Debian Bug report logs -
#688280
android-tools: CVE-2012-5564: android-tools-adb creates a file with a static file name in /tmp
Reported by: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Date: Fri, 21 Sep 2012 05:33:02 UTC
Severity: normal
Tags: security, upstream
Fixed in version android-platform-system-core/1:7.0.0+r1-4
Done: Hans-Christoph Steiner <hans@eds.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.hu>
:
Bug#688280
; Package android-tools-adb
.
(Fri, 21 Sep 2012 05:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
:
New Bug report received and forwarded. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.hu>
.
(Fri, 21 Sep 2012 05:33:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: android-tools-adb
Version: 4.1.1+git20120801-1
Severity: normal
Dear Maintainer,
thanks for packaging adb&fastboot.
However I noticed a file '/tmp/adb.log' is created by adb. This is
done in
fd = unix_open("/tmp/adb.log", O_WRONLY | O_CREAT | O_APPEND, 0640);
[ core/adb/adb.c:701 ]
In my opinion this is a dirty hack and not acceptable from a security
point of view, symlinks attacks and the like. At least, if two
different non-root users use adb, the second one is unable (EPERM) to
write that file, potentially missing information.
For the records, I am using a private wheezy backport of
android-tools. No changes were done to the sources.
Regards,
Christoph
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4.10 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages android-tools-adb depends on:
ii libc6 2.13-35
ii zlib1g 1:1.2.7.dfsg-13
android-tools-adb recommends no packages.
android-tools-adb suggests no packages.
-- no debconf information
[signature.asc (application/pgp-signature, inline)]
Added tag(s) security.
Request was from Paul Wise <pabs@debian.org>
to control@bugs.debian.org
.
(Fri, 23 Nov 2012 07:03:03 GMT) (full text, mbox, link).
Changed Bug title to 'CVE-2012-5564: android-tools-adb creates a file with a static file name in /tmp' from 'android-tools-adb creates a file with a static file name in /tmp'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 24 Nov 2012 08:39:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
:
Bug#688280
; Package android-tools-adb
.
(Mon, 09 May 2016 05:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Paul Wise <pabs@debian.org>
:
Extra info received and forwarded to list. Copy sent to Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
.
(Mon, 09 May 2016 05:39:03 GMT) (full text, mbox, link).
Message #14 received at 688280@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: clone -1 -2
Control: reassign -2 adb 1:6.0.0+r26-1~stage1
Control: tags -2 + security
On Fri, 21 Sep 2012 07:24:17 +0200 Christoph Biedl wrote:
> Package: android-tools-adb
> Version: 4.1.1+git20120801-1
This issue is also present in the adb binary package built from the new
android-platform-system-core source package.
--
bye,
pabs
https://wiki.debian.org/PaulWise
[signature.asc (application/pgp-signature, inline)]
Bug 688280 cloned as bug 823792
Request was from Paul Wise <pabs@debian.org>
to 688280-submit@bugs.debian.org
.
(Mon, 09 May 2016 05:39:04 GMT) (full text, mbox, link).
Bug reassigned from package 'android-tools-adb' to 'adb'.
Request was from Fathi Boudra <fabo@debian.org>
to control@bugs.debian.org
.
(Wed, 21 Dec 2016 13:51:11 GMT) (full text, mbox, link).
No longer marked as found in versions android-tools/4.1.1+git20120801-1.
Request was from Fathi Boudra <fabo@debian.org>
to control@bugs.debian.org
.
(Wed, 21 Dec 2016 13:51:11 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
:
Bug#688280
; Package adb
.
(Wed, 21 Dec 2016 15:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
.
(Wed, 21 Dec 2016 15:03:03 GMT) (full text, mbox, link).
Message #25 received at 688280@bugs.debian.org (full text, mbox, reply):
Hi
On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
> reassign 688280 adb
> thanks
Is this reassign correct? Paul Wise in
https://bugs.debian.org/688280#14 already did clone the bug to
reassign it for the android-platform-system-core source package.
So there should still be
#688280 for src:android-tools
#823792 for src:android-platform-system-core
Regards,
Salvatore
Bug reassigned from package 'adb' to 'src:android-tools'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 21 Dec 2016 15:09:05 GMT) (full text, mbox, link).
