This bug was fixed in the package ncmpcpp - 0.4.1-1ubuntu0.1
---
ncmpcpp (0.4.1-1ubuntu0.1) lucid-proposed; urgency=low
* debian/patches/incorrect-dir-removal.patch: cherry-pick upstream fix to
arbitrary directories removal. This patch is for Lucid only -- had to be
rebased
This bug was fixed in the package ncmpcpp - 0.5.2-1ubuntu0.1
---
ncmpcpp (0.5.2-1ubuntu0.1) maverick-proposed; urgency=low
* debian/patches/incorrect-dir-removal.patch: cherry-pick upstream fix to
arbitrary directories removal. This patch is for Lucid and Maverick
only, a
SRU verification for Maverick:
I have reproduced the problem with ncmpcpp 0.5.2-1 in maverick and have
verified that the version of ncmpcpp 0.5.2-1ubuntu0.1 in -proposed fixes the
issue.
Marking as verification-done
** Tags added: verification-done
** Tags removed: verification-done-lucid veri
** Description changed:
Binary package hint: ncmpcpp
From an email to the Ubuntu bugSquad:
Dear Madam/Sir,
- I am using Ubuntu 10.04 and I installed program ncmpcpp 0.4.1. from Ubuntu
+ I am using Ubuntu 10.04 and I installed program ncmpcpp 0.4.1. from Ubuntu
repositories. There
SRU verification for Lucid:
I have reproduced the problem with ncmpcpp 0.4.1-1 in lucid and have verified
that the version of ncmpcpp 0.4.1-1ubuntu0.1 in -proposed fixes the issue.
Marking as verification-done
** Tags added: verification-done-lucid
--
You received this bug notification becaus
** Branch linked: lp:ubuntu/lucid-proposed/ncmpcpp
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/663925
Title:
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
--
ubuntu-bugs mail
Accepted ncmpcpp into lucid-proposed, the package will build now and be
available in a few hours. Please test and give feedback here. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed. Thank you in advance!
** Changed in: ncmpcpp (Ubuntu Lucid)
Sorry for the delay. I rebased the upstream patch (there was a small
difference on functionality added on a post-0.4.1 level), and checked.
** Changed in: ncmpcpp (Ubuntu Lucid)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Branch linked: lp:~hggdh2/ubuntu/lucid/ncmpcpp/lucid-fix-663925
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/663925
Title:
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
--
** Branch linked: lp:~hggdh2/ubuntu/lucid/ncmpcpp/lucid-fix-663925
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/663925
Title:
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
--
** Branch linked: lp:ubuntu/maverick-proposed/ncmpcpp
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/663925
Title:
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
--
ubuntu-bugs m
Accepted ncmpcpp into maverick-proposed, the package will build now and
be available in a few hours. Please test and give feedback here. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed. Thank you in advance!
** Changed in: ncmpcpp (Ubuntu Maveri
OK I'll sponsor patch for maverick.We are waiting for debdiff for lucid
;)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/663925
Title:
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of fil
I concur with Artur's second concern; while this is a serious issue with
this package, I don't believe it's a security issue, as I don't see a
means for an attacker to cause the deletion to occur, though I haven't
examined what the actual code issue is specifically. It seems to me that
the SRU proc
MOTU-SWAT ACK.
Some concerns:
- There is Origin tag, so Applied-Upstream is not necessary.
- I'm not sure whether this is security issue, for me rather a SRU.
Are you going to prepare a patch for lucid?
** Changed in: ncmpcpp (Ubuntu Maverick)
Status: New => Confirmed
** Also affects: nc
OK, I finally had time to get back to it. I am attaching a new debdiff
for Maverick, now with the upstream patch for this issue. Indeed, at
least for Maverick, the patch I identified on comment 15 above is all
that is needed.
Tested on Maverick. I will look at Lucid now.
** Patch added: "debdiff
** Patch removed: "ncmpcpp_0.4.1-1ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/ncmpcpp/+bug/663925/+attachment/1718825/+files/ncmpcpp_0.4.1-1ubuntu0.1.debdiff
** Patch removed: "ncmpcpp_0.5.2-1ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/ncmpcpp/+bug/663925/
ncmpcpp (0.5.4-1) unstable; urgency=high
* New upstream release.
+ Set urgency to high because it fixes a potential deletion of directories.
* Update copyright file.
* debian/patches/charset-use-free-to-release-memory.patch
+ Remove patch since it is fixed in new release.
* Switch
This is probably the fix in GIT upstream for this issue:
http://repo.or.cz/w/ncmpcpp.git/commit/d1b82557d266795621244c62644d4d0604cf5453
I do not know if this is the single patch needed or not.
