Your message dated Wed, 04 Jun 2008 16:32:06 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#484311: fixed in reportbug 3.41 has caused the Debian Bug report #484311, regarding reportbug adds os.curdir to sys.path to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 484311: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484311 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: reportbug Version: 3.31 Severity: grave Tags: security Justification: user security hole sys.path = [os.curdir, '/usr/share/reportbug'] + sys.path To "exploit": $ echo 'raise "FOO"' > token.py $ reportbug Traceback (most recent call last): File "/usr/bin/reportbug", line 39, in ? import optparse, re, os, pwd, time, locale, commands, checkversions File "/usr/lib/python2.4/optparse.py", line 73, in ? from gettext import gettext as _ File "/usr/lib/python2.4/gettext.py", line 49, in ? import locale, copy, os, re, struct, sys File "/usr/lib/python2.4/copy.py", line 65, in ? import inspect File "/usr/lib/python2.4/inspect.py", line 31, in ? import sys, os, types, string, re, dis, imp, tokenize, linecache File "/usr/lib/python2.4/tokenize.py", line 30, in ? from token import * File "./token.py", line 1, in ? raise "FOO" FOO -- Package-specific info: ** Environment settings: EDITOR="vim" EMAIL="Thomas Arendsen Hein <[EMAIL PROTECTED]>" ** /home/thomas/.reportbugrc: mutt email "[EMAIL PROTECTED]" realname "Thomas Arendsen Hein" -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.24.3-id1-k8-2 Locale: LANG=en_US, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages reportbug depends on: ii python 2.4.4-2 An interactive high-level object-o ii python-central 0.5.12 register and build utility for Pyt Versions of packages reportbug recommends: pn python-cjkcodecs | python-ico <none> (no description available) -- no debconf information -- [EMAIL PROTECTED] - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A Intevation GmbH, Osnabrueck - Register: Amtsgericht Osnabrueck, HR B 18998 Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
--- End Message ---
--- Begin Message ---Source: reportbug Source-Version: 3.41 We believe that the bug you reported is fixed in the latest version of reportbug, which is due to be installed in the Debian FTP archive: reportbug_3.41.dsc to pool/main/r/reportbug/reportbug_3.41.dsc reportbug_3.41.tar.gz to pool/main/r/reportbug/reportbug_3.41.tar.gz reportbug_3.41_all.deb to pool/main/r/reportbug/reportbug_3.41_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sandro Tosi <[EMAIL PROTECTED]> (supplier of updated reportbug package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 04 Jun 2008 18:07:23 +0200 Source: reportbug Binary: reportbug Architecture: source all Version: 3.41 Distribution: unstable Urgency: high Maintainer: Reportbug Maintainers <[EMAIL PROTECTED]> Changed-By: Sandro Tosi <[EMAIL PROTECTED]> Description: reportbug - reports bugs in the Debian distribution Closes: 484245 484311 Changes: reportbug (3.41) unstable; urgency=high . [ Sandro Tosi ] * Security bugfix release, hence urgency is set to high * querybts, reportbug_submit.py - os.curdir is not added to sys.path anymore, thanks to Thomas Arendsen Hein <[EMAIL PROTECTED]> for the report; Fixes: CVE-2008-2230; Closes: #484311 . [ Chris Lawrence ] * debian/control - Added self to Uploaders - Set Maintainer to new list on alioth. . [ Y Giridhar Appaji Nag ] * debianbts.py - Remove kde, ximian (and helixcode) and mandriva, they use bugzilla - Remove grml, they use roundup * --body-file doesn't allow preview of report, don't suggest using it with saved files. Thanks Shai Berger <[EMAIL PROTECTED]> for the bug report (Closes: #484245) * remove calls to sys.path.append('/usr/share/reportbug') from reportbug Checksums-Sha1: 9b4ad4e509620acc725bf19760ed36194a2720de 1174 reportbug_3.41.dsc 76e3a22e05258209aa7a104b9742ac70c876e758 172667 reportbug_3.41.tar.gz 95b495f14e36fb9c74ee51fc6b78636f80068202 155342 reportbug_3.41_all.deb Checksums-Sha256: ff10275b722545b23d6f4ec1af438d982fb2b9e4c8ffc3ff2d1303d04d18fea6 1174 reportbug_3.41.dsc 79c8ba196e732952f6b1124ce02e54271c265d1b7d19fcd7dff6e65798c96ea5 172667 reportbug_3.41.tar.gz d93976de5c6817715adf596920848dfd82070a96e02eab65eba08133d92ab872 155342 reportbug_3.41_all.deb Files: 993b549aaae186b33c7f2cf7176f34c0 1174 utils standard reportbug_3.41.dsc 4881aec921882b98fe2c878a4960d0b4 172667 utils standard reportbug_3.41.tar.gz 17e428b316b9debf00966c200be34c89 155342 utils standard reportbug_3.41_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkhGv3wACgkQAukwV0RN2VDrBQCdF24VjfV1R+inSqnY4YK/ScAN s8sAnj/5M70OjHTYzb2L6upNcGthvDpI =/2sB -----END PGP SIGNATURE-----
--- End Message ---
