Bug#644935: marked as done (must not use a fixed/predictable temporary file name)

Thu, 13 Oct 2011 06:18:03 -0700 

Your message dated Thu, 13 Oct 2011 12:02:36 +0000
with message-id <e1rejzg-0002d8...@franck.debian.org>
and subject line Bug#644935: fixed in minitube 1.5-2
has caused the Debian Bug report #644935,
regarding must not use a fixed/predictable temporary file name
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
644935: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644935
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: minitube
Version: 1.5-1
Severity: serious 

Playing "/tmp/minitube-pkern.mp4" 

This allows a hostile user to overwrite any file the user controls with YouTube
content.  Bad.  /tmp is world-writeable and must not be used with predictable
filenames.  Instead you need to employ secure temporary file creation.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (300, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-rc7-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages minitube depends on:
ii  dbus-x11                    1.4.16-1            
ii  gstreamer0.10-ffmpeg        0.10.12-3           
ii  gstreamer0.10-plugins-bad   0.10.22-3           
ii  gstreamer0.10-plugins-good  0.10.30-1           
ii  gstreamer0.10-x             0.10.35-1           
ii  libc6                       2.13-21             
ii  libgcc1                     1:4.6.1-4           
ii  libphonon4                  4:4.6.0really4.5.0-5
ii  libqt4-dbus                 4:4.7.3-5           
ii  libqt4-network              4:4.7.3-5           
ii  libqt4-xml                  4:4.7.3-5           
ii  libqtcore4                  4:4.7.3-5           
ii  libqtgui4                   4:4.7.3-5           
ii  libstdc++6                  4.6.1-4             
ii  phonon                      4:4.6.0really4.5.0-5
ii  phonon-backend-gstreamer    4:4.6.0really4.5.1-1

minitube recommends no packages.

minitube suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: minitube
Source-Version: 1.5-2

We believe that the bug you reported is fixed in the latest version of
minitube, which is due to be installed in the Debian FTP archive:

minitube_1.5-2.debian.tar.gz
  to main/m/minitube/minitube_1.5-2.debian.tar.gz
minitube_1.5-2.dsc
  to main/m/minitube/minitube_1.5-2.dsc
minitube_1.5-2_amd64.deb
  to main/m/minitube/minitube_1.5-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 644...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
der...@debian.org (supplier of updated minitube package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 12 Oct 2011 23:06:30 +0200
Source: minitube
Binary: minitube
Architecture: source amd64
Version: 1.5-2
Distribution: unstable
Urgency: low
Maintainer: Jakob Haufe <su...@sur5r.net>
Changed-By: der...@debian.org
Description: 
 minitube   - Native YouTube client
Closes: 644935
Changes: 
 minitube (1.5-2) unstable; urgency=low
 .
   * Do proper temporary file creation (Closes: #644935).
Checksums-Sha1: 
 75366c67991edbf0f9114a545d5cfe728d50f412 1687 minitube_1.5-2.dsc
 449ec22cbb06393d9fd923350a6943d093849801 5099 minitube_1.5-2.debian.tar.gz
 96cc87883d093eaf6b0ba05c087d0d46e9b7de79 618370 minitube_1.5-2_amd64.deb
Checksums-Sha256: 
 38f51f43b23b19956f0d030bfbef2553d5f8490f20f30357171464012bd7c8ce 1687 
minitube_1.5-2.dsc
 b53b7f5f83ae176708119ad39047741999391e749f13ef1aa2eaf0b0169461ae 5099 
minitube_1.5-2.debian.tar.gz
 a41bb6e3d8ae76c9177743db910b478a5b3eb307a71daa1324d9946d1b5ef950 618370 
minitube_1.5-2_amd64.deb
Files: 
 cf9b60a0bfc1873b5d2df51ec35f1db7 1687 video extra minitube_1.5-2.dsc
 0937ace1b978cc69c53ee5f2af3f0663 5099 video extra minitube_1.5-2.debian.tar.gz
 c25e7190b5fca15dba271a41722a40e4 618370 video extra minitube_1.5-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJOls73AAoJEGin9OG0lUUKWV8QAMgGFGpc751aXj/eAN350De2
DGuG7Ok9JgqWI3KVevlbN8N+fZljxene8x7MGBC+ZOT8MwiotoH4qE56PiMIkWuH
D8UqkeV3yuHU22nLm7QRvn37JCVwScVZU6dx3IvumzHIw0z7RI+1r/uypd5ao0Uq
NmlXuf5ULDU5DxrUZlVNQmRHnhthcchC6hOKx1p9ODh3XjUWAiG0Je+euYu7zuvM
IgqW7Fq6HTSNfCrgB2fJval/YVvsPtM3ccFNOudxMYSLzMsJv0fKg0JpXbnkymyH
+OP92W/DGNssWL13CeH+XsAD4f8NzdAqtYpcFyYShgfRSRM/Ce2Brb0ijAUEu5TO
Acs12WCVEStNWZgKo/O+E9BSMUU8TJpps99HslIHuQ8lzOpdFeWDGRtpNVO9b56n
4JTkKdWfkzc81cit1Rink12eTnZpmLwKLLnsH5z6ckqT5CRJsL+AgBlPTubbb56V
i9VgP6uZPgvIG2Zzq8IJ0cP5RcmdfQHvB4IV+hXzMwwbX4BgtrcUlIDw1m6S/OGP
cSCaH9cy6+rmzaHnZoi9vGCgG+jPcnI2K4+yp5y8ltIC2ZuTnfcHSdWzxmXyWfYV
IjnIuEHXXD/vi+wv0IyM8WR2kzTvcy24wVCtBIdCaFmJgyJJlO5zb7un8DFfqR4q
0SmItvww5X1apZnYilOZ
=NCkC
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to