--
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
https://bugs.launchpad.net/bugs/6
** Patch added: "ncmpcpp_0.5.2-1ubuntu0.1.debdiff"
https://bugs.edge.launchpad.net/ubuntu/+source/ncmpcpp/+bug/663925/+attachment/1718826/+files/ncmpcpp_0.5.2-1ubuntu0.1.debdiff
--
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
https://bugs.launchpad.net/bugs/663925
You re
Artur helped me on -motu, and pointed some more issues on the patches. I
am uploading new versions for both Lucid and Maverick.
For the record, and as a consolidation of the data on this bug:
This bug has never been reported to Mitre; as such, there is no CVE
associated with it. The security expo
** Also affects: ncmpcpp (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: ncmpcpp (Ubuntu Maverick)
Importance: Undecided
Status: New
--
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
https://bugs.launchpad.net/bugs/663925
You received this
And here is the debdiff for Lucid.
** Patch added: "ncmpcpp_0.4.1-1ubuntu0.1.debdiff"
https://bugs.edge.launchpad.net/ubuntu/+source/ncmpcpp/+bug/663925/+attachment/1718685/+files/ncmpcpp_0.4.1-1ubuntu0.1.debdiff
--
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
https://bu
** Changed in: ncmpcpp (Ubuntu)
Status: Triaged => In Progress
** Changed in: ncmpcpp (Ubuntu)
Assignee: (unassigned) => Artur Rona (ari-tczew)
--
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
https://bugs.launchpad.net/bugs/663925
You received this bug notificati
Updated patch attached.
This fix does not apply to Debian: rmadison lists only 0.5.4 on squeeze
and sid.
** Patch added: "ncmpcpp_0.5.2-1ubuntu0.1.debdiff"
https://bugs.edge.launchpad.net/ubuntu/+source/ncmpcpp/+bug/663925/+attachment/1718605/+files/ncmpcpp_0.5.2-1ubuntu0.1.debdiff
** Patch
** Tags added: patch
--
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
https://bugs.launchpad.net/bugs/663925
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
ht
Thanks for the patch. You have to fix some issues, following with
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation.
debian/changelog: - s/maverick/maverick-security
- please remove information about updated
maintainer field. it's not necessary.
debian/patches/
This is a simple patch: I decided to disable
'allow_physical_directory_deletion' if it is set, and output an error
message (which will be routed to the error.log file) *if* the current
configuration file has 'allow_physical_directory_deletion = "yes"'.
This is minimally invasive, and I confirmed t
Thank you for taking the time to make Ubuntu better. Since what you
submitted is a Feature Request to improve Ubuntu, you are invited to
post your idea in Ubuntu Brainstorm at [WWW]
https://brainstorm.ubuntu.com/ where it can be discussed, voted by the
community and reviewed by developers. Thanks f
At this point I can not help but agree with C de-Avillez and consider
the matter closed. I thank you all for your kind interest. I await any
purpose other opinions in question
--
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
https://bugs.launchpad.net/bugs/663925
You received
here's a simple change to disable the option.
** Patch added: "ncmpcpp_0.5.4-1ubuntu1.debdiff"
https://bugs.edge.launchpad.net/ubuntu/+source/ncmpcpp/+bug/663925/+attachment/1703793/+files/ncmpcpp_0.5.4-1ubuntu1.debdiff
--
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
htt
Allowing for physical dir removal was introduced on 0.3.5, so Karmic and
earlier releases are OK., and Lucid/Maverick are the only releases
affected.
--
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
https://bugs.launchpad.net/bugs/663925
You received this bug notification beca
I have no idea why it is questioned whether this is a valid a bug or
not...‽ The webpage clearly confirms the bug, users do not get any
warning that they shouldn't set the option
allow_physical_directory_deletion to yes (we can't expect users to go to
the project's webpage after installing a packag
Additionally, the web page seems to indicate that:
" It needs to be manually enabled in configuration file though, so if
you don't use it, you're fine."
--
ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
https://bugs.launchpad.net/bugs/663925
You received this bug notification
I disagree:
(1) the fact that this configuration option is not set on install does not mean
it will not be set later on. It is an user's choice.
(2) if the configuration option is set there is a real risk of unexpected data
loss.
(3) there are no newer versions available on Ubuntu (except for Nat
More than a bug I think it's human error as specified in the notice of
the package the risk of any unexpected deletion of files. Nevertheless,
I think is actually not necessary keep packages harmful to the system
in the repository, or possibly eliminate the risk reported by the
package itself. In
36 matches
Mail list logo
