Your message dated Sun, 09 Oct 2005 01:32:05 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#332535: fixed in finger-ldap 1.3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 6 Oct 2005 23:58:05 +0000
>From [EMAIL PROTECTED] Thu Oct 06 16:58:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtp102.rog.mail.re2.yahoo.com [206.190.36.80]
by spohr.debian.org with smtp (Exim 3.36 1 (Debian))
id 1ENfcj-0004Qk-00; Thu, 06 Oct 2005 16:58:05 -0700
Received: (qmail 32369 invoked from network); 6 Oct 2005 23:44:44 -0000
Received: from unknown (HELO alps.law.yi.org) ([EMAIL PROTECTED]@69.199.104.166
with login)
by smtp102.rog.mail.re2.yahoo.com with SMTP; 6 Oct 2005 23:44:44 -0000
Received: from sfllaw by alps.law.yi.org with local (Exim 3.36 #1 (Debian))
id 1ENfPZ-0002Hd-00
for <[EMAIL PROTECTED]>; Thu, 06 Oct 2005 19:44:29 -0400
Date: Thu, 6 Oct 2005 19:44:28 -0400
From: Simon Law <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: finger-ldap: Does not untaint ENV
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.8
User-Agent: Mutt/1.5.9i
Sender: Simon Law <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: finger-ldap
Severity: grave
Justification: user security hole
finger-ldap uses system () but does not untaint ENV. Either do one, or
the other.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (400, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.18-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
--
Simon Law http://www.law.yi.org/~sfllaw/
---------------------------------------
Received: (at 332535-close) by bugs.debian.org; 9 Oct 2005 08:38:44 +0000
>From [EMAIL PROTECTED] Sun Oct 09 01:38:44 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EOWbF-0007Jk-00; Sun, 09 Oct 2005 01:32:05 -0700
From: Simon Law <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#332535: fixed in finger-ldap 1.3-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 09 Oct 2005 01:32:05 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: finger-ldap
Source-Version: 1.3-1
We believe that the bug you reported is fixed in the latest version of
finger-ldap, which is due to be installed in the Debian FTP archive:
finger-ldap_1.3-1.diff.gz
to pool/main/f/finger-ldap/finger-ldap_1.3-1.diff.gz
finger-ldap_1.3-1.dsc
to pool/main/f/finger-ldap/finger-ldap_1.3-1.dsc
finger-ldap_1.3-1_all.deb
to pool/main/f/finger-ldap/finger-ldap_1.3-1_all.deb
finger-ldap_1.3.orig.tar.gz
to pool/main/f/finger-ldap/finger-ldap_1.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Law <[EMAIL PROTECTED]> (supplier of updated finger-ldap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 9 Oct 2005 04:17:39 -0400
Source: finger-ldap
Binary: finger-ldap
Architecture: source all
Version: 1.3-1
Distribution: unstable
Urgency: low
Maintainer: Simon Law <[EMAIL PROTECTED]>
Changed-By: Simon Law <[EMAIL PROTECTED]>
Description:
finger-ldap - Finger for machines that authenticate against LDAP
Closes: 332217 332535
Changes:
finger-ldap (1.3-1) unstable; urgency=low
.
* New upstream release
- Fails to the next server, if multiple servers are specified.
(Closes: Bug#332217)
- Properly untaint the environment, so Perl doesn't abort.
(Closes: Bug#332535)
Files:
edd7e28043a457f4d8fc12f4e4833b41 566 net extra finger-ldap_1.3-1.dsc
ddaa071dbe206f261a2d5e49b251db27 13186 net extra finger-ldap_1.3.orig.tar.gz
acfc8064cbc4d23678a85696cb668e38 3111 net extra finger-ldap_1.3-1.diff.gz
d959593dfd2458434ec6862111834d43 8198 net extra finger-ldap_1.3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDSNQjLiz2e3eWpgsRAuw8AJ9/P6cwjwAaD0sf8d9XkznaI0jJKQCfTwu5
hwxet6d+6TrV8RPAudMqiWo=
=ZGBa
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
