Bug#495785: marked as done (attal has rpath to insecure location (.:/usr/lib/attal))

Sat, 23 Aug 2008 11:35:16 -0700 

Your message dated Sat, 23 Aug 2008 18:02:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#495785: fixed in attal 1.0~rc1+cvs20080318-2.1
has caused the Debian Bug report #495785,
regarding attal has rpath to insecure location (.:/usr/lib/attal)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
495785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495785
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: attal
Version: 1.0~rc1+cvs20080318-2
Severity: serious
Tags: security

Hello Debian Games Team,
attal includes a binary /usr/games/attal-theme-editor with a rpath
pointing to .:/usr/lib/attal.

chrpath /usr/games/*
/usr/games/attal-ai: RPATH=.:/usr/lib/attal
/usr/games/attal-campaign-editor: RPATH=.:/usr/lib/attal
/usr/games/attal-client: RPATH=.:/usr/lib/attal
/usr/games/attal-scenario-editor: RPATH=.:/usr/lib/attal
/usr/games/attal-server: RPATH=.:/usr/lib/attal
/usr/games/attal-theme-editor: RPATH=.:/usr/lib/attal

This allows an attacker with write access to the current working directory 
where attal is launched to add modified libraries which will be loaded
when someone else run attal.

Cheers,
-- 
Bill. <[EMAIL PROTECTED]>

Imagine a large red swirl here.

--- End Message ---
--- Begin Message --- 
Source: attal
Source-Version: 1.0~rc1+cvs20080318-2.1

We believe that the bug you reported is fixed in the latest version of
attal, which is due to be installed in the Debian FTP archive:

attal_1.0~rc1+cvs20080318-2.1.diff.gz
  to pool/main/a/attal/attal_1.0~rc1+cvs20080318-2.1.diff.gz
attal_1.0~rc1+cvs20080318-2.1.dsc
  to pool/main/a/attal/attal_1.0~rc1+cvs20080318-2.1.dsc
attal_1.0~rc1+cvs20080318-2.1_i386.deb
  to pool/main/a/attal/attal_1.0~rc1+cvs20080318-2.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve M. Robbins <[EMAIL PROTECTED]> (supplier of updated attal package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 23 Aug 2008 11:38:50 -0500
Source: attal
Binary: attal
Architecture: source i386
Version: 1.0~rc1+cvs20080318-2.1
Distribution: unstable
Urgency: low
Maintainer: Debian Games Team <[EMAIL PROTECTED]>
Changed-By: Steve M. Robbins <[EMAIL PROTECTED]>
Description: 
 attal      - turn-based strategy game
Closes: 495785
Changes: 
 attal (1.0~rc1+cvs20080318-2.1) unstable; urgency=low
 .
   * NMU.  Remove "." from rpath list by substituting new version of
     05_rpath.diff (thanks, Peter Green) attached to bug report (Closes:
     #495785).
Checksums-Sha1: 
 25686c8d99641b27360578e578a522a926093e9c 1346 attal_1.0~rc1+cvs20080318-2.1.dsc
 4dfd4dd92b165697fda2b87c01a23b93cd56d55e 7473 
attal_1.0~rc1+cvs20080318-2.1.diff.gz
 11e584ed28541198e601285405cea33ce74a9fdd 1136094 
attal_1.0~rc1+cvs20080318-2.1_i386.deb
Checksums-Sha256: 
 21cd0d9f64441358439a12fb09f2a5dd8142c072f6f98571a14219da24ad00d4 1346 
attal_1.0~rc1+cvs20080318-2.1.dsc
 e7a492492c62b11604058154a1f35266d01d2424d136d05f26c9d565133666d7 7473 
attal_1.0~rc1+cvs20080318-2.1.diff.gz
 ebb3f1d8b8fad0eb290369629bf1e2039c6689f40b579960406c39c7c35491ca 1136094 
attal_1.0~rc1+cvs20080318-2.1_i386.deb
Files: 
 8c36d077484a5a440e8138d8d0a4689b 1346 games optional 
attal_1.0~rc1+cvs20080318-2.1.dsc
 b0285154771cd55bb9063a98c95ebbc1 7473 games optional 
attal_1.0~rc1+cvs20080318-2.1.diff.gz
 e54b7f7af71cc6d1d6eb230af1cce981 1136094 games optional 
attal_1.0~rc1+cvs20080318-2.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIsEmh0i2bPSHbMcURAmKEAJwK5UoP08aN7eoNlDutrV+D4BJPVACfXlPD
nCgNpDdJbg/21tLikeqHlrw=
=yqJ6
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to