Bug#547390: marked as done (libfwbuilder8: Security issue with temporary file handling)

Debian Bug Tracking System Sun, 20 Sep 2009 05:14:45 -0700

Your message dated Sun, 20 Sep 2009 12:02:18 +0000
with message-id <e1mpl7s-0001yd...@ries.debian.org>
and subject line Bug#547390: fixed in fwbuilder 3.0.7-1
has caused the Debian Bug report #547390,
regarding libfwbuilder8: Security issue with temporary file handling
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
547390: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547390
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libfwbuilder8
Version: 3.0.5-1
Severity: grave
Tags: security
Justification: user security hole

Upstream says:
This release [3.0.7] fixes security issue with temporary file handling
in the generated iptables script that affects only Linux systems where
Firewall Builder is used to generate static routing configuration. 
The problem was introduced in v3.0.4 and is now fixed. 

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (600, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-1-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libfwbuilder8 depends on:
ii  libc6                  2.9-25            GNU C Library: Shared
libraries
ii  libgcc1                1:4.4.1-1         GCC support library
ii  libsnmp15              5.4.1~dfsg-12     SNMP (Simple Network
Management Pr
ii  libstdc++6             4.4.1-1           The GNU Standard C++
Library v3
ii  libxml2                2.7.4.dfsg-2      GNOME XML library
ii  libxslt1.1             1.1.24-2          XSLT processing library -
runtime 
ii  zlib1g                 1:1.2.3.3.dfsg-15 compression library -
runtime

libfwbuilder8 recommends no packages.

libfwbuilder8 suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: fwbuilder
Source-Version: 3.0.7-1

We believe that the bug you reported is fixed in the latest version of
fwbuilder, which is due to be installed in the Debian FTP archive:

fwbuilder-common_3.0.7-1_all.deb
  to pool/main/f/fwbuilder/fwbuilder-common_3.0.7-1_all.deb
fwbuilder-dbg_3.0.7-1_i386.deb
  to pool/main/f/fwbuilder/fwbuilder-dbg_3.0.7-1_i386.deb
fwbuilder-doc_3.0.7-1_all.deb
  to pool/main/f/fwbuilder/fwbuilder-doc_3.0.7-1_all.deb
fwbuilder_3.0.7-1.diff.gz
  to pool/main/f/fwbuilder/fwbuilder_3.0.7-1.diff.gz
fwbuilder_3.0.7-1.dsc
  to pool/main/f/fwbuilder/fwbuilder_3.0.7-1.dsc
fwbuilder_3.0.7-1_i386.deb
  to pool/main/f/fwbuilder/fwbuilder_3.0.7-1_i386.deb
fwbuilder_3.0.7.orig.tar.gz
  to pool/main/f/fwbuilder/fwbuilder_3.0.7.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 547...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sylvestre Ledru <sylves...@debian.org> (supplier of updated fwbuilder package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 19 Sep 2009 02:12:41 +0200
Source: fwbuilder
Binary: fwbuilder fwbuilder-common fwbuilder-doc fwbuilder-dbg
Architecture: source all i386
Version: 3.0.7-1
Distribution: unstable
Urgency: high
Maintainer: Sylvestre Ledru <sylves...@debian.org>
Changed-By: Sylvestre Ledru <sylves...@debian.org>
Description: 
 fwbuilder  - Firewall administration tool GUI
 fwbuilder-common - Firewall administration tool GUI (common files)
 fwbuilder-dbg - Firewall administration tool GUI (debugging symbols)
 fwbuilder-doc - Firewall administration tool GUI documentation
Closes: 547390
Changes: 
 fwbuilder (3.0.7-1) unstable; urgency=high
 .
   * New upstream version
   * This new version fixes a security issue described in the bug report.
     This problem is likely to be in the package libfwbuilder but since both
     packages are tightly connected, need to upload also fwbuilder
     (Closes: #547390)
   * fwbuilder-dbg moved to Section: debug
Checksums-Sha1: 
 72b2bf197e972a40da615c9c73d5ad64299709a6 1346 fwbuilder_3.0.7-1.dsc
 c08411bcf5b686ef86e1da6f0954d8685bf49d61 2486382 fwbuilder_3.0.7.orig.tar.gz
 65099a5f3fe146fb90619ac276e7463a4a93dad3 8886 fwbuilder_3.0.7-1.diff.gz
 bedcde87b0cd430fb1cfae22b7cbff0a988087e8 290982 
fwbuilder-common_3.0.7-1_all.deb
 2398af4fb34611fd96b5e78bff76cfea7267d936 168834 fwbuilder-doc_3.0.7-1_all.deb
 332a22b096d2a1f31e90d21b8f2b5ec7613331ba 3002292 fwbuilder_3.0.7-1_i386.deb
 5222d9a8b8eb56dbe5e980b3e5a2f51e2269b4e0 18088812 
fwbuilder-dbg_3.0.7-1_i386.deb
Checksums-Sha256: 
 5360d3874647d989ff17c30f3686e8e1503a1d813baed5ec1ebd44d8eb49da17 1346 
fwbuilder_3.0.7-1.dsc
 bb827f54a77c0f8a9b471200eda3801c9ff3f2a576647ca6a576e546e20ac254 2486382 
fwbuilder_3.0.7.orig.tar.gz
 b96fed43343c9bbe3db9d7f3d3ca4a2a79ae39a4ef3bd77fa4032c695a245bb8 8886 
fwbuilder_3.0.7-1.diff.gz
 03432a0ae55c7da785d8e58b69c4addd85cac49f538df131017412bd85573c62 290982 
fwbuilder-common_3.0.7-1_all.deb
 ab324bf3f91184a2256db0278486ef7ab296100ff3be02afdbbb2035976629d8 168834 
fwbuilder-doc_3.0.7-1_all.deb
 f29d7d2f02c18c05d86e9cd8a19596bea4ba8a84e7835b7475c3a1225803de76 3002292 
fwbuilder_3.0.7-1_i386.deb
 d4ec04f2bca9e637a18e9d76929049e25791bd7fa6733ab5466dcf4a38cf61b7 18088812 
fwbuilder-dbg_3.0.7-1_i386.deb
Files: 
 4cdfd5d80dd5849f9c8fadce4bc69f4c 1346 net optional fwbuilder_3.0.7-1.dsc
 03ae055da1aea1c8a09b8ce51fbf8d7d 2486382 net optional 
fwbuilder_3.0.7.orig.tar.gz
 caf595a8d68e6f4da33367c1817026f1 8886 net optional fwbuilder_3.0.7-1.diff.gz
 9ac60015c881129184e0587884b20447 290982 net optional 
fwbuilder-common_3.0.7-1_all.deb
 93fe4e611d9a4e017a2c030862290521 168834 doc optional 
fwbuilder-doc_3.0.7-1_all.deb
 0a12684402a96b01484d2cff2eb7cc04 3002292 net optional 
fwbuilder_3.0.7-1_i386.deb
 147d24d2f1fe044eddd90925340eb8fc 18088812 debug extra 
fwbuilder-dbg_3.0.7-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkq0wSUACgkQiOXXM92JlhD9QACfRAsloR1J/8fDFTKkNL+gQLgi
Oz8AoL+j4bJX+dwJurazcnUvKnIV87oc
=hktz
-----END PGP SIGNATURE-----

--- End Message ---

Bug#547390: marked as done (libfwbuilder8: Security issue with temporary file handling)

Reply via email to