Your message dated Mon, 08 Aug 2005 08:47:22 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#309594: fixed in zoo 2.10-14
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 18 May 2005 08:05:17 +0000
>From [EMAIL PROTECTED] Wed May 18 01:05:17 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.gmx.net [213.165.64.20]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1DYJYL-0000Me-00; Wed, 18 May 2005 01:05:17 -0700
Received: (qmail 16397 invoked by uid 0); 18 May 2005 08:04:45 -0000
Received: from 85.72.100.142 by www15.gmx.net with HTTP;
Wed, 18 May 2005 10:04:45 +0200 (MEST)
Date: Wed, 18 May 2005 10:04:45 +0200 (MEST)
From: "Thomas Schoepf" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
MIME-Version: 1.0
Subject: zoo: directory traversal security bug
X-Priority: 3 (Normal)
X-Authenticated: #22358675
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: WWW-Mail 1.6 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: zoo
Version: 2.10-12
Severity: important
Tags: security
zoo suffers from a directory traversal bug. When unpacking
.zoo archives, there's no check for "../.." constructs in the file names,
which makes it possible to unpack to arbitrary locations in the file system.
unzoo was affected, too. Please see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306164 for more
information.
Thomas
--
Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
---------------------------------------
Received: (at 309594-close) by bugs.debian.org; 8 Aug 2005 15:49:05 +0000
>From [EMAIL PROTECTED] Mon Aug 08 08:49:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1E29qU-0004zs-00; Mon, 08 Aug 2005 08:47:22 -0700
From: Jose Carlos Medeiros <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#309594: fixed in zoo 2.10-14
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 08 Aug 2005 08:47:22 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: zoo
Source-Version: 2.10-14
We believe that the bug you reported is fixed in the latest version of
zoo, which is due to be installed in the Debian FTP archive:
zoo_2.10-14.diff.gz
to pool/main/z/zoo/zoo_2.10-14.diff.gz
zoo_2.10-14.dsc
to pool/main/z/zoo/zoo_2.10-14.dsc
zoo_2.10-14_i386.deb
to pool/main/z/zoo/zoo_2.10-14_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jose Carlos Medeiros <[EMAIL PROTECTED]> (supplier of updated zoo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 22 Jul 2005 12:59:07 -0300
Source: zoo
Binary: zoo
Architecture: source i386
Version: 2.10-14
Distribution: unstable
Urgency: low
Maintainer: Jose Carlos Medeiros <[EMAIL PROTECTED]>
Changed-By: Jose Carlos Medeiros <[EMAIL PROTECTED]>
Description:
zoo - manipulate zoo archives
Closes: 309594
Changes:
zoo (2.10-14) unstable; urgency=low
.
* Changed call from "mktemp" to "mkstemp" in zoopack.c file.
* Added debian/patches/00options, debian/patches/00list and
debian/patches/00template files.
* Updated rules and control to use dpatch.
* Added 01_old_fixes.dpatch file with old changes.
* Added 02_traversal_directory.dpatch to solve problem with "directory
traversal security bug - CVE id CAN-2005-2349". Thanks to
Jorge Ventura <[EMAIL PROTECTED]> (closes: #309594)
* Changed upstream source link in copyright file.
Files:
cc6236fa2ea18067db3ae33b9b9bcd1e 556 utils optional zoo_2.10-14.dsc
e0385bad03848c7d9992d1d4f1be07d2 10703 utils optional zoo_2.10-14.diff.gz
6b6a77c0b2160fa3115e04689e3f42ab 60570 utils optional zoo_2.10-14_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC9eUkGKGxzw/lPdkRAqzWAJ9+ShHsmZtakMXbmVD7nR7UPxKcvACbBHM5
xVNmmNSDsNTAoXtqLurMcJQ=
=rlQu
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