Changed Bug title to 'android-tools: CVE-2012-5564: android-tools-adb creates a file with a static file name in /tmp' from 'CVE-2012-5564: android-tools-adb creates a file with a static file name in /tmp'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 21 Dec 2016 15:09:06 GMT) (full text, mbox, link).
Marked as found in versions android-tools/4.1.1+git20120801-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 21 Dec 2016 15:09:09 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
:
Bug#688280
; Package src:android-tools
.
(Wed, 21 Dec 2016 18:51:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Fathi Boudra <fabo@debian.org>
:
Extra info received and forwarded to list. Copy sent to Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
.
(Wed, 21 Dec 2016 18:51:06 GMT) (full text, mbox, link).
Message #36 received at 688280@bugs.debian.org (full text, mbox, reply):
Hi,
On Wed, Dec 21, 2016 at 4:59 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> Hi
>
> On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
>> reassign 688280 adb
>> thanks
>
> Is this reassign correct? Paul Wise in
> https://bugs.debian.org/688280#14 already did clone the bug to
> reassign it for the android-platform-system-core source package.
>
> So there should still be
>
> #688280 for src:android-tools
> #823792 for src:android-platform-system-core
You're right. Jessie src:android-tools is still affected.
> Regards,
> Salvatore
Cheers,
Fathi
Marked as found in versions android-tools/5.1.1.r38-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 22 Dec 2016 05:39:02 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
:
Bug#688280
; Package src:android-tools
.
(Tue, 27 Dec 2016 11:51:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
.
(Tue, 27 Dec 2016 11:51:02 GMT) (full text, mbox, link).
Message #43 received at 688280@bugs.debian.org (full text, mbox, reply):
On Wed, Dec 21, 2016 at 08:49:00PM +0200, Fathi Boudra wrote:
> Hi,
>
> On Wed, Dec 21, 2016 at 4:59 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> > Hi
> >
> > On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
> >> reassign 688280 adb
> >> thanks
> >
> > Is this reassign correct? Paul Wise in
> > https://bugs.debian.org/688280#14 already did clone the bug to
> > reassign it for the android-platform-system-core source package.
> >
> > So there should still be
> >
> > #688280 for src:android-tools
> > #823792 for src:android-platform-system-core
>
> You're right. Jessie src:android-tools is still affected.
Which version fixed this for src:android-tools in unstable?
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
:
Bug#688280
; Package src:android-tools
.
(Tue, 27 Dec 2016 13:09:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
.
(Tue, 27 Dec 2016 13:09:02 GMT) (full text, mbox, link).
Message #48 received at 688280@bugs.debian.org (full text, mbox, reply):
Hi Moritz,
On Tue, Dec 27, 2016 at 12:48:34PM +0100, Moritz Mühlenhoff wrote:
> On Wed, Dec 21, 2016 at 08:49:00PM +0200, Fathi Boudra wrote:
> > Hi,
> >
> > On Wed, Dec 21, 2016 at 4:59 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> > > Hi
> > >
> > > On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
> > >> reassign 688280 adb
> > >> thanks
> > >
> > > Is this reassign correct? Paul Wise in
> > > https://bugs.debian.org/688280#14 already did clone the bug to
> > > reassign it for the android-platform-system-core source package.
> > >
> > > So there should still be
> > >
> > > #688280 for src:android-tools
> > > #823792 for src:android-platform-system-core
> >
> > You're right. Jessie src:android-tools is still affected.
>
> Which version fixed this for src:android-tools in unstable?
Not yet for unstable for src:android-tools. I recently updated the
security-tracker information as:
- android-tools <unfixed> (bug #688280) <-- still unfixed
- android-platform-system-core 1:7.0.0+r1-1 (bug #823792)
src:android-tools as per current version in unstable still has:
system/core/adb/adb.c: fd = unix_open("/tmp/adb.log", O_WRONLY | O_CREAT | O_APPEND, 0640);
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
:
Bug#688280
; Package src:android-tools
.
(Tue, 27 Dec 2016 17:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Fathi Boudra <fabo@debian.org>
:
Extra info received and forwarded to list. Copy sent to Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
.
(Tue, 27 Dec 2016 17:39:03 GMT) (full text, mbox, link).
