Your message dated Mon, 03 Nov 2008 13:47:03 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#501959: fixed in chm2pdf 0.9.1-1.1 has caused the Debian Bug report #501959, regarding chm2pdf: Major security (temporary dirs) problems to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 501959: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: chm2pdf Version: 0.9-2 Severity: grave Justification: causes non-serious data loss There are several problems with this package: 1. chm2pdf creates /tmp/chm2pdf/{orig,work}/X directories. (Where X is file basename, foo for foo.chm). This makes script unusable for other users, i.e. userA runs chm2pdf which creates /tmp/chm2pdf with userA owner, userB has no chance to create files there 2. Malicious user could prepare directory structure which upon chm2pdf execution could cause serious data loss. from /usr/bin/chm2pdf: CHM2PDF_TEMP_WORK_DIR='/tmp/chm2pdf/work' CHM2PDF_TEMP_ORIG_DIR='/tmp/chm2pdf/orig' ... CHM2PDF_WORK_DIR = CHM2PDF_TEMP_WORK_DIR + os.sep + basename CHM2PDF_ORIG_DIR = CHM2PDF_TEMP_ORIG_DIR + os.sep + basename ... os.system('rm -r '+CHM2PDF_ORIG_DIR+'/*') os.system('rm -r '+CHM2PDF_WORK_DIR+'/*') . Malicious user could do e.g. malicious$ mkdir /tmp/chm2pdf/{orig,work} malicious$ cd /tmp/chm2pdf/orig malicious$ for f in `find /home/victim/ -iname \*.chm -print`; do > ln -s /home/victim/ `basename ${f%%.chm}` > done And ask user victim to convert any of his own .chm files. Thanks. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.27-rc7 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages chm2pdf depends on: ii htmldoc 1.8.27-3 HTML processor that generates inde ii libchm-bin 2:0.39-9 library for dealing with Microsoft ii python 2.5.2-2 An interactive high-level object-o ii python-chm 0.8.4-0.1+b1 Python binding for CHMLIB ii python-support 0.8.4 automated rebuilding support for P chm2pdf recommends no packages. chm2pdf suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: chm2pdf Source-Version: 0.9.1-1.1 We believe that the bug you reported is fixed in the latest version of chm2pdf, which is due to be installed in the Debian FTP archive: chm2pdf_0.9.1-1.1.diff.gz to pool/main/c/chm2pdf/chm2pdf_0.9.1-1.1.diff.gz chm2pdf_0.9.1-1.1.dsc to pool/main/c/chm2pdf/chm2pdf_0.9.1-1.1.dsc chm2pdf_0.9.1-1.1_all.deb to pool/main/c/chm2pdf/chm2pdf_0.9.1-1.1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raphael Geissert <[EMAIL PROTECTED]> (supplier of updated chm2pdf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 12 Oct 2008 17:54:24 -0500 Source: chm2pdf Binary: chm2pdf Architecture: source all Version: 0.9.1-1.1 Distribution: unstable Urgency: low Maintainer: Steve Stalcup <[EMAIL PROTECTED]> Changed-By: Raphael Geissert <[EMAIL PROTECTED]> Description: chm2pdf - A Python script that converts CHM files into PDF files Closes: 501959 502044 Changes: chm2pdf (0.9.1-1.1) unstable; urgency=low . * Non-maintainer upload. * debian/control, debian/rules: use quilt to manage patches * insecure_temp_dirs.diff (Closes: #501959): - Don't use static names to create temp dirs. - Commented out --dontextract from usage info, as it is not very useful now * bashisms.diff: fix bashism in chm2pdf (Closes: #502044). Checksums-Sha1: bc27be813d2c52de105ed7c46c80c3671cfbdc3b 1006 chm2pdf_0.9.1-1.1.dsc 3b5d20e12effb7a11a1984d865d95a64909a65f4 5488 chm2pdf_0.9.1-1.1.diff.gz a1e1d22538773cdd05b211160e045b5c1d4c849c 19540 chm2pdf_0.9.1-1.1_all.deb Checksums-Sha256: b92a2332fffc21dd015248d0e572426301efe3877b9f1c2c5bea0f9a615c58a0 1006 chm2pdf_0.9.1-1.1.dsc 6cc8e720ceebef98b167c0c8b3bcf6f9ec7a90fc5eab72146462ae09870453ad 5488 chm2pdf_0.9.1-1.1.diff.gz 1aa4c43f42cea1c2facf05555d4e3b1ec3b92477783a3c34e962684a4335864c 19540 chm2pdf_0.9.1-1.1_all.deb Files: a19c6124bfdd0190424e6c94a7d80159 1006 text extra chm2pdf_0.9.1-1.1.dsc f6804b55be429c16ffd14955f4c9366f 5488 text extra chm2pdf_0.9.1-1.1.diff.gz bccf8392547c9c9d1286675f9c12683e 19540 text extra chm2pdf_0.9.1-1.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkO/scACgkQHYflSXNkfP/pogCbBRYnC4tD0sHSZf/LdfPiaZYH PWsAoJlEhkWFXs2zv2SIkA4z3vCXvGiD =2Yeo -----END PGP SIGNATURE-----
--- End Message ---
