Debian Bug report logs - #601199
unblock: mono-debugger/2.6.3-2.1

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Sun, 24 Oct 2010 10:42:01 UTC

Severity: normal

Tags: moreinfo

Done: Mehdi Dogguy <mehdi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#601199; Package release.debian.org. (Sun, 24 Oct 2010 10:42:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 24 Oct 2010 10:42:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: mono-debugger/2.6.3-2.1
Date: Sun, 24 Oct 2010 12:40:14 +0200
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package mono-debugger. It fixes CVE-2010-3369.

unblock mono-debugger/2.6.3-2.1

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#601199; Package release.debian.org. (Sun, 24 Oct 2010 14:15:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 24 Oct 2010 14:15:08 GMT) Full text and rfc822 format available.

Message #10 received at 601199@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Moritz Muehlenhoff <jmm@debian.org>, 601199@bugs.debian.org
Subject: Re: Bug#601199: unblock: mono-debugger/2.6.3-2.1
Date: Sun, 24 Oct 2010 15:12:46 +0100
On Sun, 2010-10-24 at 12:40 +0200, Moritz Muehlenhoff wrote:
> Please unblock package mono-debugger. It fixes CVE-2010-3369.

I'm not really convinced about the utility of this:

++   tmp=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )

The code is already using ${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} to only
append LD_LIBRARY_PATH if it is non-empty, resolving the issue with the
script (adding empty items without the user realising).

If I want to explicitly add empty items to LD_LIBRARY_PATH before
calling the debugger, and potentially shoot myself badly in the foot,
should I not be permitted to do so?

Regards,

Adam





Added tag(s) moreinfo. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Tue, 02 Nov 2010 16:48:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#601199; Package release.debian.org. (Tue, 02 Nov 2010 22:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jari Aalto <jari.aalto@cante.net>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 02 Nov 2010 22:54:03 GMT) Full text and rfc822 format available.

Message #17 received at 601199@bugs.debian.org (full text, mbox):

From: Jari Aalto <jari.aalto@cante.net>
To: 601199@bugs.debian.org, 601199-submitter@bugs.debian.org
Cc: adam@adam-barratt.org.uk
Subject: Re: Bug#601199: release.debian.org: unblock: mono-debugger/2.6.3-2.1
Date: Wed, 03 Nov 2010 00:50:54 +0200
> "Adam D. Barratt" <adam@adam-barratt.org.uk>
> > On Sun, 2010-10-24 at 12:40 +0200, Moritz Muehlenhoff wrote:
> > Please unblock package mono-debugger. It fixes CVE-2010-3369.
>
> I'm not really convinced about the utility of this:
>
> ++   tmp=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )
>
> The code is already using ${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} to only
> append LD_LIBRARY_PATH if it is non-empty, resolving the issue with the
> script (adding empty items without the user realising).
>
> If I want to explicitly add empty items to LD_LIBRARY_PATH before
> calling the debugger, and potentially shoot myself badly in the foot,
> should I not be permitted to do so?

I can provide *-2.2 without the patchclean(). Let me know if new upload
is ok.

Jari




Message sent on to Moritz Muehlenhoff <jmm@debian.org>:
Bug#601199. (Tue, 02 Nov 2010 22:54:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#601199; Package release.debian.org. (Tue, 02 Nov 2010 23:12:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 02 Nov 2010 23:12:07 GMT) Full text and rfc822 format available.

Message #25 received at 601199@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Jari Aalto <jari.aalto@cante.net>, 601199@bugs.debian.org
Cc: 601199-submitter@bugs.debian.org, adam@adam-barratt.org.uk
Subject: Re: Bug#601199: release.debian.org: unblock: mono-debugger/2.6.3-2.1
Date: Wed, 3 Nov 2010 00:09:47 +0100
[Message part 1 (text/plain, inline)]
On Wed, Nov  3, 2010 at 00:50:54 +0200, Jari Aalto wrote:

> > "Adam D. Barratt" <adam@adam-barratt.org.uk>
> > > On Sun, 2010-10-24 at 12:40 +0200, Moritz Muehlenhoff wrote:
> > > Please unblock package mono-debugger. It fixes CVE-2010-3369.
> >
> > I'm not really convinced about the utility of this:
> >
> > ++   tmp=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )
> >
> > The code is already using ${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} to only
> > append LD_LIBRARY_PATH if it is non-empty, resolving the issue with the
> > script (adding empty items without the user realising).
> >
> > If I want to explicitly add empty items to LD_LIBRARY_PATH before
> > calling the debugger, and potentially shoot myself badly in the foot,
> > should I not be permitted to do so?
> 
> I can provide *-2.2 without the patchclean(). Let me know if new upload
> is ok.
> 
Yes please.

