Your message dated Sun, 24 Apr 2005 05:36:22 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#300306: fixed in wine 0.0.20050419-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Mar 2005 21:18:56 +0000
>From [EMAIL PROTECTED] Fri Mar 18 13:18:55 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DCOrv-0006O3-00; Fri, 18 Mar 2005 13:18:55 -0800
Received: from p54896c99.dip.t-dialin.net ([84.137.108.153]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.44)
id 1DCOrt-0002hF-4h
for [EMAIL PROTECTED]; Fri, 18 Mar 2005 22:18:53 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DCOrq-000207-H3
for [EMAIL PROTECTED]; Fri, 18 Mar 2005 22:18:50 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: wine: Insecure world readable storage of Wine registry
X-Mailer: reportbug 3.8
Date: Fri, 18 Mar 2005 22:18:50 +0100
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.108.153
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: wine
Version: 0.0.20050211-1
Severity: grave
Tags: security
Justification: user security hole
[ Note; feel free to downgrade the severity, I chose it under the assumption
that a user runs applications which store sensitive data in the registry
and that Sarge should not include this vulnerability ]
Hi Ove,
http://bugs.winehq.com/show_bug.cgi?id=2715 describes a security flaw in
Wine that affects both Sarge and sid (I don't know about Woody): Wine
stores a world readable copy of the registry in /tmp. The bugtracking
entry contains a patch and Marcus Meissner has commited a fix to CVS
after the release of 20050310.
I couldn't find a CAN assignment for this vulnerability.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages wine depends on:
ii debconf 1.4.46 Debian configuration management sy
ii libwine 0.0.20050211-1 Windows Emulator (Library)
ii xbase-clients [xcont 4.3.0.dfsg.1-12.0.1 miscellaneous X clients
-- debconf information:
wine/del_wine_conf: true
wine/install_type: Autodetect
---------------------------------------
Received: (at 300306-close) by bugs.debian.org; 24 Apr 2005 09:49:57 +0000
>From [EMAIL PROTECTED] Sun Apr 24 02:49:57 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DPdkT-00073a-00; Sun, 24 Apr 2005 02:49:57 -0700
Received: from joerg by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DPdXK-0001OY-00; Sun, 24 Apr 2005 05:36:22 -0400
From: Ove Kaaven <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: lisa $Revision: 1.30 $
Subject: Bug#300306: fixed in wine 0.0.20050419-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Joerg Jaspert <[EMAIL PROTECTED]>
Date: Sun, 24 Apr 2005 05:36:22 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: wine
Source-Version: 0.0.20050419-1
We believe that the bug you reported is fixed in the latest version of
wine, which is due to be installed in the Debian FTP archive:
libwine-alsa_0.0.20050419-1_i386.deb
to pool/main/w/wine/libwine-alsa_0.0.20050419-1_i386.deb
libwine-arts_0.0.20050419-1_i386.deb
to pool/main/w/wine/libwine-arts_0.0.20050419-1_i386.deb
libwine-capi_0.0.20050419-1_i386.deb
to pool/main/w/wine/libwine-capi_0.0.20050419-1_i386.deb
libwine-dev_0.0.20050419-1_i386.deb
to pool/main/w/wine/libwine-dev_0.0.20050419-1_i386.deb
libwine-gl_0.0.20050419-1_i386.deb
to pool/main/w/wine/libwine-gl_0.0.20050419-1_i386.deb
libwine-jack_0.0.20050419-1_i386.deb
to pool/main/w/wine/libwine-jack_0.0.20050419-1_i386.deb
libwine-nas_0.0.20050419-1_i386.deb
to pool/main/w/wine/libwine-nas_0.0.20050419-1_i386.deb
libwine-print_0.0.20050419-1_i386.deb
to pool/main/w/wine/libwine-print_0.0.20050419-1_i386.deb
libwine-twain_0.0.20050419-1_i386.deb
to pool/main/w/wine/libwine-twain_0.0.20050419-1_i386.deb
libwine_0.0.20050419-1_i386.deb
to pool/main/w/wine/libwine_0.0.20050419-1_i386.deb
wine-doc_0.0.20050419-1_all.deb
to pool/main/w/wine/wine-doc_0.0.20050419-1_all.deb
wine-utils_0.0.20050419-1_i386.deb
to pool/main/w/wine/wine-utils_0.0.20050419-1_i386.deb
wine_0.0.20050419-1.diff.gz
to pool/main/w/wine/wine_0.0.20050419-1.diff.gz
wine_0.0.20050419-1.dsc
to pool/main/w/wine/wine_0.0.20050419-1.dsc
wine_0.0.20050419-1_i386.deb