Message #53 received at 688280@bugs.debian.org (full text, mbox, reply):
Hi,
On Tue, Dec 27, 2016 at 3:03 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> Hi Moritz,
>
> On Tue, Dec 27, 2016 at 12:48:34PM +0100, Moritz Mühlenhoff wrote:
>> On Wed, Dec 21, 2016 at 08:49:00PM +0200, Fathi Boudra wrote:
>> > Hi,
>> >
>> > On Wed, Dec 21, 2016 at 4:59 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
>> > > Hi
>> > >
>> > > On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
>> > >> reassign 688280 adb
>> > >> thanks
>> > >
>> > > Is this reassign correct? Paul Wise in
>> > > https://bugs.debian.org/688280#14 already did clone the bug to
>> > > reassign it for the android-platform-system-core source package.
>> > >
>> > > So there should still be
>> > >
>> > > #688280 for src:android-tools
>> > > #823792 for src:android-platform-system-core
>> >
>> > You're right. Jessie src:android-tools is still affected.
>>
>> Which version fixed this for src:android-tools in unstable?
>
> Not yet for unstable for src:android-tools. I recently updated the
> security-tracker information as:
>
> - android-tools <unfixed> (bug #688280) <-- still unfixed
> - android-platform-system-core 1:7.0.0+r1-1 (bug #823792)
>
> src:android-tools as per current version in unstable still has:
>
> system/core/adb/adb.c: fd = unix_open("/tmp/adb.log", O_WRONLY | O_CREAT | O_APPEND, 0640);
adb binary in unstable isn't built anymore from src:android-tools,
only from src:android-platform-system-core.
android-platform-system-core is using 7.x source code and doesn't
contain fd = unix_open("/tmp/adb.log" anymore:
https://android.googlesource.com/platform/system/core/+/android-7.0.0_r1/adb/adb.cpp
https://android.googlesource.com/platform/system/core/+/android-5.1.1_r38/adb/adb.c#990
I haven't seen any patch from Google (or anybody else) to fix the 5.x serie.
Is randomizing the path with mktemp is good enough or should I get rid
of the log file completely?
Note: even if the source code code contains the problem, it isn't used
because we don't build adb at all in android-tools.
>
> Regards,
> Salvatore
Cheers,
Fathi
Information forwarded
to debian-bugs-dist@lists.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
:
Bug#688280
; Package src:android-tools
.
(Tue, 27 Dec 2016 19:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
.
(Tue, 27 Dec 2016 19:03:03 GMT) (full text, mbox, link).
Message #58 received at 688280@bugs.debian.org (full text, mbox, reply):
Hi Fathi!
On Tue, Dec 27, 2016 at 07:33:45PM +0200, Fathi Boudra wrote:
> Hi,
>
> On Tue, Dec 27, 2016 at 3:03 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> > Hi Moritz,
> >
> > On Tue, Dec 27, 2016 at 12:48:34PM +0100, Moritz Mühlenhoff wrote:
> >> On Wed, Dec 21, 2016 at 08:49:00PM +0200, Fathi Boudra wrote:
> >> > Hi,
> >> >
> >> > On Wed, Dec 21, 2016 at 4:59 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> >> > > Hi
> >> > >
> >> > > On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
> >> > >> reassign 688280 adb
> >> > >> thanks
> >> > >
> >> > > Is this reassign correct? Paul Wise in
> >> > > https://bugs.debian.org/688280#14 already did clone the bug to
> >> > > reassign it for the android-platform-system-core source package.
> >> > >
> >> > > So there should still be
> >> > >
> >> > > #688280 for src:android-tools
> >> > > #823792 for src:android-platform-system-core
> >> >
> >> > You're right. Jessie src:android-tools is still affected.
> >>
> >> Which version fixed this for src:android-tools in unstable?
> >
> > Not yet for unstable for src:android-tools. I recently updated the
> > security-tracker information as:
> >
> > - android-tools <unfixed> (bug #688280) <-- still unfixed
> > - android-platform-system-core 1:7.0.0+r1-1 (bug #823792)
> >
> > src:android-tools as per current version in unstable still has:
> >
> > system/core/adb/adb.c: fd = unix_open("/tmp/adb.log", O_WRONLY | O_CREAT | O_APPEND, 0640);
>
> adb binary in unstable isn't built anymore from src:android-tools,
> only from src:android-platform-system-core.
>
> android-platform-system-core is using 7.x source code and doesn't
> contain fd = unix_open("/tmp/adb.log" anymore:
> https://android.googlesource.com/platform/system/core/+/android-7.0.0_r1/adb/adb.cpp
>
> https://android.googlesource.com/platform/system/core/+/android-5.1.1_r38/adb/adb.c#990
>
> I haven't seen any patch from Google (or anybody else) to fix the 5.x serie.