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Message sent on to Moritz Muehlenhoff <jmm@debian.org>:
Bug#601199. (Tue, 02 Nov 2010 23:12:11 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#601199; Package release.debian.org. (Wed, 03 Nov 2010 17:45:15 GMT) Full text and rfc822 format available.

Acknowledgement sent to jari <jari.aalto@cante.net>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Wed, 03 Nov 2010 17:45:15 GMT) Full text and rfc822 format available.

Message #33 received at 601199@bugs.debian.org (full text, mbox):

From: jari <jari.aalto@cante.net>
To: Julien Cristau <jcristau@debian.org>
Cc: 601199@bugs.debian.org
Subject: Re: Bug#601199: release.debian.org: unblock: mono-debugger/2.6.3-2.1
Date: Wed, 3 Nov 2010 19:41:35 +0200
On 2010-11-03 00:09, Julien Cristau wrote:
| On Wed, Nov  3, 2010 at 00:50:54 +0200, Jari Aalto wrote:
| 
| > > "Adam D. Barratt" <adam@adam-barratt.org.uk>
| > > > On Sun, 2010-10-24 at 12:40 +0200, Moritz Muehlenhoff wrote:
| > > > Please unblock package mono-debugger. It fixes CVE-2010-3369.
| > >
| > > I'm not really convinced about the utility of this:
| > >
| > > ++   tmp=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )
| > >
| > > The code is already using ${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} to only
| > > append LD_LIBRARY_PATH if it is non-empty, resolving the issue with the
| > > script (adding empty items without the user realising).
| > >
| > > If I want to explicitly add empty items to LD_LIBRARY_PATH before
| > > calling the debugger, and potentially shoot myself badly in the foot,
| > > should I not be permitted to do so?
| > 
| > I can provide *-2.2 without the patchclean(). Let me know if new upload
| > is ok.
| > 
| Yes please.

Uploaded,
Jari




Reply sent to Mehdi Dogguy <mehdi@debian.org>:
You have taken responsibility. (Thu, 04 Nov 2010 18:48:13 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Thu, 04 Nov 2010 18:48:13 GMT) Full text and rfc822 format available.

Message #38 received at 601199-done@bugs.debian.org (full text, mbox):

From: Mehdi Dogguy <mehdi@debian.org>
To: jari <jari.aalto@cante.net>, 601199-done@bugs.debian.org
Cc: Julien Cristau <jcristau@debian.org>
Subject: Re: Bug#601199: release.debian.org: unblock: mono-debugger/2.6.3-2.1
Date: Thu, 04 Nov 2010 19:42:40 +0100
On 11/03/2010 06:41 PM, jari wrote:
> On 2010-11-03 00:09, Julien Cristau wrote:
> | On Wed, Nov  3, 2010 at 00:50:54 +0200, Jari Aalto wrote:
> | 
> | > > "Adam D. Barratt" <adam@adam-barratt.org.uk>
> | > > > On Sun, 2010-10-24 at 12:40 +0200, Moritz Muehlenhoff wrote:
> | > > > Please unblock package mono-debugger. It fixes CVE-2010-3369.
> | > >
> | > > I'm not really convinced about the utility of this:
> | > >
> | > > ++   tmp=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )
> | > >
> | > > The code is already using ${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} to only
> | > > append LD_LIBRARY_PATH if it is non-empty, resolving the issue with the
> | > > script (adding empty items without the user realising).
> | > >
> | > > If I want to explicitly add empty items to LD_LIBRARY_PATH before
> | > > calling the debugger, and potentially shoot myself badly in the foot,
> | > > should I not be permitted to do so?
> | > 
> | > I can provide *-2.2 without the patchclean(). Let me know if new upload
> | > is ok.
> | > 
> | Yes please.
> 
> Uploaded,

Thanks for the upload.

Unblocked.

Regards,

-- 
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 03 Dec 2010 07:37:31 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 17:05:58 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.