Your message dated Thu, 10 Dec 2009 10:27:35 +0000
with message-id <e1nigfd-00017y...@ries.debian.org>
and subject line Bug#560239: fixed in slang2 2.2.2-2
has caused the Debian Bug report #560239,
regarding libslang2-dev: Broken .so symlink…
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
560239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560239
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libslang2-dev
Version: 2.2.2-1
Severity: grave
Tags: security
Justification: renders package unusable
Hi,
why wondering why the .a was being used for a build of mine, I noticed
that there was indeed a .so for your package, but that the .so was a
broken symlink…
| cy...@talisker:~$ readlink -f /usr/lib/libslang.so && ls -l /lib/libslang.so*
| /lib/libslang.so.2.2.1
| lrwxrwxrwx 1 root root 17 Dec 9 03:45 /lib/libslang.so.2 ->
libslang.so.2.2.2
| -rw-r--r-- 1 root root 1069720 Dec 6 12:45 /lib/libslang.so.2.2.2
Setting severity to grave, a broken .so in a -dev package leads to a
near-to-useless package.
I guess it could be even worse and result in the .a getting embedded in
other packages, meaning that if slang2 has to receive security-related
fixes, packages statically built against it would still be vulnerable.
Tagging security accordingly, so that it gets some attention from
security folks. (Wild guess: checking packages BD'ing on it uploaded
since the .so symlink got broken should help get a list of candidates.)
Mraw,
KiBi.
--- End Message ---
--- Begin Message ---
Source: slang2
Source-Version: 2.2.2-2
We believe that the bug you reported is fixed in the latest version of
slang2, which is due to be installed in the Debian FTP archive:
libslang2-dev_2.2.2-2_i386.deb
to main/s/slang2/libslang2-dev_2.2.2-2_i386.deb
libslang2-modules_2.2.2-2_i386.deb
to main/s/slang2/libslang2-modules_2.2.2-2_i386.deb
libslang2-pic_2.2.2-2_i386.deb
to main/s/slang2/libslang2-pic_2.2.2-2_i386.deb
libslang2-udeb_2.2.2-2_i386.udeb
to main/s/slang2/libslang2-udeb_2.2.2-2_i386.udeb
libslang2_2.2.2-2_i386.deb
to main/s/slang2/libslang2_2.2.2-2_i386.deb
slang2_2.2.2-2.debian.tar.gz
to main/s/slang2/slang2_2.2.2-2.debian.tar.gz
slang2_2.2.2-2.dsc
to main/s/slang2/slang2_2.2.2-2.dsc
slsh_2.2.2-2_i386.deb
to main/s/slang2/slsh_2.2.2-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 560...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alastair McKinstry <mckins...@debian.org> (supplier of updated slang2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 10 Dec 2009 06:05:36 +0000
Source: slang2
Binary: libslang2-dev libslang2 libslang2-pic libslang2-udeb slsh
libslang2-modules
Architecture: source i386
Version: 2.2.2-2
Distribution: unstable
Urgency: low
Maintainer: Alastair McKinstry <mckins...@debian.org>
Changed-By: Alastair McKinstry <mckins...@debian.org>
Description:
libslang2 - The S-Lang programming library - runtime version
libslang2-dev - The S-Lang programming library, development version
libslang2-modules - Shared modules for S-Lang language
libslang2-pic - The S-Lang programming library, shared library subset kit
libslang2-udeb - S-Lang library for Debian Installer (udeb)
slsh - Interpreter for S-Lang language
Closes: 560068 560239
Changes:
slang2 (2.2.2-2) unstable; urgency=low
.
* Patch thanks to Cyril Brulebois to fix broken .so symlink.
Closes: #560239, #560068.
Checksums-Sha1:
f5be67c762847f4090334e9571acb304d549dc34 1157 slang2_2.2.2-2.dsc
2ec996fc4ddc97916e4b843780035a20f97b2260 17712 slang2_2.2.2-2.debian.tar.gz
2348ec5a7cba52b5ad35b819fa00b66fd903e8ac 530482 libslang2-dev_2.2.2-2_i386.deb
18720fc6b95c2dbf14402c5b7c03a4d85b504c99 504782 libslang2_2.2.2-2_i386.deb
6b0ad9c6f777fcc76e93495df95119658e226c33 468208 libslang2-pic_2.2.2-2_i386.deb
29bbae8e538c437754854f979b8cc02de2ef1071 296104
libslang2-udeb_2.2.2-2_i386.udeb
10d7e126c3a843e84f6f7fda98f4674f5b197ab8 162934 slsh_2.2.2-2_i386.deb
05a46d00ad25d3730d5321eb3816b3f9da00b698 117672
libslang2-modules_2.2.2-2_i386.deb
Checksums-Sha256:
b0686b2f8e31aca4154d354bd6055951a115863a5b302bec989acbf3c46a9d81 1157
slang2_2.2.2-2.dsc
db767d157abce50d32d4f5f85c2cc74c589821acc949c3dec575d8e46a6824be 17712
slang2_2.2.2-2.debian.tar.gz
c6008691123d9d0373d21b18267a46dcb259fa015b973d05674ba92ecfddbb4c 530482
libslang2-dev_2.2.2-2_i386.deb
36c11d06058c67f094bfbeb08c02d9b30cae26c1f4d397945f7249cf501601ba 504782
libslang2_2.2.2-2_i386.deb
76d0166b729fd44588d84ed3090c1a521e87c2446e6bea6c2532c1d30e93581f 468208
libslang2-pic_2.2.2-2_i386.deb
2baddf58524312db40d74d2e87860362fd040bb682759a925e84c5e1967b8262 296104
libslang2-udeb_2.2.2-2_i386.udeb
f8d6e169971d6c5d16d89195685e87ba96ac28fbfc9f4326a6b0fc1c9b2f005e 162934
slsh_2.2.2-2_i386.deb
0eef9ac0e10373d332c389ba3fb8ab3b164874bb5b7e7f5fda93d5120b0689d9 117672
libslang2-modules_2.2.2-2_i386.deb
Files:
3fa46eaf8c3362f75490fac1a6220344 1157 devel optional slang2_2.2.2-2.dsc
de95be63634209f2ff1be8380733bc3b 17712 devel optional
slang2_2.2.2-2.debian.tar.gz
271e5132722a9abe121a987db85960c9 530482 libdevel optional
libslang2-dev_2.2.2-2_i386.deb
8e78d6895d76364fb4bf25e7369e3a45 504782 libs required
libslang2_2.2.2-2_i386.deb
4de9cb51f06784898ddfbed9ba1c8fda 468208 libdevel optional
libslang2-pic_2.2.2-2_i386.deb
50eaf74129a5e0731e8e6f115d8d69da 296104 debian-installer extra
libslang2-udeb_2.2.2-2_i386.udeb
0b77bd538ce1ab624995db660a5b9389 162934 interpreters optional
slsh_2.2.2-2_i386.deb
1e1574457f72c66c23e7fd84dad43918 117672 libs optional
libslang2-modules_2.2.2-2_i386.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFLILMQQTK/kCo4XFcRAp6bAJwL5nOBVN63S+hdSY0XiP8kHvr2NQCeLTeY
HiRpXwrJMnJnJ7857Du7s6s=
=9I+4
-----END PGP SIGNATURE-----
--- End Message ---
