Your message dated Mon, 19 Sep 2005 13:20:18 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Verified as OK
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Sep 2005 06:28:38 +0000
>From [EMAIL PROTECTED] Sun Sep 18 23:28:38 2005
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EHF8n-0002tw-00; Sun, 18 Sep 2005 23:28:37 -0700
Received: from localhost.localdomain (unknown [195.227.105.180])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Martin Pitt (workstation)", Issuer "piware CA" (verified
OK))
by box79162.elkhouse.de (Postfix) with ESMTP id 7F57B1F9415
for <[EMAIL PROTECTED]>; Mon, 19 Sep 2005 08:28:06 +0200 (CEST)
Received: by localhost.localdomain (Postfix, from userid 1000)
id 4C37C13DA0; Mon, 19 Sep 2005 08:35:11 +0200 (CEST)
Date: Mon, 19 Sep 2005 08:35:11 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian BTS Submit <[EMAIL PROTECTED]>
Subject: ncompress: Insecure temporary file handling
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="EeQfGwPcQSOJBaQU"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--EeQfGwPcQSOJBaQU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: ncompress
Version: 4.2.4-15
Severity: grave
Tags: security
Hi!
There is a recent report about insecure temporary files in ncompress,
similar to the recent advisories about gzip:
http://www.zataz.net/adviso/ncompress-09052005.txt
Can you please check this? There is no CAN number yet. If this is a
real issue, you can ask [EMAIL PROTECTED] to get one.
Thanks!
Martin
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
--EeQfGwPcQSOJBaQU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDLlwfDecnbV4Fd/IRAj2hAJ9HM+YPkQOslJf1ZLFoX1en38lIwQCdE4NV
kEfdHJp/MMQL+BohpLbWnYk=
=HrSq
-----END PGP SIGNATURE-----
--EeQfGwPcQSOJBaQU--
---------------------------------------
Received: (at 329052-close) by bugs.debian.org; 19 Sep 2005 18:20:50 +0000
>From [EMAIL PROTECTED] Mon Sep 19 11:20:50 2005
Return-path: <[EMAIL PROTECTED]>
Received: from rwcrmhc12.comcast.net [204.127.198.43]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EHQG1-0004Ey-00; Mon, 19 Sep 2005 11:20:50 -0700
Received: from cedar-solutions.com ([67.190.241.233])
by comcast.net (rwcrmhc12) with ESMTP
id <20050919182018014000rfi8e>; Mon, 19 Sep 2005 18:20:18 +0000
Received: from pronovic by cedar-solutions.com with local (Exim 3.36 #1
(Debian))
id 1EHQFW-0001as-00
for <[EMAIL PROTECTED]>; Mon, 19 Sep 2005 13:20:18 -0500
Date: Mon, 19 Sep 2005 13:20:18 -0500
From: Kenneth Pronovici <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Verified as OK
Message-ID: <[EMAIL PROTECTED]>
Reply-To: Kenneth Pronovici <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="ep0oHQY+/Gbo/zt0"
Content-Disposition: inline
User-Agent: Mutt/1.4i
Sender: Kenneth Pronovici <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
--ep0oHQY+/Gbo/zt0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Debian's security team (in particular, Martin Schulze) has already
verified the package and confirmed that Debian is not vulnerable because
we do not expose the scripts.
Thanks again for the bug report.
KEN
--=20
Kenneth J. Pronovici <[EMAIL PROTECTED]>
--ep0oHQY+/Gbo/zt0
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDLwFi8On2ujzZUQQRAqvGAJ9+R5OE0TicP3XqxraR5U+wwXT14gCgxjOi
1I963L4KWRJFiUZpHq1zovo=
=+b6K
-----END PGP SIGNATURE-----
--ep0oHQY+/Gbo/zt0--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
