Your message dated Tue, 22 Jan 2013 18:47:46 +0000 with message-id <e1txiss-0003dy...@franck.debian.org> and subject line Bug#698490: fixed in git-extras 1.7.0-1.2 has caused the Debian Bug report #698490, regarding git-effort/git-changelog: predictable /tmp filenames to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 698490: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: git-extras Version: 1.7.0-1.1 Severity: serious Tags: security The git-effort utility uses /tmp/.git-effort as the name of its temporary filename. While this already prevents two users from using this utility (due to not cleaning its temporary file) it also allows for targeted symbolic link attacks. No guessing involved. Helmut
--- End Message ---
--- Begin Message ---Source: git-extras Source-Version: 1.7.0-1.2 We believe that the bug you reported is fixed in the latest version of git-extras, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 698...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonathan Wiltshire <j...@debian.org> (supplier of updated git-extras package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 20 Jan 2013 18:07:43 +0000 Source: git-extras Binary: git-extras Architecture: source all Version: 1.7.0-1.2 Distribution: unstable Urgency: medium Maintainer: Jesús Espino <jespi...@gmail.com> Changed-By: Jonathan Wiltshire <j...@debian.org> Description: git-extras - Extra commands for git Closes: 698490 Changes: git-extras (1.7.0-1.2) unstable; urgency=medium . * Non-maintainer upload. * git-changelog, git-effort: Correct unsafe temporary file usage (Closes: #698490) Checksums-Sha1: ccaa81a72466c390f505d66f75648d449536f3e3 1754 git-extras_1.7.0-1.2.dsc 4160d13d88e70712bfe74930aca4bcf616f7acc6 4089 git-extras_1.7.0-1.2.debian.tar.gz bc1e4570df7dae608c48bd8e3ca842618c167bb6 24074 git-extras_1.7.0-1.2_all.deb Checksums-Sha256: cdb2d824f02a6f6fbf40bd5ea695d35f24550c6904b31d23923bb8442d85f134 1754 git-extras_1.7.0-1.2.dsc 7c00fef94b51a6b6c9df8c744b87cab3c747229f7e74d77bbe9df2abed86ab6d 4089 git-extras_1.7.0-1.2.debian.tar.gz cb65bff48647308d4487d619b4719d8776b4dbff16c36d2328e470743b06d1b5 24074 git-extras_1.7.0-1.2_all.deb Files: 296c98de75967e78cb26dffdd8112ec2 1754 vcs extra git-extras_1.7.0-1.2.dsc 70aebda7995bcd02becb38c7872a6ff2 4089 vcs extra git-extras_1.7.0-1.2.debian.tar.gz fa8cdd4a255003718431fdeab4b8e333 24074 vcs extra git-extras_1.7.0-1.2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ/DVtAAoJEFC7AtTIpr9hjNoP/3V7uzkHO5gvvD6iGnAGk2+G U7H6w8Mmktei325epxTGjDTQtdvKr8auZ+hD8lm8zIf0e111zoa14bGj2QezARl1 PUschwGuDFtUFbJ14Od9K2i0kTYKxD8FsD1bDmrwz/7+ftjyycLI/uMxT22WsDh8 djVwKQa0e5PIU/TX6ftzZKOLUi2t9/KgUo57gSITF9XCw5cRyBv5xNVlG0RNTNjj bxHfRwaZ70TZuaPaleGfAh34bHHXfbFoeKzZG7IcDDUK77vfXDjIlX2BRLW/9e+d U8FEzyGTlUvn3yWEjbhiHFz52bGpXEvrKw8DGss3Z+qLuuM1i4hDWKzDTVj5254c 96fDkCpmQdT9R4V41wGvnzcvyYLfEO7IEYO6EydNO6Y7yrM3H9Kg2RYqMRBUw13x pgouiVNSNBQYhCrzeRt7hsMCQMtmJMXO2VyRYSEf1qtIIYr4c6XJkMdCYuCjr6tQ qG0kwYV3yYmZ0PJ+fViCYegp++6LLcCijoI5vuhcbBkJW7DljEPvoqr9JRomurY0 XgugYUH06Qt0pnkN0rGT6ZEtn2iSNkuuRLx3nDSvEQEc/URmBL1xjO1qhpKACVic hf2lBSGDPMySnMcSAcKGXI+ED6EOQaGmyfjzoiWcG6Xk0Kdl5lCLGzevmJtRYUzW reXDfkx0Uq1gmbULepjW =K+8i -----END PGP SIGNATURE-----
--- End Message ---
