Your message dated Fri, 21 Jan 2005 03:32:10 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#281922: fixed in unarj 2.43-3woody1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Nov 2004 15:42:15 +0000
>From [EMAIL PROTECTED] Thu Nov 18 07:42:15 2004
Return-path: <[EMAIL PROTECTED]>
Received: from mrelay3.uni-hannover.de [130.75.2.41] (root)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CUoQI-0003MT-00; Thu, 18 Nov 2004 07:42:14 -0800
Received: from mail.itp.uni-hannover.de (mail.itp.uni-hannover.de
[130.75.25.242])
by mrelay3.uni-hannover.de (8.12.10/8.12.10) with ESMTP id
iAIFg93J025216
for <[EMAIL PROTECTED]>; Thu, 18 Nov 2004 16:42:09 +0100 (MET)
Received: from pleione.itp.uni-hannover.de (pleione.itp.uni-hannover.de
[130.75.25.99])
by mail.itp.uni-hannover.de (Postfix) with ESMTP id BEDCF2F084
for <[EMAIL PROTECTED]>; Thu, 18 Nov 2004 16:42:04 +0100 (CET)
Received: by pleione.itp.uni-hannover.de (Postfix, from userid 237)
id A3FFC5F42; Thu, 18 Nov 2004 16:42:04 +0100 (CET)
Date: Thu, 18 Nov 2004 16:42:04 +0100
From: Helge Kreutzmann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: unarj: CAN-2004-0947 present in Debian?
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="C+ts3FVlLX8+P6JN"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Public-Key-URL: http://www.itp.uni-hannover.de/~kreutzm/data/kreutzm.gpg
X-homepage: http://www.itp.uni-hannover.de/~kreutzm
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.2.2
(mrelay3.uni-hannover.de [130.75.2.41]); Thu, 18 Nov 2004 16:42:09 +0100 (MET)
X-Scanned-By: MIMEDefang 2.42
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--C+ts3FVlLX8+P6JN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: unarj
Version: 2.43-3
Severity: grave
Justification: user security hole
Tags: security,woody
As I see no bug against unarj, I thought I file it. I don't know if sid
is affected.
The CAN-Entry is still dummy, here is the RedHat advisory:
http://lwn.net/Alerts/110733/
-- System Information
Debian Release: 3.0
Architecture: alpha
Kernel: Linux jari 2.4.26-grsec-hk04 #1 Fri Aug 6 12:23:40 CEST 2004 alpha
Locale: LANG=3DC, LC_CTYPE=3DC
Versions of packages unarj depends on:
ii libc6.1 2.2.5-11.5 GNU C Library: Shared librarie=
s an
--=20
Helge Kreutzmann, Dipl.-Phys. [EMAIL PROTECTED]
er.de
gpg signed mail preferred=20
64bit GNU powered http://www.itp.uni-hannover.de/~kreu=
tzm
Help keep free software "libre": http://www.freepatents.org/
--C+ts3FVlLX8+P6JN
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBnMLMRsxcY/MYpWoRAijaAJ0dg8vTHxiK9UCYIPdXm/BZJ5C3WQCeKyrq
5p9eRyOEHnYoVdMwOyJ5G5E=
=iUMz
-----END PGP SIGNATURE-----
--C+ts3FVlLX8+P6JN--
---------------------------------------
Received: (at 281922-close) by bugs.debian.org; 21 Jan 2005 08:35:47 +0000
>From [EMAIL PROTECTED] Fri Jan 21 00:35:47 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CruGh-0005Jc-00; Fri, 21 Jan 2005 00:35:47 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CruDC-0001Fd-00; Fri, 21 Jan 2005 03:32:10 -0500
From: Steve McIntyre <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#281922: fixed in unarj 2.43-3woody1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 21 Jan 2005 03:32:10 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: unarj