> Is randomizing the path with mktemp is good enough or should I get rid
> of the log file completely?
> Note: even if the source code code contains the problem, it isn't used
> because we don't build adb at all in android-tools.
Thanks a lot for your comments. So it looks that even if we would be
affected source-wise, since android-tools/5.1.1.r38-1 the
binary-package android-tools-adb which contained /usr/bin/adb is not
built anymore.
I have added a corresponding note to
https://security-tracker.debian.org/tracker/CVE-2012-5564
so that it now reads:
CVE-2012-5564 (android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...)
- android-tools <unfixed> (unimportant; bug #688280)
NOTE: Since android-tools/5.1.1.r38-1 the android-tools-adb binary package
NOTE: is not built anymore which used to contain /usr/bin/adb.
NOTE: Package still affected source-wise.
I wouldn't invest much energy though in fixing the issue. The reason
is that due to the kernel hardening
(https://www.debian.org/releases/jessie/amd64/release-notes/ch-whats-new.en.html#security)
nullifies the symlink attacks, thus /tmp related bugs are marked in
meanwhile as severity "unimportant" in the security-tracker (as you
can see in the entry above).
It is really good that you and your team though have fixed the copy in
android-platform-system-core (bug #823792) via new upstream versions
which fixed that source-wise.
Hope this clarifies the back-and-forth on this issue.
Regards,
Salvatore
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 27 Dec 2016 19:03:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
:
Bug#688280
; Package src:android-tools
.
(Fri, 30 Dec 2016 05:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Paul Wise <pabs@debian.org>
:
Extra info received and forwarded to list. Copy sent to Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
.
(Fri, 30 Dec 2016 05:09:03 GMT) (full text, mbox, link).
Message #65 received at 688280@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: reopen 823792
Control: found 823792 1:7.0.0+r1-1
On Tue, 2016-12-27 at 20:01 +0100, Salvatore Bonaccorso wrote:
> It is really good that you and your team though have fixed the copy in
> android-platform-system-core (bug #823792) via new upstream versions
> which fixed that source-wise.
I don't think this is actually fixed by the new upstream versions,
take a look at the GetLogFilePath function via codesearch:
https://sources.debian.net/src/android-platform-system-core/1:7.0.0%2Br1-2/adb/client/main.cpp/?hl=58#L37
--
bye,
pabs
https://wiki.debian.org/PaulWise
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
:
Bug#688280
; Package src:android-tools
.
(Wed, 01 Mar 2017 08:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Hans-Christoph Steiner <hans@eds.org>
:
Extra info received and forwarded to list. Copy sent to Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
.
(Wed, 01 Mar 2017 08:39:03 GMT) (full text, mbox, link).
Message #70 received at 688280@bugs.debian.org (full text, mbox, reply):
Yes, it still makes the log, but now at least with reasonable
permissions, so its not a security issue any more but a Debian policy issue:
$ ls -l /tmp/adb.1000.log
-rw-r----- 1 1000 1000 179 Mar 1 08:31 /tmp/adb.1000.log
I suppose that path should be changed to /var/log/adb/
Information forwarded
to debian-bugs-dist@lists.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
:
Bug#688280
; Package src:android-tools
.
(Thu, 02 Mar 2017 01:03:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Daniel Kahn Gillmor <dkg@fifthhorseman.net>
:
Extra info received and forwarded to list. Copy sent to Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
.
(Thu, 02 Mar 2017 01:03:06 GMT) (full text, mbox, link).
Message #75 received at 688280@bugs.debian.org (full text, mbox, reply):
On Wed 2017-03-01 00:37:27 -0800, Hans-Christoph Steiner wrote:
> Yes, it still makes the log, but now at least with reasonable
> permissions, so its not a security issue any more but a Debian policy issue:
>
> $ ls -l /tmp/adb.1000.log
> -rw-r----- 1 1000 1000 179 Mar 1 08:31 /tmp/adb.1000.log
Why is this not a security issue? there are symlink/race conditions
here, which some modern kernels should defend against, but not all
kernels do. Please, let's get this fixed right.
> I suppose that path should be changed to /var/log/adb/
if the log is an ephemeral per-user log, it should be placed somewhere
like /run/user/$(id -u)/adb.log
--dkg
Reply sent
to Hans-Christoph Steiner <hans@eds.org>
:
You have taken responsibility.
