Your message dated Wed, 09 Aug 2006 09:02:28 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#382161: fixed in realtime-lsm 0.8.7-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: realtime-lsm-source
Version: 0.8.7-1
Severity: critical
Tags: security
Justification: root security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The package contains a tar file that when unpacked by module-assistant produces
a series of files owned by user 1017 and group 1001, instead of root, as it
should.
This is bad practise in general. Furthermore, given that this is a kernel
module, it gives that user the chance to introduce malicious code into the
kernel.
- -- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-ck1
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8)
Versions of packages realtime-lsm-source depends on:
ii bzip2 1.0.3-3 high-quality block-sorting file co
ii debhelper 5.0.37.3 helper programs for debian/rules
ii kernel-package 10.049 A utility for building Linux kerne
realtime-lsm-source recommends no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE2b96823633cP2P8RAmaBAKCc+2SnuLMR7RsjLwQ/rDArY8rVawCdEvUp
rY7ATCYdfmBHH4yJve/f1HM=
=8SdB
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: realtime-lsm
Source-Version: 0.8.7-2
We believe that the bug you reported is fixed in the latest version of
realtime-lsm, which is due to be installed in the Debian FTP archive:
realtime-lsm-source_0.8.7-2_all.deb
to pool/main/r/realtime-lsm/realtime-lsm-source_0.8.7-2_all.deb
realtime-lsm_0.8.7-2.diff.gz
to pool/main/r/realtime-lsm/realtime-lsm_0.8.7-2.diff.gz
realtime-lsm_0.8.7-2.dsc
to pool/main/r/realtime-lsm/realtime-lsm_0.8.7-2.dsc
realtime-lsm_0.8.7-2_all.deb
to pool/main/r/realtime-lsm/realtime-lsm_0.8.7-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guenter Geiger (Debian/GNU) <[EMAIL PROTECTED]> (supplier of updated
realtime-lsm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 9 Aug 2006 17:26:56 +0200
Source: realtime-lsm
Binary: realtime-lsm-source realtime-lsm
Architecture: source all
Version: 0.8.7-2
Distribution: unstable
Urgency: low
Maintainer: Guenter Geiger (Debian/GNU) <[EMAIL PROTECTED]>
Changed-By: Guenter Geiger (Debian/GNU) <[EMAIL PROTECTED]>
Description:
realtime-lsm - Scripts for handling the realtime Linux security module
realtime-lsm-source - Source for the realtime Linux security module
Closes: 382161 382194
Changes:
realtime-lsm (0.8.7-2) unstable; urgency=low
.
* updated installation instructions to include make-kpkg way
* Fixed typo in recommends (closes: #382194)
* Added --no-same-owner flag when extracting source with tar, unpacks
tarfile as user root (closes: #382161)
Files:
3dc75ad445eceb177989f6cd1c445d32 623 base optional realtime-lsm_0.8.7-2.dsc
5d6ff40feead7b26ce60c332e2799a2e 16376 base optional
realtime-lsm_0.8.7-2.diff.gz
d14a060c943f36014454ce3c775dbd75 4866 base optional
realtime-lsm_0.8.7-2_all.deb
2b2d6d2a289e958841d1b68f55732cdc 17332 base optional
realtime-lsm-source_0.8.7-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFE2gbO1pbKhmC2uVgRAqqdAJ9/tF/cBBT4+fe55R0AZCHCygIUfQCfXcpY
8W6euF+kqH+h3gya3qkr27Q=
=4YEc
-----END PGP SIGNATURE-----
--- End Message ---
