Your message dated Sun, 25 May 2008 18:47:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#482853: fixed in cbrpager 0.9.17-1
has caused the Debian Bug report #482853,
regarding cbrpager: command execution flaw via malicious file names
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
482853: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482853
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: cbrpager
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
cbrpager is affected by a command execution flaw via malicious file
names in a similar was as comix was affected(0).
A CVE id for this issue has been requested.
For more information see the redhat bugreport(1).
The upstream patch can be found here(2).
Cheers
Steffen
(0): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840
(1): https://bugzilla.redhat.com/show_bug.cgi?id=448285
(2):
http://cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-filen-shell-escaping.patch?rev=1.2
--- End Message ---
--- Begin Message ---
Source: cbrpager
Source-Version: 0.9.17-1
We believe that the bug you reported is fixed in the latest version of
cbrpager, which is due to be installed in the Debian FTP archive:
cbrpager_0.9.17-1.diff.gz
to pool/main/c/cbrpager/cbrpager_0.9.17-1.diff.gz
cbrpager_0.9.17-1.dsc
to pool/main/c/cbrpager/cbrpager_0.9.17-1.dsc
cbrpager_0.9.17-1_i386.deb
to pool/main/c/cbrpager/cbrpager_0.9.17-1_i386.deb
cbrpager_0.9.17.orig.tar.gz
to pool/main/c/cbrpager/cbrpager_0.9.17.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roberto Lumbreras <[EMAIL PROTECTED]> (supplier of updated cbrpager package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 25 May 2008 19:57:12 +0200
Source: cbrpager
Binary: cbrpager
Architecture: source i386
Version: 0.9.17-1
Distribution: unstable
Urgency: high
Maintainer: Roberto Lumbreras <[EMAIL PROTECTED]>
Changed-By: Roberto Lumbreras <[EMAIL PROTECTED]>
Description:
cbrpager - viewer for CBR and CBZ (comic book archive) files
Closes: 482853
Changes:
cbrpager (0.9.17-1) unstable; urgency=high
.
* New upstream version. (Closes: #482853)
Checksums-Sha1:
261511e91dc676785d1366a98dbd2462c65aa2c1 998 cbrpager_0.9.17-1.dsc
2584f9bc5c1d1affbc87e312e2fce54b879871b9 156164 cbrpager_0.9.17.orig.tar.gz
c2608f5df72fdb23c1e0628be960fb2ddbc181d0 1630 cbrpager_0.9.17-1.diff.gz
c583f53e1f382d2141c9487f02d65651d9d6c75d 34466 cbrpager_0.9.17-1_i386.deb
Checksums-Sha256:
1649c1721566e8c8e815450a46eda69c32ed8fe3711bd10e17e6a9903fe5834c 998
cbrpager_0.9.17-1.dsc
be8f819847ae7523821d8cc150f6a1204f5ab7773854ad993ce1dab1783e1091 156164
cbrpager_0.9.17.orig.tar.gz
7664754486e2fd9200d2a1fc16163b41fdb041ca544ab98b482618c0d3a05364 1630
cbrpager_0.9.17-1.diff.gz
4a22335d959b0b93d90e51f309dd6033c5df4d6f1df0822b3fe0befae94550e6 34466
cbrpager_0.9.17-1_i386.deb
Files:
ddf5e4bf8fb65d1a387a45e48f294b4c 998 graphics extra cbrpager_0.9.17-1.dsc
64c055144297b7162708ce3f0353c3e1 156164 graphics extra
cbrpager_0.9.17.orig.tar.gz
5cdf3ae51d3eb2f303b87c9c59438b56 1630 graphics extra cbrpager_0.9.17-1.diff.gz
45cd995c0d290cc072f13edb3eb4ac31 34466 graphics extra
cbrpager_0.9.17-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIObFEfIEQE/XJcI0RAl/BAKCZspcbQjhZlKyIL4et8ppA4loH0QCgkWXo
rgU7tDibOK3jfpUw5C2zfBA=
=B8KE
-----END PGP SIGNATURE-----
--- End Message ---