(Mon, 27 Mar 2017 21:03:03 GMT) (full text, mbox, link).
Notification sent
to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
:
Bug acknowledged by developer.
(Mon, 27 Mar 2017 21:03:03 GMT) (full text, mbox, link).
Message #80 received at 688280-close@bugs.debian.org (full text, mbox, reply):
Source: android-platform-system-core
Source-Version: 1:7.0.0+r1-4
We believe that the bug you reported is fixed in the latest version of
android-platform-system-core, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 688280@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hans-Christoph Steiner <hans@eds.org> (supplier of updated android-platform-system-core package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 15 Mar 2017 13:47:44 +0100
Source: android-platform-system-core
Binary: android-liblog android-liblog-dev android-libcutils android-libcutils-dev adb android-libsparse android-libsparse-dev android-libutils android-libutils-dev android-libziparchive android-libziparchive-dev android-platform-system-core-headers android-libbacktrace android-libbacktrace-dev android-libadb android-libadb-dev android-libbase android-libbase-dev fastboot simg2img img2simg append2simg android-tools-adb android-tools-fastboot
Architecture: source amd64 all
Version: 1:7.0.0+r1-4
Distribution: unstable
Urgency: medium
Maintainer: Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
Changed-By: Hans-Christoph Steiner <hans@eds.org>
Description:
adb - Android Debug Bridge
android-libadb - Library for Android Debug Bridge
android-libadb-dev - Library for Android Debug Bridge - Development files
android-libbacktrace - Android backtrace library
android-libbacktrace-dev - Android backtrace library - Development files
android-libbase - Android base library
android-libbase-dev - Android base library - Development files
android-libcutils - Android utils library for C
android-libcutils-dev - Android utils library for C - Development files
android-liblog - Android NDK logger interfaces
android-liblog-dev - Android NDK logger interfaces - Development files
android-libsparse - Library for sparse files
android-libsparse-dev - Library for sparse files - Development files
android-libutils - Android Utility Function Library
android-libutils-dev - Android Utility Function Library - Development files
android-libziparchive - Library for ZIP archives
android-libziparchive-dev - Library for ZIP archives - Development files
android-platform-system-core-headers - Shared headers in AOSP repository platform/system/core
android-tools-adb - transitional package
android-tools-fastboot - transitional package
append2simg - Android sparse image tool
fastboot - Android fastboot tool
img2simg - Android sparse image creation tool
simg2img - Android sparse image conversion tool
Closes: 688280 823792 858177
Changes:
android-platform-system-core (1:7.0.0+r1-4) unstable; urgency=medium
.
* transitional dummy packages for android-tools-adb / android-tools-fastboot
* move adb log file to proper dir (Closes: #823792, #688280)
