Bug#389934: marked as done (libg20-perl: include unsafe rpath to /build/buildd)
Your message dated Mon, 27 Apr 2009 18:32:03 +0000
with message-id <E1LyVcZ-0001hu-UX@ries.debian.org>
and subject line Bug#389934: fixed in g2 0.72-1
has caused the Debian Bug report #389934,
regarding libg20-perl: include unsafe rpath to /build/buildd
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
389934: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389934
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libg20-perl: include unsafe rpath to /build/buildd
- From: Bill Allombert <ballombe@debian.org>
- Date: Thu, 28 Sep 2006 15:12:43 +0200
- Message-id: <20060928131243.GA21234@yellowpig.yi.org>
Package: libg20-perl
Version: 0.70-1.2
Severity: grave
Tags: security
Hello Eric,
The file /usr/lib/perl5/auto/G2/G2.so include a rpath pointing to
/build/buildd/g2-0.70/g2_perl/.. which is not a FHS approved location.
% chrpath /usr/lib/perl5/auto/G2/G2.so
/usr/lib/perl5/auto/G2/G2.so: RPATH=/build/buildd/g2-0.70/g2_perl/..
On some system, a user could have write access to /build and thus be able
to set up a rogue library in that location that will get loaded by users
of libg20-perl.
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
--- End Message ---
--- Begin Message ---
Source: g2
Source-Version: 0.72-1
We believe that the bug you reported is fixed in the latest version of
g2, which is due to be installed in the Debian FTP archive:
g2_0.72-1.diff.gz
to pool/main/g/g2/g2_0.72-1.diff.gz
g2_0.72-1.dsc
to pool/main/g/g2/g2_0.72-1.dsc
g2_0.72.orig.tar.gz
to pool/main/g/g2/g2_0.72.orig.tar.gz
libg2-dev_0.72-1_i386.deb
to pool/main/g/g2/libg2-dev_0.72-1_i386.deb
libg20-perl_0.72-1_i386.deb
to pool/main/g/g2/libg20-perl_0.72-1_i386.deb
libg20_0.72-1_i386.deb
to pool/main/g/g2/libg20_0.72-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 389934@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Barry deFreese <bdefreese@debian.org> (supplier of updated g2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 27 Apr 2009 12:22:34 -0400
Source: g2
Binary: libg2-dev libg20 libg20-perl
Architecture: source i386
Version: 0.72-1
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Barry deFreese <bdefreese@debian.org>
Description:
libg2-dev - g2 2D graphics library (development files)
libg20 - g2 2D graphics library
libg20-perl - g2 2D graphics library (Perl module)
Closes: 389934
Changes:
g2 (0.72-1) unstable; urgency=low
.
* QA upload.
* New upstream release.
* Add quilt patch system.
+ Move old source changes to quilt.
* Update build-dep from xutils to xutils-dev.
* Remove rpath with chrpath. (Closes: #389934).
+ Add build-dep on chrpath.
* Make clean not ignore errors.
* Replace ${Source-Version} with ${binary:Version}.
* Set -e in maintainer scripts.
* Update debian/copyright syntax and add missing holders.
* Bump debhelper build-dep and compat to 5.
* Bump Standards Version to 3.8.1.
Checksums-Sha1:
3cfc1e3b33c4511e2bcc43c5e26f96a6ffcc4ff0 1084 g2_0.72-1.dsc
38a6865a7456ef12dda5aae8085f9347e8c77e4c 487081 g2_0.72.orig.tar.gz
c5c7d3201151b436e3d4384730b5d5aa93d9b95d 6429 g2_0.72-1.diff.gz
5f35ef2f68c1f8233cf515bd74893bf143a86cb9 297594 libg2-dev_0.72-1_i386.deb
585db921714ac3ebe022aba573e63836c7ed51fa 43552 libg20_0.72-1_i386.deb
3fc3faadc079e4bbd2c58fba3156bc157dd1f20c 40472 libg20-perl_0.72-1_i386.deb
Checksums-Sha256:
3d7aa37ecb72485b0009fab00700af5638b443899ef850b540120b497ad5e8fb 1084 g2_0.72-1.dsc
381967065a57354f61b768a1378573f7e66ed706621bcbaa2e8e3aa0f34625d3 487081 g2_0.72.orig.tar.gz
7183b314b86d844cd6b1144cbd7eb4258199f870ee89bcbd8c74ce2c4d8abf7b 6429 g2_0.72-1.diff.gz
f235f31171e789b65157aaba80740406e27c6e3b48e560291574cf464b141f69 297594 libg2-dev_0.72-1_i386.deb
f91309be8bf7c088dda6529be2e1ff83556a389e88d3966d338ecc0d7520d1f2 43552 libg20_0.72-1_i386.deb
152b7af7ebe093a03a20901d92953392501dfe157ca4df146bc9c906d4862470 40472 libg20-perl_0.72-1_i386.deb
Files:
cda19fa6d97b7ce9720434fedddeaad0 1084 libs optional g2_0.72-1.dsc
4b2dc9252c1c785dcb0e0a84d7ba7119 487081 libs optional g2_0.72.orig.tar.gz
925ea167d3db6472f2510f28618ce04e 6429 libs optional g2_0.72-1.diff.gz
d3d4ff579319fca175ef2bee56190bb6 297594 libdevel optional libg2-dev_0.72-1_i386.deb
11ca2e52067e9f49aae2c99727e2bea3 43552 libs optional libg20_0.72-1_i386.deb
9b8e5b43c28b226c671e50640c53b5e9 40472 perl optional libg20-perl_0.72-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkn1+QwACgkQ5ItltUs5T36l9wCeLj5Vo58uf0Gk9njS/IE3jc1V
OnAAoI84/xc1R5w9CSUIhhVfbuDnrsDy
=TWUi
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: