Bug#651620: marked as done (~/.rocksndiamonds/ is world-writable)

Sat, 19 May 2012 06:48:15 -0700 

Your message dated Sat, 19 May 2012 13:45:09 +0000
with message-id <e1svjy1-0000lb...@franck.debian.org>
and subject line Bug#651620: fixed in rocksndiamonds 3.3.0.1+dfsg1-2.2
has caused the Debian Bug report #651620,
regarding ~/.rocksndiamonds/ is world-writable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
651620: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651620
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: rocksndiamonds
Version: 3.3.0.1+dfsg1-1
Severity: grave
Tags: security
Justification: user security hole
The ~/.rocksndiamonds directory and its subdirectories are created as writable to anybody. This allows an attacker to overwrite arbitrary files by doing this: 
1) Delete the /home/victim/.rocksndiamonds/cache/artworkinfo.cache file.
2) Create new /home/victim/.rocksndiamonds/cache/artworkinfo.cache as a symlink to a file you want to overwrite. 
3) Wait until the victim runs the game.

--
Jakub Wilk

--- End Message ---
--- Begin Message --- 
Source: rocksndiamonds
Source-Version: 3.3.0.1+dfsg1-2.2

We believe that the bug you reported is fixed in the latest version of
rocksndiamonds, which is due to be installed in the Debian FTP archive:

rocksndiamonds_3.3.0.1+dfsg1-2.2.debian.tar.gz
  to contrib/r/rocksndiamonds/rocksndiamonds_3.3.0.1+dfsg1-2.2.debian.tar.gz
rocksndiamonds_3.3.0.1+dfsg1-2.2.dsc
  to contrib/r/rocksndiamonds/rocksndiamonds_3.3.0.1+dfsg1-2.2.dsc
rocksndiamonds_3.3.0.1+dfsg1-2.2_amd64.deb
  to contrib/r/rocksndiamonds/rocksndiamonds_3.3.0.1+dfsg1-2.2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 651...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Igor Pashev <pashev.i...@gmail.com> (supplier of updated rocksndiamonds package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 13 May 2012 19:44:35 +0400
Source: rocksndiamonds
Binary: rocksndiamonds
Architecture: source amd64
Version: 3.3.0.1+dfsg1-2.2
Distribution: unstable
Urgency: low
Maintainer: Dmitry E. Oboukhov <un...@debian.org>
Changed-By: Igor Pashev <pashev.i...@gmail.com>
Description: 
 rocksndiamonds - arcade-style game
Closes: 651620
Changes: 
 rocksndiamonds (3.3.0.1+dfsg1-2.2) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Fixed permissions when creating directories (Closes: #651620)
Checksums-Sha1: 
 493978d9aa9d1872a96c3161dfed75607d502bb6 2164 
rocksndiamonds_3.3.0.1+dfsg1-2.2.dsc
 f70727c8a67b22dd083695300544f92551f53c1f 22017 
rocksndiamonds_3.3.0.1+dfsg1-2.2.debian.tar.gz
 536346a00c7e8a1e50de63b6cfacdb813d1af407 539106 
rocksndiamonds_3.3.0.1+dfsg1-2.2_amd64.deb
Checksums-Sha256: 
 838331a8d89d72abd212bd1da50dd3a7e9d710b243205d87465455953bf69a14 2164 
rocksndiamonds_3.3.0.1+dfsg1-2.2.dsc
 3a48329d48b4e685d555f4764a68a542e3076f78936db588cfbbfc192d70e552 22017 
rocksndiamonds_3.3.0.1+dfsg1-2.2.debian.tar.gz
 e836e3ac734d2b87acf21e198871dc6bb91cfc2c0931bd9b9c8d9a4e08658567 539106 
rocksndiamonds_3.3.0.1+dfsg1-2.2_amd64.deb
Files: 
 c4ba867d38fc68aec13d61eef052ea76 2164 contrib/games extra 
rocksndiamonds_3.3.0.1+dfsg1-2.2.dsc
 f98930cc2f7ba31620073d0277637509 22017 contrib/games extra 
rocksndiamonds_3.3.0.1+dfsg1-2.2.debian.tar.gz
 4bd0fdaaff67c24fe4849dc99cfc354c 539106 contrib/games extra 
rocksndiamonds_3.3.0.1+dfsg1-2.2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJPt5eZAAoJEDNV9NY7WCHMWyEQAInlW5mWUaMf18tLhM5d/lC3
DJDEdwot+k6B4dnC1UlfkwCPlw+HFxvdrSwF+CC+1A/NiBtPabgu4bCYNdmtDJMj
RddEF2WIVyM9XfPFlPxN5c6kaWYEClO5DntCqCvYr2ZbOtU7gzY0P/mTMKtWSPrE
LIMR86RFUcgD0JK3qb4VcpdnTIhAp9Xh82r8C3WpIFQYEhp8I5wL2R3eWe4I8wZm
pk5aCSLqllsR3jM+Y80LHfLKVMPey+mPTfQ2DW0lKmpKjL3ZSn6tSKE0SXlqM5sr
MKqUuN/tgsV/fznLBFjrQEO8nVmr+UBwdeRggbt48HBFCRO/84Yw9L2fg9b470GO
9GLP2MbCXIISIvCMrRqOXI73Hg5IeEMxQPXknWFFhNDbzm5MlxT/zEClRogBoEcc
D38d0TSh7KGJvLP6apOvku41J1Yz6n4a8g6mvEkdSzyx1lxoCD/nOaWLSONzrW/V
Fj46ffREt9e220i/L2pPX0vEvllR7dBcpojCf8mNju7Y2yPS/GBgZGUARG2eUS/6
hc7Su7q5idJhlxEIFm4gMRipKLSARmY3G0q8MGZPUnXZm8XUQMPgeZUEj52Vyic4
xUjuLS7HbzDmT32JA5XotccofcyElf0J1hWCH/emUzbn23UqsrLGSiN0qWFzOe8+
pAovoZAsmfKKmUA66WQj
=mDZ1
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to