Your message dated Fri, 03 Aug 2012 06:47:11 +0000 with message-id <e1sxbfd-0003ce...@franck.debian.org> and subject line Bug#683647: fixed in logol 1.5.0-4 has caused the Debian Bug report #683647, regarding logol: creates world writable directory: /var/lib/logol/results to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683647 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: logol Version: 1.5.0-2 Severity: grave Tags: security Justification: user security hole User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed that your packages creates a world writable directory: drwxrwxrwx 2 root root 40 Jul 1 21:59 /var/lib/logol/results There any local user may delete/replace arbitrary files that were not created by the user himself. Andreas
--- End Message ---
--- Begin Message ---Source: logol Source-Version: 1.5.0-4 We believe that the bug you reported is fixed in the latest version of logol, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 683...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Olivier Sallou <osal...@debian.org> (supplier of updated logol package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 02 Aug 2012 17:09:31 +0200 Source: logol Binary: logol logol-bin Architecture: source all amd64 Version: 1.5.0-4 Distribution: unstable Urgency: low Maintainer: Debian Med Packaging Team <debian-med-packag...@lists.alioth.debian.org> Changed-By: Olivier Sallou <osal...@debian.org> Description: logol - Pattern maching tool using Logol language logol-bin - Pattern maching tool using Logol language Closes: 683647 Changes: logol (1.5.0-4) unstable; urgency=low . * debian/postinst: remove directory permissions (Closes: #683647). Checksums-Sha1: ade70879f103423774017e994edd449f4b2d37be 2391 logol_1.5.0-4.dsc b61667cdb32207f2973260e0f6c81ae6969c3170 13857 logol_1.5.0-4.debian.tar.gz 936adc316d841e468b6fd6ba6c90ae747eb82ac3 1518706 logol_1.5.0-4_all.deb a0451272e3f532eb22b1f841f4d50c09da9b7caa 1160686 logol-bin_1.5.0-4_amd64.deb Checksums-Sha256: 5d899f25fc37d1d27576061bc0286033abfe0e6f1cd7eb44bd29e8ab31df119f 2391 logol_1.5.0-4.dsc 95f22aebc1163a6eb304f8832b4f07867c9c704638b0b967e1271ae80ddaa53d 13857 logol_1.5.0-4.debian.tar.gz d0467776511f75c1a9d031becb4bd160a9c87ee569a51ecfa43656854b52a744 1518706 logol_1.5.0-4_all.deb 38e4d1ecb5e90646063a1f81cebcb48671fba98c2de58b8ce2d4a6545152a41f 1160686 logol-bin_1.5.0-4_amd64.deb Files: bbf0b36406d820607ba4128efa3c9196 2391 science optional logol_1.5.0-4.dsc 1cfdcd545d81cc785b5fe4448bb95033 13857 science optional logol_1.5.0-4.debian.tar.gz 91675d6b9daaffce84598da0af3dada2 1518706 science optional logol_1.5.0-4_all.deb fc0023c7f901ae0eeffa71d3ffd72491 1160686 science optional logol-bin_1.5.0-4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQG3AAAAoJEHjcaNsybYQ4j/0P/2ldMiWGs0QgGmHO+QWJew8V Uhh/XVAhn5BwY7EhU7cPg51Pnu75vutkVCKy3QLx9aK7pijSPsL5tqVjf5R9CRpn wMX8CCENileRgU0XshfyE14XVndSDruawxVZpYgttMAD3YsN7nIABJ6Uzj/Bk0hp 8UrckeWKG6CXpBZUVdbjOQHzSw5Cwu6wSGHs1oPkvlY95qJKe81NiQeO4rYUFhBH onWiRE2X+KYWIFmVkZwHNP8m4Vt62iFrYY8bmJwfiG8IXAPNwAHNDZHNb1Ca9CtW Q+pb0oeAEsi/yFUWW6k/qFuFxD3jB7VnNGwlNCWy3WfnmdL4jGAEoir9MTIY5SKr OWiOihyFEBIwieTaLWiDydpB2z1iew+4T54fmBEuaqs0RvPlyLEVhbtxJdkVZA5A hnQraNV1Dp+Tig8PZbnHIaa74ul6M/cmdm+HluJghCOppcBjpglyEPTnNjwsKADg 9OoKdnNE6APjqDKHq9U4+SPiFUBH5JwZZYTYQ4YUQIbBayMKZbnouyoF2OjL3+Yz 02eVaYM9uGp6dnphRcd/HVNHtI3/xUgaE91/UV8mRX5e7MESD8Uk/n/WOOuvCzmY QpNvuXMpZR+RIhn+nTrm610x+rrjz/38Z8MaeLKfueRfyNvjoEcvGUt/gZPhcyIi cHth4aVVctCAiz/d9l0u =WsV7 -----END PGP SIGNATURE-----
--- End Message ---
