Your message dated Fri, 15 Feb 2008 19:52:33 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#463907: fixed in wml 2.0.11-1etch1 has caused the Debian Bug report #463907, regarding Creates tempfiles in a unsafe way to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 463907: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: wml Version: 2.0.11-1 Severity: serious Tags: security The following code in wml_backend/p1_ipp/ipp.src is obviously unsafe (and actually causing practical problems during the Debian website build): $tmpdir = $ENV{'TMPDIR'} || '/tmp'; $tmpfile = $tmpdir . "/ipp.$$.tmp"; unlink($tmpfile); $tmp = new IO::File; $tmp->open(">$tmpfile") || error("cannot write into $tmpfile: $!"); Sadly enough this was fixed by the former maintainer for sarge but apparently got lost when the new upstream was packaged for etch. See the following code in sarge's version: my $tmpldir = ($ENV{'TMPDIR'} || '/tmp') . '/ipp.XXXXXX'; $tmpdir = mkdtemp($tmpldir) or die "Unable to create temporary directory: $!\n"; $tmpfile = $tmpdir . "/ipp.$$.tmp"; unlink($tmpfile); $tmp = new IO::File; $tmp->open(">$tmpfile") || error("cannot write into $tmpfile: $!"); You could probably just use that again. Gruesse, Frank Lichtenheld -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (900, 'unstable'), (900, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.23-1-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages wml depends on: ii eperl 2.2.14-15 Embedded Perl 5 Language ii iselect 1.3.1-3 An interactive line selection tool ii libbit-vector-perl 6.4-7 Perl and C library for bit vectors ii libc6 2.7-6 GNU C Library: Shared libraries ii libimage-size-perl 3.1-3 determine the size of images in se ii libpng12-0 1.2.15~beta5-3 PNG library - runtime ii libterm-readkey-perl 2.30-3 A perl module for simple terminal ii m4 1.4.10-1 a macro processing language ii mp4h 1.3.1-4 Macro processor for HTML documents ii perl 5.8.8-12 Larry Wall's Practical Extraction ii perl-base [perlapi-5.8.8] 5.8.8-12 The Pathologically Eclectic Rubbis ii slice 1.3.8-9 Extract out pre-defined slices of Versions of packages wml recommends: ii libhtml-clean-perl 0.8-10 Cleans up HTML code for web browse ii linklint 2.3.5-5 A fast link checker and web site m ii tidy 20080116cvs-2 HTML syntax checker and reformatte ii txt2html 2.50-2 Text to HTML converter -- no debconf information
--- End Message ---
--- Begin Message ---Source: wml Source-Version: 2.0.11-1etch1 We believe that the bug you reported is fixed in the latest version of wml, which is due to be installed in the Debian FTP archive: wml_2.0.11-1etch1.diff.gz to pool/main/w/wml/wml_2.0.11-1etch1.diff.gz wml_2.0.11-1etch1.dsc to pool/main/w/wml/wml_2.0.11-1etch1.dsc wml_2.0.11-1etch1_i386.deb to pool/main/w/wml/wml_2.0.11-1etch1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frank Lichtenheld <[EMAIL PROTECTED]> (supplier of updated wml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 08 Feb 2008 23:11:21 +0100 Source: wml Binary: wml Architecture: source i386 Version: 2.0.11-1etch1 Distribution: stable-security Urgency: high Maintainer: Frank Lichtenheld <[EMAIL PROTECTED]> Changed-By: Frank Lichtenheld <[EMAIL PROTECTED]> Description: wml - off-line HTML generation toolkit Closes: 463907 Changes: wml (2.0.11-1etch1) stable-security; urgency=high . * Non-maintainer upload by security team. * CVE-2008-0665, CVE-2008-0666: Fix insecure temporary file creations in eperl and ipp backends and a similar issue in the wmg.cgi contrib file leading to possible symlink attacks. If you already use wmg.cgi please update your copy (Closes: #463907). Patch by Nico Golde and Frank Lichtenheld. * Add libpng-dev to build-depends since apparently it was previously compiled against it. Files: 3c12d2b00552d3db815957c01c73b2cf 656 web optional wml_2.0.11-1etch1.dsc 3242a88ced8598120cf6aba2bf9f69c4 24577 web optional wml_2.0.11-1etch1.diff.gz be10fe25928ce83aadf119d98eb5cd43 451672 web optional wml_2.0.11-1etch1_i386.deb a26feebf4e59e9a6940f54c69dde05b5 3115230 web optional wml_2.0.11.orig.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHrOyoXm3vHE4uyloRAvQ8AKDnPciCI2DenvjBYj6/LKI+FdovdgCfe4/9 szTGceCOPTAd1rzn6M9VE1E= =lOZi -----END PGP SIGNATURE-----
--- End Message ---
