Your message dated Wed, 09 Aug 2006 00:47:07 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#292210: fixed in zhcon 1:0.2.6-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: zhcon
I'm filing this bug because the security hole is not fixed in sid yet
and I don't see a bug report for it.
----- Forwarded message from Martin Schulze <[EMAIL PROTECTED]> -----
From: Martin Schulze <[EMAIL PROTECTED]>
Date: Tue, 25 Jan 2005 12:00:37 +0100 (CET)
To: Debian Security Announcements <debian-security-announce@lists.debian.org>
Subject: [SECURITY] [DSA 655-1] New zhcon packages fix unauthorised file access
User-Agent: dsa-launch $Revision: 1.15 $
Reply-To: debian-security@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 655-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 25th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : zhcon
Vulnerability : missing privilege release
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0072
Erik Sjölund discovered that zhcon, a fast console CJK system using
the Linux framebuffer, accesses a user-controlled configuration file
with elevated privileges. Thus, it is possible to read arbitrary
files.
For the stable distribution (woody) this problem has been fixed in
version 0.2-4woody3.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your zhcon package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3.dsc
Size/MD5 checksum: 571 cef550eb0e12c8841fb19dec63b57c18
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3.diff.gz
Size/MD5 checksum: 18162 5757142ee30a5d3e990180a44bfbf8cd
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2.orig.tar.gz
Size/MD5 checksum: 4727022 7a15d08e903c0d40f1f659b23185c4c0
Alpha architecture:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_alpha.deb
Size/MD5 checksum: 4577314 574567f7d5ff0c730d7c8403da284d62
ARM architecture:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_arm.deb
Size/MD5 checksum: 4566364 e9cc7274596bd612b85b832945d4fedc
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_i386.deb
Size/MD5 checksum: 4549436 adcaa080b69de7c3d7de5d5c58bd2ee6
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_ia64.deb
Size/MD5 checksum: 4594976 ff8e34b0df2d5548918698972ae71ac4
HP Precision architecture:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_hppa.deb
Size/MD5 checksum: 4590474 68576eb8887b9bda98afc3548704d491
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_m68k.deb
Size/MD5 checksum: 4545894 419dcce4d28053e9527888f064dd9a9d
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_mips.deb
Size/MD5 checksum: 4557002 70955d5fd0205214a4add453ebda3c9c
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_mipsel.deb
Size/MD5 checksum: 4555974 81e127f1ebecb1519ccc08472909a6cc
PowerPC architecture:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_powerpc.deb
Size/MD5 checksum: 4548730 7d99eb0b961e83cf9067355c39ba656b
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_s390.deb
Size/MD5 checksum: 4544774 172e282c5c27a5d12a2e3b709b7e89c2
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_sparc.deb
Size/MD5 checksum: 4546018 f6d5b53efb642de658498c091884ff7e
These files will probably be moved into the stable distribution on
its next update.
-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB9ibVW5ql+IAeqTIRAmVaAJ4hplX5cisx4UhwwC663bFI0eZDygCeLcB3
6cTDc5AQ6p8EvLTfU+HhGXU=
=Jltb
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
----- End forwarded message -----
--
see shy jo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: zhcon
Source-Version: 1:0.2.6-2
We believe that the bug you reported is fixed in the latest version of
zhcon, which is due to be installed in the Debian FTP archive:
zhcon_0.2.6-2.diff.gz
to pool/main/z/zhcon/zhcon_0.2.6-2.diff.gz
zhcon_0.2.6-2.dsc
to pool/main/z/zhcon/zhcon_0.2.6-2.dsc
zhcon_0.2.6-2_i386.deb
to pool/main/z/zhcon/zhcon_0.2.6-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yu Guanghui <[EMAIL PROTECTED]> (supplier of updated zhcon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 09 Aug 2006 15:38:19 +0800
Source: zhcon
Binary: zhcon
Architecture: source i386
Version: 1:0.2.6-2
Distribution: unstable
Urgency: low
Maintainer: Yu Guanghui <[EMAIL PROTECTED]>
Changed-By: Yu Guanghui <[EMAIL PROTECTED]>
Description:
zhcon - A Fast Console CJK System Using FrameBuffer
Closes: 112355 136609 198270 198751 200071 250139 285970 287695 292210 293324
323419 324284 324285 330619 332164 355948 356438 378224 381198 382116
Changes:
zhcon (1:0.2.6-2) unstable; urgency=low
.
* French templates translation update. (Closes:Bug#378224)
* Portuguese templates translation. (Closes:Bug#381198)
* zhcon doesn't depend on libgii0 (Closes:Bug#382116)
* Closed old bugs, it was fixed ago. (Closes:Bug#323419)
* Cleanup NMU fixed bugs.(Closes:Bug#292210,Bug#200071,Bug#293324,
Bug#356438,Bug#112355,Bug#136609,Bug#332164,Bug#355948,Bug#198270,
Bug#198751,Bug#250139,Bug#285970,Bug#287695,Bug#324284,Bug#324285,
Bug#330619)
Files:
9e6b8d60fade8a0891090c202f58baa2 623 utils optional zhcon_0.2.6-2.dsc
6151566e61b1d676983d88643647fc31 18974 utils optional zhcon_0.2.6-2.diff.gz
4c7060b6eee61d5f9be644eb2cb40088 4418718 utils optional zhcon_0.2.6-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE2ZCZKNPoKRflcycRAq++AKDSTFbm6A+ekrXHsj+s1kpg0sXUFACfWo73
h0ZGQnfHbykLqEKxqCfA3aE=
=Q+0c
-----END PGP SIGNATURE-----
--- End Message ---
