Your message dated Fri, 06 May 2005 12:32:06 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#307838: fixed in fai 2.8.2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 May 2005 19:37:12 +0000
>From [EMAIL PROTECTED] Thu May 05 12:37:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from rubens.informatik.uni-koeln.de [134.95.9.10]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DTm9n-0007ot-00; Thu, 05 May 2005 12:37:11 -0700
Received: from rubens.informatik.Uni-Koeln.DE (localhost [127.0.0.1])
by rubens.informatik.Uni-Koeln.DE (8.12.10+Sun/8.12.10) with ESMTP id
j45JbA2r008593
for <[EMAIL PROTECTED]>; Thu, 5 May 2005 21:37:10 +0200 (CEST)
Received: (from [EMAIL PROTECTED])
by rubens.informatik.Uni-Koeln.DE (8.12.10+Sun/8.12.10/Submit) id
j45Jb9TI008590;
Thu, 5 May 2005 21:37:09 +0200 (CEST)
From: Thomas Lange <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 5 May 2005 21:37:09 +0200
To: [EMAIL PROTECTED]
Subject: unsecure temp file
X-Mailer: VM 7.05 under Emacs 21.2.1
CC:
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: fai
Version: 2.8.1
Severity: serious
The script lib/updatebase creates unsecure temp file when called from
task softupdate. This violates the policy.
--
regards Thomas
---------------------------------------
Received: (at 307838-close) by bugs.debian.org; 6 May 2005 16:43:58 +0000
>From [EMAIL PROTECTED] Fri May 06 09:43:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DU5vi-0004eK-00; Fri, 06 May 2005 09:43:58 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DU5kE-0000Td-00; Fri, 06 May 2005 12:32:06 -0400
From: Thomas Lange <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#307838: fixed in fai 2.8.2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 06 May 2005 12:32:06 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 3
Source: fai
Source-Version: 2.8.2
We believe that the bug you reported is fixed in the latest version of
fai, which is due to be installed in the Debian FTP archive:
fai_2.8.2.dsc
to pool/main/f/fai/fai_2.8.2.dsc
fai_2.8.2.tar.gz
to pool/main/f/fai/fai_2.8.2.tar.gz
fai_2.8.2_all.deb
to pool/main/f/fai/fai_2.8.2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Lange <[EMAIL PROTECTED]> (supplier of updated fai package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 6 May 2005 09:23:34 +0200
Source: fai
Binary: fai
Architecture: source all
Version: 2.8.2
Distribution: unstable
Urgency: high
Maintainer: Thomas Lange <[EMAIL PROTECTED]>
Changed-By: Thomas Lange <[EMAIL PROTECTED]>
Description:
fai - Fully Automatic Installation
Closes: 307631 307632 307838
Changes:
fai (2.8.2) unstable; urgency=high
.
* remove old unused scripts from cvs source
* updatebase: use mktemp for creating temp file, this closes a serious
security bug (closes: #307838)
* fai: create dir only during initial installation, fixes a critical bug
(closes: #307632)
* subroutines-linux: do not "mount --bind" when FAI_ROOT=/, closes
important bug (closes: #307631)
Files:
82e5de30184fb23bcd6883210e448cdd 524 admin extra fai_2.8.2.dsc
6687553fcaec88a8393247623dbe6b64 211264 admin extra fai_2.8.2.tar.gz
628419bfbf5a7bd8fc513702446d5d7d 596710 admin extra fai_2.8.2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCe5vI3BPlTqubZv0RAp+aAKDc+Rq/fF94MGw9F5IBXkJkAruScACeKmKN
+oGP4YL9+LNqOF0TjDf1YyE=
=wbTE
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
