Your message dated Tue, 01 Feb 2005 09:02:32 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#293117: fixed in hplip 0.8.7-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 1 Feb 2005 08:42:10 +0000
>From [EMAIL PROTECTED] Tue Feb 01 00:42:10 2005
Return-path: <[EMAIL PROTECTED]>
Received: from nez-casse.rail.eu.org [82.232.38.36]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cvtbu-0001Px-00; Tue, 01 Feb 2005 00:42:10 -0800
Received: from nez-casse.rail.eu.org (localhost [127.0.0.1])
by nez-casse.rail.eu.org (Postfix) with ESMTP id 02D81D6BC5;
Tue, 1 Feb 2005 09:42:04 +0100 (CET)
Received: by nez-casse.rail.eu.org (Postfix, from userid 1000)
id CC48DD6BC4; Tue, 1 Feb 2005 09:42:03 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Erwan David <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: .hplip.conf is created world writable
X-Mailer: reportbug 3.7.1
Date: Tue, 01 Feb 2005 09:42:03 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: ClamAV using ClamSMTP
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: hplip
Version: 0.8.7-2
Severity: grave
Justification: user security hole
.hplip.conf is created in 666 mode.
Since this conf file contains commands which may be launched using the
user's right it can be used to cause unwanted process gain access to
user's data, by putting specially crafted wrappers in the [commands] section.
Solution is to create this file in 600 mode.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-2-k7
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages hplip depends on:
ii cupsys 1.1.23-3 Common UNIX Printing System(tm) -
ii hplip-data 0.8.7-2 HP Linux Printing and Imaging - da
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libcupsys2-gnutls10 1.1.23-3 Common UNIX Printing System(tm) -
ii libgcc1 1:3.4.3-7 GCC support library
ii libsnmp5 5.1.2-6 NET SNMP (Simple Network Managemen
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii libstdc++5 1:3.3.5-7 The GNU Standard C++ Library v3
ii python 2.3.4-6 An interactive high-level object-o
ii python-qt3 3.13-4 Qt3 bindings for Python (default v
-- no debconf information
---------------------------------------
Received: (at 293117-close) by bugs.debian.org; 1 Feb 2005 14:08:18 +0000
>From [EMAIL PROTECTED] Tue Feb 01 06:08:18 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CvyhW-0002FU-00; Tue, 01 Feb 2005 06:08:18 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cvybw-00018n-00; Tue, 01 Feb 2005 09:02:32 -0500
From: Henrique de Moraes Holschuh <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#293117: fixed in hplip 0.8.7-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 01 Feb 2005 09:02:32 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: hplip
Source-Version: 0.8.7-3
We believe that the bug you reported is fixed in the latest version of
hplip, which is due to be installed in the Debian FTP archive:
hpijs_2.0.1+0.8.7-3_i386.deb
to pool/main/h/hplip/hpijs_2.0.1+0.8.7-3_i386.deb
hplip-data_0.8.7-3_all.deb
to pool/main/h/hplip/hplip-data_0.8.7-3_all.deb
hplip_0.8.7-3.diff.gz
to pool/main/h/hplip/hplip_0.8.7-3.diff.gz
hplip_0.8.7-3.dsc
to pool/main/h/hplip/hplip_0.8.7-3.dsc
hplip_0.8.7-3_i386.deb
to pool/main/h/hplip/hplip_0.8.7-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <[EMAIL PROTECTED]> (supplier of updated hplip
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 1 Feb 2005 11:03:22 -0200
Source: hplip
Binary: hpijs hplip-data hplip
Architecture: source i386 all
Version: 0.8.7-3
Distribution: unstable
Urgency: low
Maintainer: Torsten Landschoff <[EMAIL PROTECTED]>
Changed-By: Henrique de Moraes Holschuh <[EMAIL PROTECTED]>
Description:
hpijs - HP Linux Printing and Imaging - gs IJS driver (hpijs)
hplip - HP Linux Printing and Imaging System (hplip)
hplip-data - HP Linux Printing and Imaging - data files
Closes: 293117
Changes:
hplip (0.8.7-3) unstable; urgency=low
.
* Henrique de Moraes Holschuh:
* HPLIP:
* SECURITY FIX: create .hplip.conf on user directory mode 600 (was 666)
The HPLIP suite was failing to set the process umask to sane values,
hpssd.py and hpguid.py were affected. Also, modify HPLIP so that it
warns the user of the broken permissions, ignores such a file, and
fixes the permissions on the next time the config file is written to.
Thanks to Erwan David <[EMAIL PROTECTED]> for reporting this bug
(closes: #293117)
* Really fix debian/rules to unpatch only after cleaning the tree
Files:
27e1d1c6d443e6c5f46c2e327e89b549 725 utils optional hplip_0.8.7-3.dsc
64941219f5353f848fef02fcddea2d34 452642 utils optional hplip_0.8.7-3.diff.gz
95c3de0013825144768ff577ac32f63d 6217984 utils optional
hplip-data_0.8.7-3_all.deb
f39003936c40c30fed07da0df58e31fe 195362 utils optional
hpijs_2.0.1+0.8.7-3_i386.deb
bfa144a430cbd20dd136c8645805db4f 357382 utils optional hplip_0.8.7-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB/4Wh7iXePxzbD+MRAi9hAKCJOFae30t83HfasXF/R6BRiCgsmQCfc3gs
/oOPBdS6jHxmLrH7laHX04s=
=9y+s
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