* import upstream 7.0.0_r31 fixes for CVE-2016-3861 (Closes: #858177)
Checksums-Sha1:
9ce2a71feb396562649096cc6cde3488f643b669 5104 android-platform-system-core_7.0.0+r1-4.dsc
3395d91be9e1bf1686518b1481b8247f6f5bcda8 31876 android-platform-system-core_7.0.0+r1-4.debian.tar.xz
f26e8a27da442dd8062a560ddfa68c45924c0ece 397836 adb-dbgsym_7.0.0+r1-4_amd64.deb
40d658282649f740ff469d10ef9b6ab7de1df45b 71538 adb_7.0.0+r1-4_amd64.deb
4e4348167f227eaeab5ecb0120c72f2d3bd10913 763150 android-libadb-dbgsym_7.0.0+r1-4_amd64.deb
d62fc636df7d3e3959a920312d37d94c4fd73d66 14996 android-libadb-dev_7.0.0+r1-4_amd64.deb
52548f39de99b2c4d4be4c73b9941e9b76bd19b8 82414 android-libadb_7.0.0+r1-4_amd64.deb
14e016cf1c969c3d9f2341aefbe80f3244612d38 244906 android-libbacktrace-dbgsym_7.0.0+r1-4_amd64.deb
422db3c6b63e4c5be8fe2f9ee1585f627ed3439e 9732 android-libbacktrace-dev_7.0.0+r1-4_amd64.deb
d40ed0f370d53a07522f0c369d90feb3b2bb8c12 33498 android-libbacktrace_7.0.0+r1-4_amd64.deb
8a9d2214bcf87d856316bcbe234be0be42353979 161310 android-libbase-dbgsym_7.0.0+r1-4_amd64.deb
2ec9443e85dd098f10f7b105f014cc48b0e93806 17220 android-libbase-dev_7.0.0+r1-4_amd64.deb
d5147f63a91bf5eb50adad246b411d4b66964745 20438 android-libbase_7.0.0+r1-4_amd64.deb
9e6e9e7df32049e6b6231bfe15e4adb649bff88d 56268 android-libcutils-dbgsym_7.0.0+r1-4_amd64.deb
f6588122aaad3d6264b8419a73e9131f7121d12a 23062 android-libcutils-dev_7.0.0+r1-4_amd64.deb
d01ce9e75a246ec31858be0b15b329bd5f43caf0 24290 android-libcutils_7.0.0+r1-4_amd64.deb
71c073d6582977f8a31229f55c78e9c1e3db68b7 33506 android-liblog-dbgsym_7.0.0+r1-4_amd64.deb
2bf62e268285d66385783dd59b3f22fb1c29b488 19056 android-liblog-dev_7.0.0+r1-4_amd64.deb
a3be6e5d9ed3b802730ee67369b0cfeb68f443ac 18016 android-liblog_7.0.0+r1-4_amd64.deb
4784e927eff04c84669dd52d277fc22c6517d9a9 28922 android-libsparse-dbgsym_7.0.0+r1-4_amd64.deb
fb42601d620a6a8d548ed84ff81754ab69a141c0 9250 android-libsparse-dev_7.0.0+r1-4_amd64.deb
3f4958cb8076a41a9b1d96ff7a02414d81b2c873 18272 android-libsparse_7.0.0+r1-4_amd64.deb
480eabee6b607d215f1035ed0f9d879bac6448bc 242736 android-libutils-dbgsym_7.0.0+r1-4_amd64.deb
3619f7641d844a54e6cdcdcfd22159b42b0438f4 52240 android-libutils-dev_7.0.0+r1-4_amd64.deb
3f6c2d469f7b6af9825760c005bef2014468157c 50582 android-libutils_7.0.0+r1-4_amd64.deb
f74091c6e6f535b00e25938c2f23d3cd3a15f85c 116826 android-libziparchive-dbgsym_7.0.0+r1-4_amd64.deb
75ac5c77ca34f945d88de0e1412b5b0f17de6a38 10768 android-libziparchive-dev_7.0.0+r1-4_amd64.deb
4a3ec06256fbcfda248f6812cd9297898d687de2 21244 android-libziparchive_7.0.0+r1-4_amd64.deb
7fc13e3d85d49f8353c2dd52c4573d00d4c5caca 32846 android-platform-system-core-headers_7.0.0+r1-4_all.deb
835346dca2e573a8d49a034c8a696791fc90bcf2 16729 android-platform-system-core_7.0.0+r1-4_amd64.buildinfo
9f07f8304f1591c3b8c4989c08d7ba58de0eb948 6722 android-tools-adb_7.0.0+r1-4_all.deb
9290fbd672790ce38997ef8ace2480c56b4a32be 6726 android-tools-fastboot_7.0.0+r1-4_all.deb
