Your message dated Wed, 20 Sep 2006 06:17:06 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#388124: fixed in findimagedupes 0.2-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: findimagedupes
Version: 0.1.3-7
Severity: grave
findimagedupes will execute code stored in the names of the files.
This allows arbitrary code to be executed as the user by anyone who
can add files to a directory findimagedupes is run on; hence this is a
security hole and is grave.
An example:
create a file named `touch a`
run imagedupes
after imagedupes is done, there will be a file named a in the working
directory. For a root exploit when findimagedupes is being run as
root, change the name of the original file to `mv /home/evil/file
/etc/passwd`.
--- End Message ---
--- Begin Message ---
Source: findimagedupes
Source-Version: 0.2-1
We believe that the bug you reported is fixed in the latest version of
findimagedupes, which is due to be installed in the Debian FTP archive:
findimagedupes_0.2-1.diff.gz
to pool/main/f/findimagedupes/findimagedupes_0.2-1.diff.gz
findimagedupes_0.2-1.dsc
to pool/main/f/findimagedupes/findimagedupes_0.2-1.dsc
findimagedupes_0.2-1_i386.deb
to pool/main/f/findimagedupes/findimagedupes_0.2-1_i386.deb
findimagedupes_0.2.orig.tar.gz
to pool/main/f/findimagedupes/findimagedupes_0.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Tille <[EMAIL PROTECTED]> (supplier of updated findimagedupes package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 18 Sep 2006 22:41:53 +0200
Source: findimagedupes
Binary: findimagedupes
Architecture: source i386
Version: 0.2-1
Distribution: unstable
Urgency: low
Maintainer: Andreas Tille <[EMAIL PROTECTED]>
Changed-By: Andreas Tille <[EMAIL PROTECTED]>
Description:
findimagedupes - Finds visually similar or duplicate images
Closes: 86994 86996 87010 87013 87017 87024 113871 388124 388139
Changes:
findimagedupes (0.2-1) unstable; urgency=low
.
* New upstream version
Closes: #388124, #388139
Quoting from the annoncement this version closes the following bugs
Closes: #86994:
Hopefully now even harder to tickle imagemagick weaknesses.
Closes: #86996:
I haven't implemented Dupes:: lines output so this is a non-issue.
My --program/--script options escape names with Perl's quotemeta()
Closes: #87010:
1) This version explicitly and deliberately does not do recursion.
2) This version can read a file-list from stdin.
Closes: #87013:
Integrated in new --program/--script options, which use this
algorithm to merge pairs of matches into sets before output.
Closes: #87017:
Integrated in new --add option.
Closes: #87024:
Pure Perl comparison replaced by new integrated C function.
Still O(n^2) but massive speedup from squishing the constant factor.
Should be able to compare 100k files in around 10 minutes.
Runtime is now dominated by the time it takes to do fingerprinting.
Closes: #113871:
"It works for me." (tm)
* Standards-Version: 3.7.2 (No changes needed)
* Switched to cdbs
* debian/copyright: New upstream author. License now GPL or
Artistic (like Perl)
Files:
71b5990e04390f75dbab36822219b3d5 662 graphics optional findimagedupes_0.2-1.dsc
c5fd4d9207b5cd2cbec5771bb4909a72 17953 graphics optional
findimagedupes_0.2.orig.tar.gz
52270d0ef70b47681478b949a1d61532 8066 graphics optional
findimagedupes_0.2-1.diff.gz
b71d298ab3379498fdeb2d298337b620 27344 graphics optional
findimagedupes_0.2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFET0TYDBbMcCf01oRAq92AJ9ryZM7Ln/9NC9vUjssEJZ5L056AQCgjZxl
OCGVQ3ke+WD5yZhSPICxSr4=
=gHYX
-----END PGP SIGNATURE-----
--- End Message ---
