Your message dated Sun, 25 Feb 2007 04:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#411942: fixed in gnucash 2.0.5-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gnucash
Version: 2.0.2-3
Severity: grave
Tags: security, fixed-upstream
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0007 says:
"gnucash 2.0.4 and earlier allows local users to overwrite arbitrary
files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and
(3) qof.trace.[PID] temporary files."
See also bug #406983 -- this CVE is fixed in version 2.0.5.
--
Kees Cook @outflux.net
--- End Message ---
--- Begin Message ---
Source: gnucash
Source-Version: 2.0.5-1
We believe that the bug you reported is fixed in the latest version of
gnucash, which is due to be installed in the Debian FTP archive:
gnucash-common_2.0.5-1_all.deb
to pool/main/g/gnucash/gnucash-common_2.0.5-1_all.deb
gnucash_2.0.5-1.diff.gz
to pool/main/g/gnucash/gnucash_2.0.5-1.diff.gz
gnucash_2.0.5-1.dsc
to pool/main/g/gnucash/gnucash_2.0.5-1.dsc
gnucash_2.0.5-1_i386.deb
to pool/main/g/gnucash/gnucash_2.0.5-1_i386.deb
gnucash_2.0.5.orig.tar.gz
to pool/main/g/gnucash/gnucash_2.0.5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Bushnell, BSG <[EMAIL PROTECTED]> (supplier of updated gnucash package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 21 Feb 2007 13:24:24 -0800
Source: gnucash
Binary: gnucash-common gnucash
Architecture: source i386 all
Version: 2.0.5-1
Distribution: unstable
Urgency: low
Maintainer: Thomas Bushnell, BSG <[EMAIL PROTECTED]>
Changed-By: Thomas Bushnell, BSG <[EMAIL PROTECTED]>
Description:
gnucash - A personal finance tracking program
gnucash-common - A personal finance tracking program
Closes: 194545 242441 368139 386923 411942 411985
Changes:
gnucash (2.0.5-1) unstable; urgency=low
.
* New upstream release. (Closes: #194545, #242441, #386923, #368139,
#411942, #411985)
Files:
6770673b84a0f819f886ebbd15a841e3 1308 gnome optional gnucash_2.0.5-1.dsc
0fa3da0122a025b1abcba524740d7633 10404303 gnome optional
gnucash_2.0.5.orig.tar.gz
a5ef4c9298cbeff68c1db431c5a504e6 17188 gnome optional gnucash_2.0.5-1.diff.gz
cc7909f1f359f3d5d3d5377811670dfc 3514620 gnome optional
gnucash-common_2.0.5-1_all.deb
26579123c5ec31435066ac95858a7348 1631822 gnome optional
gnucash_2.0.5-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFF4QyIqMsB9b6fcOoRAl+xAJ9Cymhi5vJiWFqDAIHu7uHIjr7x8QCffTWl
kl0F1+6vGwdoh4zGGFw7asI=
=mNge
-----END PGP SIGNATURE-----
--- End Message ---
