Your message dated Sun, 03 Jun 2007 14:47:08 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#425948: fixed in ktorrent 2.1.4.dfsg.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: ktorrent
Version: 2.0.3+dfsg1-2.2
Severity: grave
Tags: security
Justification: user security hole
Apparently, the fix for directory traversal is incomplete... see:
http://bugs.kde.org/show_bug.cgi?id=143637
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages ktorrent depends on:
ii kdelibs4c2a 4:3.5.7.dfsg.1-1 core libraries and binaries for al
ii libacl1 2.2.42-1 Access control list shared library
ii libart-2.0-2 2.3.19-3 Library of functions for 2D graphi
ii libattr1 1:2.4.32-1.1 Extended attribute shared library
ii libaudio2 1.9-2 The Network Audio System (NAS). (s
ii libc6 2.5-9 GNU C Library: Shared libraries
ii libfontconfig1 2.4.2-1.2 generic font configuration library
ii libfreetype6 2.2.1-6 FreeType 2 font engine, shared lib
ii libgamin0 [libfam0] 0.1.8-2 Client library for the gamin file
ii libgcc1 1:4.2-20070516-1 GCC support library
ii libgmp3c2 2:4.2.1+dfsg-4 Multiprecision arithmetic library
ii libice6 1:1.0.3-2 X11 Inter-Client Exchange library
ii libidn11 0.6.5-1 GNU libidn library, implementation
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi
ii libpng12-0 1.2.15~beta5-2 PNG library - runtime
ii libqt3-mt 3:3.3.7-4+b1 Qt GUI Library (Threaded runtime v
ii libsm6 2:1.0.3-1 X11 Session Management library
ii libstdc++6 4.2-20070516-1 The GNU Standard C++ Library v3
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxcursor1 1:1.1.8-2 X cursor management library
ii libxext6 1:1.0.3-2 X11 miscellaneous extension librar
ii libxft2 2.1.12-2 FreeType-based font drawing librar
ii libxi6 1:1.0.1-4 X11 Input extension library
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library
ii libxrandr2 2:1.2.1-1 X11 RandR extension library
ii libxrender1 1:0.9.2-1 X Rendering Extension client libra
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii zlib1g 1:1.2.3-15 compression library - runtime
ktorrent recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: ktorrent
Source-Version: 2.1.4.dfsg.1-1
We believe that the bug you reported is fixed in the latest version of
ktorrent, which is due to be installed in the Debian FTP archive:
ktorrent_2.1.4.dfsg.1-1.diff.gz
to pool/main/k/ktorrent/ktorrent_2.1.4.dfsg.1-1.diff.gz
ktorrent_2.1.4.dfsg.1-1.dsc
to pool/main/k/ktorrent/ktorrent_2.1.4.dfsg.1-1.dsc
ktorrent_2.1.4.dfsg.1-1_i386.deb
to pool/main/k/ktorrent/ktorrent_2.1.4.dfsg.1-1_i386.deb
ktorrent_2.1.4.dfsg.1.orig.tar.gz
to pool/main/k/ktorrent/ktorrent_2.1.4.dfsg.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Debian KDE Extras Team <[EMAIL PROTECTED]> (supplier of updated ktorrent
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 03 Jun 2007 16:03:17 +0300
Source: ktorrent
Binary: ktorrent
Architecture: source i386
Version: 2.1.4.dfsg.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian KDE Extras Team <[EMAIL PROTECTED]>
Changed-By: Debian KDE Extras Team <[EMAIL PROTECTED]>
Description:
ktorrent - BitTorrent client for KDE
Closes: 367120 372162 392893 400186 401753 402185 420913 424476 425043 425948
Changes:
ktorrent (2.1.4.dfsg.1-1) unstable; urgency=low
.
* ktorrent is now maintained by Debian KDE Extras Team.
.
[Modestas Vainius]
* New major upstream release (2.1): (Closes: #400186)
- µTorrent compatible peer exchange
- Zeroconf extension to find peers on the local network
- Switched the GUI to an IDEAl style GUI (like KDevelop)
- WebGUI plugin
- RSS plugin
- MAJOR improvements in down and upload performance
- Grouping feature to put torrents into groups
- Improved search plugin, which now allows multiple searches
- Allows setting priority for files in multifile torrents (Closes: #367120)
- Download speed is shown individually for each chunk in the chunk
window (Closes: #372162)
* New bugfix upstream release (2.1.4): (Closes: #420913)
- Fixed crash in parsing of DHT messages (Closes: #425043)
- Fixed problem with files with .. in their name (Closes: #425948)
- ScanFolder can now handle incomplete torrent files properly
* Prune upstream tarball from non-free parts (GeoIP Country Database and
country flag images). Patches 10 and 11 have been developed to make
impact of this as minimal as possible on the users.
* Remove LDFLAGS patch. It has been integrated upstream.
* debian/rules: upstream no longer ships .desktop files in applnk.
* Pass --enable-largefile to configure to enable large file (over 2GB)
support on 32bit architectures. There are known problems with >4GB files
on all architectures though (Closes: #402185).
* Use quilt as a patch management system.
* New patches:
- 10_use-system-geoip.diff - adds support for the --enable-system-geoip
configure parameter. It makes ktorrent build against system-wide GeoIP
library (libgeoip1) and use libgeoip1 default GeoIP Country database.
- 11_flagdb-alternative-source.diff - adds support for the
--disable-builtin-country-flags configure parameter. It allows to skip
installation of non-free ktorrent builtin country flags. In addition,
the patch adds support for the "flag database" that lets ktorrent get
country flag images from more than one filesystem source transparently.
It also adds additional (and the only for the debian package) source -
flag images shipped with kdebase.
- 12_gnu_kfreebsd.diff - fix FTBFS on GNU/kFreeBSD. Thanks to Petr Salinger
(Closes: #401753).
- Usual build system patches for relibtoolization.
* Add libgeoip-dev to Build-Depends. Build ktorrent with system GeoIP.
* Add kdebase-data to Recommends. It is needed as a source of the country
flag images for the Peer View. If not installed, country flags won't be
shown.
* Add debian/ktorrent.install. Prepare for multiple binary packages.
* Add Ktorrent to Debian menu (Closes: #392893).
* Now 'clean' target fully cleans the source tree after build
(Closes: #424476).
* Fully support DEB_BUILD_OPTIONS.
* Add manual pages for ktorrent and ktshell.
* Update README.Debian with new information about GeoIP and country flag
images and add NEWS about accuracy of the default GeoIP Country database.
Files:
bfc9012645508127fc48058d5d14cdd3 835 kde optional ktorrent_2.1.4.dfsg.1-1.dsc
e0f9dde442b3a0bf0094841223282d2c 3079578 kde optional
ktorrent_2.1.4.dfsg.1.orig.tar.gz
43b6ca43c7a1b487703046de1b9e2075 527925 kde optional
ktorrent_2.1.4.dfsg.1-1.diff.gz
44a2f6f890fdc8f0306de493bd95678d 2507838 kde optional
ktorrent_2.1.4.dfsg.1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Ana Guerrero
iD8DBQFGYt2dn3j4POjENGERAkZ9AJ4hFKAEePIIs6MhZBfa5VV0tNgeSwCeJdzW
I8HjkCtGGyyBd50ZIqnt83k=
=7uVd
-----END PGP SIGNATURE-----
--- End Message ---
