYoCCDd2ZPUzJdq2Cj
=FLJg
-----END PGP SIGNATURE-----





Reply sent to Mehdi Dogguy <mehdi@debian.org>:
You have taken responsibility. (Mon, 06 Dec 2010 21:24:05 GMT) Full text and rfc822 format available.

Notification sent to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer. (Mon, 06 Dec 2010 21:24:05 GMT) Full text and rfc822 format available.

Message #76 received at 598424-close@bugs.debian.org (full text, mbox):

From: Mehdi Dogguy <mehdi@debian.org>
To: 598424-close@bugs.debian.org
Subject: Bug#598424: fixed in texmacs 1:1.0.7.4-3.1
Date: Mon, 06 Dec 2010 21:20:58 +0000
Source: texmacs
Source-Version: 1:1.0.7.4-3.1

We believe that the bug you reported is fixed in the latest version of
texmacs, which is due to be installed in the Debian FTP archive:

texmacs-common_1.0.7.4-3.1_all.deb
  to main/t/texmacs/texmacs-common_1.0.7.4-3.1_all.deb
texmacs_1.0.7.4-3.1.diff.gz
  to main/t/texmacs/texmacs_1.0.7.4-3.1.diff.gz
texmacs_1.0.7.4-3.1.dsc
  to main/t/texmacs/texmacs_1.0.7.4-3.1.dsc
texmacs_1.0.7.4-3.1_amd64.deb
  to main/t/texmacs/texmacs_1.0.7.4-3.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 598424@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mehdi Dogguy <mehdi@debian.org> (supplier of updated texmacs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 04 Dec 2010 20:40:54 +0100
Source: texmacs
Binary: texmacs texmacs-common
Architecture: source all amd64
Version: 1:1.0.7.4-3.1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Atsuhito KOHDA <kohda@debian.org>
Changed-By: Mehdi Dogguy <mehdi@debian.org>
Description: 
 texmacs    - WYSIWYG mathematical text editor using TeX fonts
 texmacs-common - WYSIWYG mathematical text editor using TeX fonts
Closes: 598424
Changes: 
 texmacs (1:1.0.7.4-3.1) testing-proposed-updates; urgency=low
 .
   * Non-maintainer upload.
   * Fix security issue CVE-2010-3394 (Closes: #598424)
     - make the substitutions in misc/bundle/TeXmacs too
Checksums-Sha1: 
 f970efcb7e1842fce77e212850512d05ee272538 1950 texmacs_1.0.7.4-3.1.dsc
 12c50ac24cca63961e3d0bb56307593e85fffa01 32813 texmacs_1.0.7.4-3.1.diff.gz
 08b955042b2d6663bcc672f99785c24a4d3c8ec0 3897310 texmacs-common_1.0.7.4-3.1_all.deb
 f5174d35104a3c98ed283199e6bbc2acd01ca133 1954632 texmacs_1.0.7.4-3.1_amd64.deb
Checksums-Sha256: 
 c92206fc0fb7efa39c2262dc059aec19483f6853598348560ced6d7f49fbbc68 1950 texmacs_1.0.7.4-3.1.dsc
 0c909f91345c818527080debf19e77173c28a06b3619f59102eed6a1dc1fc943 32813 texmacs_1.0.7.4-3.1.diff.gz
 9e1f376a6027bc5280357cd7254be4a8f0524ed3431937ff99431993b05478f6 3897310 texmacs-common_1.0.7.4-3.1_all.deb
 997e233f5d01f934df3615cfc68cdf455bc2fc8017ab5a6912dd70949a412847 1954632 texmacs_1.0.7.4-3.1_amd64.deb
Files: 
 6ffeb7a8e37b99558b74dc45f5a77b4d 1950 editors optional texmacs_1.0.7.4-3.1.dsc
 ee552ec97e641838b109aefb425b7a7c 32813 editors optional texmacs_1.0.7.4-3.1.diff.gz
 f61e70721de9a33050ad867e0d452d66 3897310 editors optional texmacs-common_1.0.7.4-3.1_all.deb
 d8e41f43fe00237a4f32a450056aec62 1954632 editors optional texmacs_1.0.7.4-3.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJM+qVrAAoJEDO+GgqMLtj/WysP/2H9IZ+SahO1BUQqUzEe8bpr
j0asXkAfIpwlfeMJCa4tsUouoW2ZoP4RmZTopmUIyeZso777T+fqmnbG6Q/Xos+1
gkrKBgnwm2cDg5UiS/hjkheSRGFMXYaz92OrkgZcLV49FPP9PrIMDzMcM8UMDBWN
DZYle6R2J1L/0M5i0MK5r+UWROgnwNXBV4aPrn7cgaC0R9lygt34v7E3+O2g2M4g
RXuilOJcX4jQEv52IZwv0rlEmGJ/4fQ0KK8WWcDeWt13pmQSgtdX1AkQqtl16vHQ
wkW7iZqdJFM3NRBrbecZgU7apN3FGWcpd3yhhDPOkizx7ABHJinlPrfTSvAWFEPT
WKles+zs1Oluduk/7CyrEh2OcAhEUc5YUpMDXSc94E+GYrbuS6CGsde9Fn/EyDD4
6/G011FMKWENCwBgfh8jNp8sYyupNgMkOX0qB5ICrtQBVjIo73nYfe41jBFnnEkO
6cYrFqyjkR0tzp1P08lhmC6TORPI9pXhS9n85CrIA3xVEUimuHkwMR9c4EZxCdOJ
zXt/l7uXTjfRYHd+7Bs2mSgHNWRhv4omQSyI/EETyscHpdweRvbn4gK+Q/Hh+tI9
svBfHkW552AQ17FPG9oY2G9wv487b0ZABCqbjKyDwMjDd7wo6wmDSnWHGm19WO32
X/vXCOPcJ/JP31d9PvMt
=dKX7
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#598424; Package texmacs. (Wed, 08 Dec 2010 19:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jakub Wilk <jwilk@debian.org>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Wed, 08 Dec 2010 19:33:03 GMT) Full text and rfc822 format available.

Message #81 received at 598424@bugs.debian.org (full text, mbox):

From: Jakub Wilk <jwilk@debian.org>
To: Etienne Millon <etienne.millon@gmail.com>, 598424@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@inutil.org>
Subject: Re: Bug#598424: Patch for CVE-2010-3394
Date: Wed, 8 Dec 2010 20:30:32 +0100
[Message part 1 (text/plain, inline)]
* Etienne Millon <etienne.millon@gmail.com>, 2010-11-25, 20:35:
>>>$ LD_LIBRARY_PATH=
>>>$ LD_LIBRARY_PATH="/foobar${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}"
>>>$ echo $LD_LIBRARY_PATH /foobar:
>LD_LIBRARY_PATH can be unset "naturally", ie without the user knowing.
>It is actually the default. However, if it evaluates to the empty
>string it comes from the environment, ie the user set it like that. We
>can't blame texmacs for that, it is the user's fault.
>
>So, I think we don't have to handle this case.

We do. ld.so treats empty LD_LIBRARY_PATH and unset LD_LIBRARY_PATH 
equally (i.e. it doesn't add anything to search path) and so should do 
texmacs.

-- 
Jakub Wilk
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 06 Jan 2011 07:32:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 23:32:32 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.