-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 03 Apr 2008 00:49:49 +0200 Source: comix Binary: comix Architecture: source all Version: 3.6.4-1.1 Distribution: unstable Urgency: high Maintainer: Emfox Zhou <emfox@debian.org> Changed-By: Nico Golde <nion@debian.org> Description: comix - GTK Comic Book Viewer Closes: 462836 462840 Changes: comix (3.6.4-1.1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Apply patch by Mamoru Tasaka to fix arbitrary code execution via crafted file names because of passing the filename directly to string concatenation used in os.popen (CVE-2008-1568; Closes: #462840). * Apply patch by Mamoru Tasaka to use empfile.mkdtemp() to enable comix for multi-user environments and thus prevent a race condition in /tmp without a real security impact (Closes: #462836). Files: 11ee87c5ad9489dca3ac82bbae0cf04a 592 x11 optional comix_3.6.4-1.1.dsc b010db6b861426875a7340f21a6b4e5f 6609 x11 optional comix_3.6.4-1.1.diff.gz 51f84955be80522baee2f1cc196e5fce 234988 x11 optional comix_3.6.4-1.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH9A9LHYflSXNkfP8RAnz/AJ98wpCSszQluevknlL04PVap8ac+QCdEIvT uXM17oGJWWnTAsB4KjC86oQ= =82HO -----END PGP SIGNATURE----- Accepted: comix_3.6.4-1.1.diff.gz to pool/main/c/comix/comix_3.6.4-1.1.diff.gz comix_3.6.4-1.1.dsc to pool/main/c/comix/comix_3.6.4-1.1.dsc comix_3.6.4-1.1_all.deb to pool/main/c/comix/comix_3.6.4-1.1_all.deb