Your message dated Fri, 03 Jan 2025 14:43:59 +0000
with message-id <e1ttiu7-003wdr...@fasolo.debian.org>
and subject line Bug#1082298: fixed in binutils-mipsen 12+c1+nmu1
has caused the Debian Bug report #1082298,
regarding binutils-mipsen: file ownership violates policy 10.9
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1082298: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082298
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: binutils-mipsen
Version: 12+c1
Severity: important
Justification: violates policy 10.9 "should"
Tags: security
Multiple binary packages built from binutils-mipsen have their files
(including e.g. /, /usr, /usr/bin and /usr/bin/TOOL) owned by user
"buildd" or user "sbuild". They really should be owned by root. Likely,
dh_fixperms or something similar is missing here or a repacking step
fails to reset ownership information back to root.
This also poses a possible vulnerability. If there happens to be a user
thus named on the system, they can modify tools below /usr/bin and thus
escalate their privileges.
Helmut
--- End Message ---
--- Begin Message ---
Source: binutils-mipsen
Source-Version: 12+c1+nmu1
Done: Niels Thykier <ni...@thykier.net>
We believe that the bug you reported is fixed in the latest version of
binutils-mipsen, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1082...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niels Thykier <ni...@thykier.net> (supplier of updated binutils-mipsen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 29 Dec 2024 13:23:05 +0000
Source: binutils-mipsen
Architecture: source
Version: 12+c1+nmu1
Distribution: unstable
Urgency: medium
Maintainer: YunQiang Su <s...@debian.org>
Changed-By: Niels Thykier <ni...@thykier.net>
Closes: 1082298
Changes:
binutils-mipsen (12+c1+nmu1) unstable; urgency=medium
.
* Non-maintainer upload.
* Correctly assemble the packages without leaking build user
onwership into the debs. (Closes: #1082298)
Checksums-Sha1:
0f31ebcb969408b110620d276284107030d95be7 5140 binutils-mipsen_12+c1+nmu1.dsc
0555bfd000d78b50be7c483228d3638cdc10bebc 5876 binutils-mipsen_12+c1+nmu1.tar.xz
4fdc07ad3cdad0b2415e7dcc56c6e427710bcee0 6812
binutils-mipsen_12+c1+nmu1_source.buildinfo
Checksums-Sha256:
bf47b7a729efe0dd1463e00171bad3e4e50e46c875e79f784624061118064aa2 5140
binutils-mipsen_12+c1+nmu1.dsc
af143a6c7a545a89ed7fb6dd31279271903e5f4e0e4dc227f8fbbcfca6e8a19d 5876
binutils-mipsen_12+c1+nmu1.tar.xz
67534d4411303ebe8b5b51ddea899cc0cb8cffcf8bbff70beac72b68747b4b5c 6812
binutils-mipsen_12+c1+nmu1_source.buildinfo
Files:
6f74287119fb944e21370838ec2289eb 5140 devel optional
binutils-mipsen_12+c1+nmu1.dsc
9fa6297abff37d65a6be8bd220d474ff 5876 devel optional
binutils-mipsen_12+c1+nmu1.tar.xz
4b5c6ad04d0abe4d458cb7c6766ddce1 6812 devel optional
binutils-mipsen_12+c1+nmu1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCgAwFiEE9ecZmu9eXGflVYc/dA1oiINl0okFAmdxTWASHG5pZWxzQHRo
eWtpZXIubmV0AAoJEHQNaIiDZdKJqBQIAIWceXvbcueSd5fvt18mf305pixJW1G9
RoBYhjsd+X9V/i/QNM7mxvjxR3pWdP4kiKWMu90i4XdbBbYn974LM7r0qb7kw3ac
h8npIM97u8Db5Nqqiu6Q/6K50eisa1UmKvdnBxVbTV1tZQqcejti8j8r2ldac2hE
63qoahkFuh4GuBPHbBvY+ceWkUkonQQIlb5PbEizSDaq5Dme51caRc/5HdixiKfi
jA6OaUO5JuuX016M9uZZTB/v6gT3pqDyNppsYbXmh4b66aN0j6aBQPME7zB7mI0J
QaJqlin8R2ZSB9yjOXtKWXMNZ4EwEjxy9WyHffJsWttfvHD9F18X10Y=
=Bwez
-----END PGP SIGNATURE-----
pgp5jBNvQQUof.pgp
Description: PGP signature
--- End Message ---