to pool/main/w/wine/wine_0.0.20050419-1_i386.deb
wine_0.0.20050419.orig.tar.gz
to pool/main/w/wine/wine_0.0.20050419.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ove Kaaven <[EMAIL PROTECTED]> (supplier of updated wine package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 23 Apr 2005 19:52:16 -0400
Source: wine
Binary: libwine-print libwine-nas libwine-gl libwine-twain wine libwine-arts
libwine-jack libwine wine-utils wine-doc libwine-dev libwine-alsa libwine-capi
Architecture: source i386 all
Version: 0.0.20050419-1
Distribution: unstable
Urgency: low
Maintainer: Ove Kaaven <[EMAIL PROTECTED]>
Changed-By: Ove Kaaven <[EMAIL PROTECTED]>
Description:
libwine - Windows Emulator (Library)
libwine-alsa - Windows Emulator (ALSA Sound Module)
libwine-arts - Windows Emulator (aRts Sound Module)
libwine-capi - Windows Emulator (ISDN Module)
libwine-dev - Windows Emulator (Development files)
libwine-gl - Windows Emulator (OpenGL Module)
libwine-jack - Windows Emulator (JACK Sound Module)
libwine-nas - Windows Emulator (NAS Sound Module)
libwine-print - Windows Emulator (Printing Module)
libwine-twain - Windows Emulator (Scanner Module)
wine - Windows Emulator (Binary Emulator)
wine-doc - Windows Emulator (Documentation)
wine-utils - Windows Emulator (Utilities)
Closes: 214707 300306 304815
Changes:
wine (0.0.20050419-1) unstable; urgency=low
.
* New upstream release 20050310.
- Mailslot support.
- Support for side mouse buttons (X buttons).
- More Richedit improvements.
- Loading of Windows registry files disabled for now.
- Many code cleanups.
- Lots of bug fixes.
* Acknowledge security NMU. Closes: #300306.
* Split OpenGL and Direct3D functionality into separate libwine-gl
package. Closes: #304815.
Some people prefer split packages, some prefer merged packages,
it's hard to please everyone. But since the contents of the
libwine-print doesn't actually require a hard dependency on CUPS,
I'll consider merging its contents into the main libwine package
soon anyway, at least if people keep asking me why they can't print.
* Added Suggests for libwine-gl to libwine. Though perhaps these
suggestions should be on the wine package, not libwine?
* Moved wineboot and regedit from wine-utils to wine. These can be
essential to installing certain applications and you probably
shouldn't need wine-utils to do that.
* Install wine.desktop into /usr/share/applications instead of
/usr/share/applnk, and use updated wine.desktop from Dan Korostelev.
Closes: #214707.
Files:
84f0659b309f2ab77409135f4e8b7482 1329 otherosfs optional
wine_0.0.20050419-1.dsc
f43ad76846f792f9598fca2428d23e60 11936962 otherosfs optional
wine_0.0.20050419.orig.tar.gz
6bbe381c56e6761c4abc82751eea1c90 47830 otherosfs optional
wine_0.0.20050419-1.diff.gz
4a10c51f837c16283c268c005997c4c0 1855812 doc optional
wine-doc_0.0.20050419-1_all.deb
5e7052a32126b3cd1bf07f4d3083b699 1393768 otherosfs optional
wine_0.0.20050419-1_i386.deb
899bd78de8b9b702b7c08f335bcc75ec 2573760 libdevel optional
libwine-dev_0.0.20050419-1_i386.deb
3eb5ba73968143f5e76aa10677b0d588 11298184 libs optional
libwine_0.0.20050419-1_i386.deb
bf93ff0911919545fad5621ead949668 1158242 libs optional
libwine-alsa_0.0.20050419-1_i386.deb
336609a295172ec85422678d0e74533e 1133460 libs optional
libwine-arts_0.0.20050419-1_i386.deb
55443fd42f5273280d32cdfde33c3d99 1122834 libs optional
libwine-capi_0.0.20050419-1_i386.deb
657a0a01822f205d3012d8237d54ec3b 1562560 libs optional
libwine-gl_0.0.20050419-1_i386.deb
d397063b6c42d55d793d4213c6f6c9af 1135566 libs optional
libwine-jack_0.0.20050419-1_i386.deb
51ef602da6a27ea261306c473af8d4bd 1130302 libs optional
libwine-nas_0.0.20050419-1_i386.deb
09690a3b1110e45eb6b4522f6000d2be 1230488 libs optional
libwine-print_0.0.20050419-1_i386.deb
1063bf3b564a81df394b77e610d68d56 1132834 libs optional
libwine-twain_0.0.20050419-1_i386.deb
034fcddef4768bc3ff0978721b45546e 1627148 otherosfs optional
wine-utils_0.0.20050419-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCazHXA+GMa4PlEQ8RAtOBAKC0CITJumpJ2LA3Qy+QvKQCOO1dEACZAQJC
ubo2HIkWiMwVu3g01QgzFSY=
=C0wL
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