Source-Version: 2.43-3woody1
We believe that the bug you reported is fixed in the latest version of
unarj, which is due to be installed in the Debian FTP archive:
unarj_2.43-3woody1.diff.gz
to pool/non-free/u/unarj/unarj_2.43-3woody1.diff.gz
unarj_2.43-3woody1.dsc
to pool/non-free/u/unarj/unarj_2.43-3woody1.dsc
unarj_2.43-3woody1_alpha.deb
to pool/non-free/u/unarj/unarj_2.43-3woody1_alpha.deb
unarj_2.43-3woody1_arm.deb
to pool/non-free/u/unarj/unarj_2.43-3woody1_arm.deb
unarj_2.43-3woody1_hppa.deb
to pool/non-free/u/unarj/unarj_2.43-3woody1_hppa.deb
unarj_2.43-3woody1_i386.deb
to pool/non-free/u/unarj/unarj_2.43-3woody1_i386.deb
unarj_2.43-3woody1_ia64.deb
to pool/non-free/u/unarj/unarj_2.43-3woody1_ia64.deb
unarj_2.43-3woody1_m68k.deb
to pool/non-free/u/unarj/unarj_2.43-3woody1_m68k.deb
unarj_2.43-3woody1_powerpc.deb
to pool/non-free/u/unarj/unarj_2.43-3woody1_powerpc.deb
unarj_2.43-3woody1_s390.deb
to pool/non-free/u/unarj/unarj_2.43-3woody1_s390.deb
unarj_2.43-3woody1_sparc.deb
to pool/non-free/u/unarj/unarj_2.43-3woody1_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve McIntyre <[EMAIL PROTECTED]> (supplier of updated unarj package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 20 Jan 2005 13:27:14 +0000
Source: unarj
Binary: unarj
Architecture: alpha arm hppa i386 ia64 m68k powerpc s390 source sparc
Version: 2.43-3woody1
Distribution: stable
Urgency: high
Maintainer: Steve McIntyre <[EMAIL PROTECTED]>
Changed-By: Steve McIntyre <[EMAIL PROTECTED]>
Description:
unarj - arj unarchive utility
Closes: 281922
Changes:
unarj (2.43-3woody1) stable-security; urgency=high
.
* Fix buffer overflow problem in filename handling (CAN-2004-0947). Closes:
#281922
* Fix unchecked path extraction problem (CAN-2004-1027).
Files:
e1d166f2eaf315641d1269a32ad1dc76 528 non-free/utils optional
unarj_2.43-3woody1.dsc
4ef4cfad33d05ecc048d63596ab2673c 12903 non-free/utils optional
unarj_2.43-3woody1.diff.gz
7a481dc017f1fbfa7f937a97e66eb99f 39620 non-free/utils optional
unarj_2.43.orig.tar.gz
08dc91afd3146ccdfaa51d73f8be56e5 29668 non-free/utils optional
unarj_2.43-3woody1_alpha.deb
0b1f0403cfaaf572399fcb60b2549664 31072 non-free/utils optional
unarj_2.43-3woody1_ia64.deb
15a8d6b0b7b565186398c0b8ebe3eb6a 23888 non-free/utils optional
unarj_2.43-3woody1_hppa.deb
5c5a1f0157aa613337f80b439e78456f 23060 non-free/utils optional
unarj_2.43-3woody1_powerpc.deb
644a6dcc9f566bad384c050bc8b8fb14 20384 non-free/utils optional
unarj_2.43-3woody1_m68k.deb
97dc977c8217a10d4915ee32db49edd5 22668 non-free/utils optional
unarj_2.43-3woody1_s390.deb
aa9490bd82bc9aef4f6092d19fa83eaa 20690 non-free/utils optional
unarj_2.43-3woody1_i386.deb
bd2210a978ad30306e3db2ab112c87e8 25386 non-free/utils optional
unarj_2.43-3woody1_sparc.deb
ed352d363cbeb34ba2268db63a632824 22784 non-free/utils optional
unarj_2.43-3woody1_arm.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB7+3KW5ql+IAeqTIRAkX4AJ9HAxs7rgCZ7wHctkIUKcLINgNRKwCfaHjG
roqmk6Ls74LBnWgUS9lRW10=
=zQmD
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