1c008529d006981d5bc5590d731fae9cdcd3642b 6596 append2simg-dbgsym_7.0.0+r1-4_amd64.deb
3096adae0a57f9282ca0d4e719223719599a1fcf 9766 append2simg_7.0.0+r1-4_amd64.deb
115049599931b34dcc5b6163a4f18c5a8dd6bccb 300994 fastboot-dbgsym_7.0.0+r1-4_amd64.deb
2c7ce81cc8235228b8e39236642e1d05c602a59c 48876 fastboot_7.0.0+r1-4_amd64.deb
74687154d05331c0cdefabf994130b35a91b0e42 6178 img2simg-dbgsym_7.0.0+r1-4_amd64.deb
2b4e6f60f8455237590194ff62b3d0ecddfa1a06 9610 img2simg_7.0.0+r1-4_amd64.deb
78effe3cbf966f6febb255271066fa89a80e9cab 6278 simg2img-dbgsym_7.0.0+r1-4_amd64.deb
793b486860bdbb087b734de36b236b129250d141 10668 simg2img_7.0.0+r1-4_amd64.deb
Checksums-Sha256:
443ed83a2f207c90efb46e3f2303f11b1a9a3d1a7fe5171c88ad4a8b2f04e92d 5104 android-platform-system-core_7.0.0+r1-4.dsc
14c16b79e05076e20d7c7987488f9a7627d57c3e42f3639db38666a84bae5fef 31876 android-platform-system-core_7.0.0+r1-4.debian.tar.xz
6c3e90c7215dc99c49574f8f84ab89ab6b609bb7b3b439c6dcf3fb3ef51bfbd1 397836 adb-dbgsym_7.0.0+r1-4_amd64.deb
6d58c4fd485d60a45b273eedb309911b8e54d24642a1e3fc80858cc51dcf8a6f 71538 adb_7.0.0+r1-4_amd64.deb
1d70cc4b099b2a8b10cdcd79af3c80781cc88430ede92717139f53370be9a410 763150 android-libadb-dbgsym_7.0.0+r1-4_amd64.deb
da974218d6af56435a941f94ab324ccc8f5349da9e91a35f0dec46e854bd288b 14996 android-libadb-dev_7.0.0+r1-4_amd64.deb
49ab279121da76753b69680642a65cac5ac065080c1d9f4c9985f6d070b68e90 82414 android-libadb_7.0.0+r1-4_amd64.deb
836175b1374d39cc2e2c19ab0726d114a3db2c986fc0ed140c9a5a0bdf6e9b4a 244906 android-libbacktrace-dbgsym_7.0.0+r1-4_amd64.deb
78a8d26e644696ec2630a758e2b37d33b7793650f2afb864b2789f8a27004930 9732 android-libbacktrace-dev_7.0.0+r1-4_amd64.deb
d3f4f5dc5b49385c7a86632fe5a6f47b2d6adbc19fb911eb9f5ab3580e48d3d4 33498 android-libbacktrace_7.0.0+r1-4_amd64.deb
8a4115ce2d25898c01dc91aff6ed42a97456c06bc0427529acf554de5c84ef09 161310 android-libbase-dbgsym_7.0.0+r1-4_amd64.deb
a48dd4c753783d14fe324f61b937cef9c354da8872668298cf49144f73e4bfed 17220 android-libbase-dev_7.0.0+r1-4_amd64.deb
1691b8b636f7170772bd42181a137b0de4a98032aec452cc70bfe1f08941f838 20438 android-libbase_7.0.0+r1-4_amd64.deb
d0a237c6ed1a669a89edbb1fc8a48b6ebe02375d1920112d7cdf86a38aabd172 56268 android-libcutils-dbgsym_7.0.0+r1-4_amd64.deb
57d9f5ada18f92a3129b4413a0ea46b150eef8a7d51095dbd51b9163c5436dc8 23062 android-libcutils-dev_7.0.0+r1-4_amd64.deb
9037feced803a1e9997ede4c8d1a362303a7d75836ec4eeb4855af26ffa8873e 24290 android-libcutils_7.0.0+r1-4_amd64.deb
cb066ed5daca545a476c2ecb1e10bf249d408304c96e7c720a3a8db2387e5bfd 33506 android-liblog-dbgsym_7.0.0+r1-4_amd64.deb
40ec70c9970d1388515e92394b8a24095dc9494b66e3fb2a635533c25b81ef17 19056 android-liblog-dev_7.0.0+r1-4_amd64.deb
728b417d09aa85eb778a2e925b25d52925cfefa4e2805dc3c6a0031fb2646e3b 18016 android-liblog_7.0.0+r1-4_amd64.deb
0ba06d2e1166a14fbad6129a506ee9a7473337d463131387e7cc4b339d278f58 28922 android-libsparse-dbgsym_7.0.0+r1-4_amd64.deb
20cba47bc92baad1846d10e11d104332d07b756c91c77e819cfdb0121de4382c 9250 android-libsparse-dev_7.0.0+r1-4_amd64.deb
