Bug#633870: marked as done (CVE-2011-2684)

To: Didier Raboud <odyx@debian.org>
Subject: Bug#633870: marked as done (CVE-2011-2684)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 28 Jul 2011 20:12:09 +0000
Message-id: <[🔎] handler.633870.D633870.131188374929184.ackdone@bugs.debian.org>
References: <E1QmWtI-0004Tz-7u@franck.debian.org> <[🔎] 20110714151842.15666.64244.reportbug@irma.knut.univention.de>

Your message dated Thu, 28 Jul 2011 20:09:08 +0000
with message-id <E1QmWtI-0004Tz-7u@franck.debian.org>
and subject line Bug#633870: fixed in foo2zjs 20090908dfsg-5.1+squeeze0
has caused the Debian Bug report #633870,
regarding CVE-2011-2684
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
633870: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2011-2684

From: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Thu, 14 Jul 2011 17:18:42 +0200

Message-id: <[🔎] 20110714151842.15666.64244.reportbug@irma.knut.univention.de>
Package: foo2zjs
Severity: grave
Tags: security

The following security issue was reported in foo2zjs:
https://bugs.launchpad.net/bugs/805370

It doesn't warrant a DSA, but could be fixed in a point
update.

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 633870-close@bugs.debian.org
Subject: Bug#633870: fixed in foo2zjs 20090908dfsg-5.1+squeeze0
From: Didier Raboud <odyx@debian.org>
Date: Thu, 28 Jul 2011 20:09:08 +0000
Message-id: <E1QmWtI-0004Tz-7u@franck.debian.org>

Source: foo2zjs
Source-Version: 20090908dfsg-5.1+squeeze0

We believe that the bug you reported is fixed in the latest version of
foo2zjs, which is due to be installed in the Debian FTP archive:

foo2zjs_20090908dfsg-5.1+squeeze0.diff.gz
  to main/f/foo2zjs/foo2zjs_20090908dfsg-5.1+squeeze0.diff.gz
foo2zjs_20090908dfsg-5.1+squeeze0.dsc
  to main/f/foo2zjs/foo2zjs_20090908dfsg-5.1+squeeze0.dsc
foo2zjs_20090908dfsg-5.1+squeeze0_amd64.deb
  to main/f/foo2zjs/foo2zjs_20090908dfsg-5.1+squeeze0_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 633870@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated foo2zjs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 27 Jul 2011 18:51:20 +0200
Source: foo2zjs
Binary: foo2zjs
Architecture: source amd64
Version: 20090908dfsg-5.1+squeeze0
Distribution: squeeze
Urgency: low
Maintainer: Debian Foo2zjs Maintainers <foo2zjs-maintainer@lists.alioth.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Description: 
 foo2zjs    - Support for printing to ZjStream-based printers
Closes: 633870
Changes: 
 foo2zjs (20090908dfsg-5.1+squeeze0) stable-proposed-updates; urgency=low
 .
   * Non-maintainer upload.
   * Update debian/patches/60-getweb.in.patch:
     Fix CVE-2011-2684 "Insecure Temporary File" (CWE-277) in /usr/bin/getweb
     by creating a safe temporary directory with mktemp (Closes: #633870) and
     running the script with -e.
Checksums-Sha1: 
 9e1ae4c08719b0ff6ae5572cbb69189311510e26 1491 foo2zjs_20090908dfsg-5.1+squeeze0.dsc
 9a820b16a172e1105ddd142c41467ccc81f123b0 17241 foo2zjs_20090908dfsg-5.1+squeeze0.diff.gz
 134a2f8d814e2475c4b53c27a287dcd04de3fb30 1592812 foo2zjs_20090908dfsg-5.1+squeeze0_amd64.deb
Checksums-Sha256: 
 27e9012c367c7c7fc1b8bebfeb930b3ff20bdd7c180f0e0996ef1f1f58b27697 1491 foo2zjs_20090908dfsg-5.1+squeeze0.dsc
 4a60c55158614b27c37d14d2fe6b899311e6e1194b5316e25dbe313604859a16 17241 foo2zjs_20090908dfsg-5.1+squeeze0.diff.gz
 cb37543c1b5a5dea068a36172ede5dfd8908ce02adb467829881f9ba35fad9c8 1592812 foo2zjs_20090908dfsg-5.1+squeeze0_amd64.deb
Files: 
 10554997d4ad7055ac51a31b1372df7e 1491 text optional foo2zjs_20090908dfsg-5.1+squeeze0.dsc
 0565d82dfedc47b94d7585fa8d3fb9e7 17241 text optional foo2zjs_20090908dfsg-5.1+squeeze0.diff.gz
 563ee0561d09c50ba1059f842271e0f8 1592812 text optional foo2zjs_20090908dfsg-5.1+squeeze0_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iJwEAQECAAYFAk4wTO8ACgkQKA1Vt+jBwDi7twP+KISjFbmjQ+ABjfzViP2gS9do
eRm2FCg6nVq0PXQPh7qbxhZpChuPYN1hnYevwIuIbwiswUQMkZVuryIWChCwiTAx
Ll7EP1wtm9cSSld5AJLncpMOgpR/mbltcLUwHH15ZXNv+KiaIs8qk2utbxl4tDl7
ulsPNaHOMDMy8Z0TCmM=
=M7Pe
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#633870: CVE-2011-2684
  - From: Moritz Muehlenhoff <muehlenhoff@univention.de>

Prev by Date: foo2zjs_20110722dfsg-3_amd64.changes ACCEPTED into unstable
Next by Date: Bug#635994: foo2zjs makes use of embedded, patented libraries
Previous by thread: Bug#633870: marked as done (CVE-2011-2684)
Next by thread: Bug#634030: hplip: Please Build-Depends on libjpeg-dev, not libjpeg62-dev
Index(es):
- Date
- Thread