Accepted comix 3.6.4-1.1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 03 Apr 2008 00:49:49 +0200
Source: comix
Binary: comix
Architecture: source all
Version: 3.6.4-1.1
Distribution: unstable
Urgency: high
Maintainer: Emfox Zhou <emfox@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
comix - GTK Comic Book Viewer
Closes: 462836 462840
Changes:
comix (3.6.4-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Apply patch by Mamoru Tasaka to fix arbitrary code execution
via crafted file names because of passing the filename directly
to string concatenation used in os.popen (CVE-2008-1568; Closes: #462840).
* Apply patch by Mamoru Tasaka to use empfile.mkdtemp() to enable comix
for multi-user environments and thus prevent a race condition in /tmp
without a real security impact (Closes: #462836).
Files:
11ee87c5ad9489dca3ac82bbae0cf04a 592 x11 optional comix_3.6.4-1.1.dsc
b010db6b861426875a7340f21a6b4e5f 6609 x11 optional comix_3.6.4-1.1.diff.gz
51f84955be80522baee2f1cc196e5fce 234988 x11 optional comix_3.6.4-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH9A9LHYflSXNkfP8RAnz/AJ98wpCSszQluevknlL04PVap8ac+QCdEIvT
uXM17oGJWWnTAsB4KjC86oQ=
=82HO
-----END PGP SIGNATURE-----
Accepted:
comix_3.6.4-1.1.diff.gz
to pool/main/c/comix/comix_3.6.4-1.1.diff.gz
comix_3.6.4-1.1.dsc
to pool/main/c/comix/comix_3.6.4-1.1.dsc
comix_3.6.4-1.1_all.deb
to pool/main/c/comix/comix_3.6.4-1.1_all.deb