Your message dated Wed, 16 Dec 2015 06:34:47 +0000 with message-id <e1a95fj-0006rr...@franck.debian.org> and subject line Bug#807341: fixed in git-repair 1.20151215-1 has caused the Debian Bug report #807341, regarding git-repair: uses non-random tempdir /tmp/tmprepo.0/.git/ to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 807341: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807341 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: git-repair Version: 1.20150106-2 Severity: grave Tags: security Justification: user security hole -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 git-repair uses /tmp/tmprepo.0/.git/ which is clearly static, and I believe therefore (on non-hardened systems) insecure. - Jonas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWZc+/AAoJECx8MUbBoAEhfMsP/0TcaMfVoWdkFqwY4+4gFjFn 0iRp1AZgNA8pnrgdcnQNFIm6PvarOQZZ6K62cg7OfiuEIyji+u8DV8Pl741TPWr2 cJWaIPMWY5CX9hKRJMikE4JsxtmdNoZ+iXzGj/Mv50jx+SJL2AT1cjTi9kgoq9uE FtyJAv0hooTenuKQzQz54dSiKQFfnVC7IoCYeMm/nPiveE9+CmaGg19IGUoy921Q cXU9cmBk1Qv0aU9ErSa9FZl3mr+Q7+EbN30Qa5LciZMR2PFbG9CdkdWBXia14j3P ZsIlyogcwukqtEu20jh54jaG3n0FnfMFOcvW6bi4RckwcL6FXp2h8U992vY3teCe B/882vP+aNLeRhub+a/p4xUWsq5Z+Sbf1UX4iXT9hZRQ3mRyfwxy44Okh46tFLQe tn7xoj676wPbZhx/j8cdh2S2sXQBTwg7wwRDz0ngM9YA5477sqPf0aoPcG5yRdgp Herfwwblcny5LD868eEM2WuIygX4BRhfzAXPqgQYr46BVU3fUkVJeEwMqt4XKaXd IFV0TG4B+mgTewe1NYQOtmkRIg/6owp9YS/bQq4yhUos5gITzB2vaFVWsAHejFHI K1XInYeBv33vhmnfsnjAc+G1xVJzFZfUHZvjPb9144f/hkMnwQZhXP877qQndQtt k3+PtInTNWBmgAxZEF1x =0nH4 -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: git-repair Source-Version: 1.20151215-1 We believe that the bug you reported is fixed in the latest version of git-repair, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 807...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Richard Hartmann <ric...@debian.org> (supplier of updated git-repair package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 16 Dec 2015 07:26:04 +0100 Source: git-repair Binary: git-repair Architecture: source amd64 Version: 1.20151215-1 Distribution: unstable Urgency: medium Maintainer: Richard Hartmann <ric...@debian.org> Changed-By: Richard Hartmann <ric...@debian.org> Description: git-repair - repair various forms of damage to git repositories Closes: 807341 Changes: git-repair (1.20151215-1) unstable; urgency=medium . * Package 1.20151215-1 . git-repair (1.20151215) unstable; urgency=medium . * Fix insecure temporary permissions and potential denial of service attack when creating temp dirs. Closes: #807341 * Merge from git-annex. Checksums-Sha1: af218389beced7004b6388a8748468d64af162af 2111 git-repair_1.20151215-1.dsc 32ff8973ed5ead17e0d4f2c8463d9cbf5a5709b6 70480 git-repair_1.20151215.orig.tar.xz ef5eac90dc188e424aed720de65dc857aaaceb38 3356 git-repair_1.20151215-1.debian.tar.xz cb584756292f8caf221fae921d63447f2c357dc5 876096 git-repair_1.20151215-1_amd64.deb Checksums-Sha256: 50ca6a8985b9c3afa7167e8dd422e4ad106f4569f7a978b69e6659e11ebbf983 2111 git-repair_1.20151215-1.dsc 3adfbf0ca86289eac1a74bbe0fe690c26f47d21d646068f83300ee04daa121f6 70480 git-repair_1.20151215.orig.tar.xz d90ccc2ae15e0de8fdee0a947c6a7290dc4b5482bb0666e9cf5f2a2c3f2722a7 3356 git-repair_1.20151215-1.debian.tar.xz b998756a8671a59fa01002958d1cedc66bc28261c44d46ca7fdab465a1af55a3 876096 git-repair_1.20151215-1_amd64.deb Files: c27f12c9de914d58287604653a3b0ef1 2111 utils optional git-repair_1.20151215-1.dsc 4473ee136a16fe1cf8de58ffa32d3ec7 70480 utils optional git-repair_1.20151215.orig.tar.xz 53ca50b03e91ab5e5f5aeb8d35447155 3356 utils optional git-repair_1.20151215-1.debian.tar.xz 599c49e9d9557981d003173665141d21 876096 utils optional git-repair_1.20151215-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWcQTKAAoJEGkGSwGVIG3TnisQAInTYO0P6oQcMX1aSBvrrzPR WU4/xwPXxZH2QJdvvb7x12BfKA9f/ZwPB1r7VJ3b3VQpEQPJs1P4YEIayI6YwGdg cWRTUxxvnu/cKnFDPT6AqfcwXFk+CAI3/1y3N1ZJLo20bgTiZ0x4y9fKukbF+ON3 +eEFGY9ItRpEQKCt4eXg1l4EUvGvIv0a1hbfT1BTa9NVBozSmPsHbPhKqCsreXyW dJniAS6SKUj11yx6VrscC9E4vU7agPvV/fqOc4RvpV6ib/QegWQPWOwhPFhX9TiK 1EAl8EuTlP6Z2Shf6DokNfSlMzHCg7ClFcciN2y3fJmoTbWcB4DBh8eDbiH3cjts WF9yzAEprWcm93KI8Flz1wuvcXKePc7eSEtXNqrdfckzjB+Y89zpH5k5LOru+VlQ fbojvM/QJ+OJfZLbWUKH4L5iHVHn28pOd9fLAG94XBASKXaz24gxX01/Fa21+Zyl 4KJ8dPL4oEZW8sC2mQCBY79wpqdv6ZN+qTafSFAj8bKJFnxbz03OU4temMDeWRsr SFmAFJpWL4EO8Mgs3e7eKN1DcQYuWtPjpcwqs6mDYOiDSm9+6ISJ4zgrWVyatWzm hcjccV2cJwEFhKSuQXzvHPdCFBLUj68T6dNu5wxXErSfBitUzAy91swP3EJSvJuk V3vKd3wrSV0P0J1iD4of =tAEk -----END PGP SIGNATURE-----
--- End Message ---