54e999de0dd33ed48730d998ab8e707eb7e4446b9381353c249576a535780da9 18272 android-libsparse_7.0.0+r1-4_amd64.deb
ff26f6f1f91efa72e8e0c446011e3551c3a0e611a7763c54609021c5ce942c11 242736 android-libutils-dbgsym_7.0.0+r1-4_amd64.deb
8198bd360d81993f118e1db57c8e8cabe9b007800942f5f3bf78aebaeef7a1dd 52240 android-libutils-dev_7.0.0+r1-4_amd64.deb
6f13e62e41ac7e6c3ba8d4804ff6f929092075b9ce05dd7fbe386b64026b23ae 50582 android-libutils_7.0.0+r1-4_amd64.deb
e6cb6d6b0a89930cd586fe702ae5293e114e87a0cfffcb863ea2828964c800e0 116826 android-libziparchive-dbgsym_7.0.0+r1-4_amd64.deb
b84f3b58acfa79ef62abd0481eb1ea85f24bb8876561c58f2a6224e8eace1600 10768 android-libziparchive-dev_7.0.0+r1-4_amd64.deb
faad24c4f7c5c16f4fc53a5b2a6e63ff8dfcdaf2e0942855f37a595820ea3505 21244 android-libziparchive_7.0.0+r1-4_amd64.deb
042c308f0e953151aece746ddcde3ec97afaddc296e583623e382022e8e4d492 32846 android-platform-system-core-headers_7.0.0+r1-4_all.deb
d34d5a3c03a4d521cff6b70af349fc8395d02268687c6e419611817346601531 16729 android-platform-system-core_7.0.0+r1-4_amd64.buildinfo
3459ab5c6f0c53f5af04d14b0dc5dba40b153eed3790000b5f4ad6117c8d17c9 6722 android-tools-adb_7.0.0+r1-4_all.deb
ab2f80d008ff818dd3e0bcb8602b090938ebb0571f78128955b4d7f163bba6d9 6726 android-tools-fastboot_7.0.0+r1-4_all.deb
3a67a85c5ac70aa30b5e38edabd823f5b8b2344c79834ef520063f96b4b51141 6596 append2simg-dbgsym_7.0.0+r1-4_amd64.deb
f2f9496274bf69d8de5352cc9596b807b0000b6f0d89a608ceb079158053304e 9766 append2simg_7.0.0+r1-4_amd64.deb
7472cd59edf144284de6c85f0118888e478f9df286b1d0e3a1708ece79430569 300994 fastboot-dbgsym_7.0.0+r1-4_amd64.deb
ac116448a699114e12e2dab54bce7129b3ce1242c6d67743246151d4ddfd795f 48876 fastboot_7.0.0+r1-4_amd64.deb
7ca7f443e1a11fedf938b3e5695f7a33234625d70cbf19cd5f521e0bf48598e9 6178 img2simg-dbgsym_7.0.0+r1-4_amd64.deb
3f7f33083866c770f61c2526e8e42b6e1c992eff7a3b7f462e4fcee7de3f38ff 9610 img2simg_7.0.0+r1-4_amd64.deb
ba3d66342786f801b9a8479a55e1fff25fe0f874e1ecccab62ec666e3273642b 6278 simg2img-dbgsym_7.0.0+r1-4_amd64.deb
86f65ca246db17b9c399e2d2d142a296d356b79d126c031b85d9811ce51488e2 10668 simg2img_7.0.0+r1-4_amd64.deb
Files:
45df1bda153a64dd098d9ec234b5d722 5104 devel optional android-platform-system-core_7.0.0+r1-4.dsc
95cf397cf64c867f3e55b8b8a52c3951 31876 devel optional android-platform-system-core_7.0.0+r1-4.debian.tar.xz
7d4c54bb650558a3c02b8d90b17889f8 397836 debug extra adb-dbgsym_7.0.0+r1-4_amd64.deb
3aa5a37eaaae8cbaba10ea9229ffa06a 71538 devel optional adb_7.0.0+r1-4_amd64.deb
66417a6200dca64675a6e9600c27d1f2 763150 debug extra android-libadb-dbgsym_7.0.0+r1-4_amd64.deb
b343ab0e7c78064044464d766c2a74a3 14996 libdevel optional android-libadb-dev_7.0.0+r1-4_amd64.deb
4df2e4e3e88a2ba57c92d4767836fa74 82414 libs optional android-libadb_7.0.0+r1-4_amd64.deb
0df5e04c34899a96116d9e563114ec9d 244906 debug extra android-libbacktrace-dbgsym_7.0.0+r1-4_amd64.deb
75c173ba4472be02421192d030777e7e 9732 libdevel optional android-libbacktrace-dev_7.0.0+r1-4_amd64.deb
de54d775a282336ec5d86acfa55ad304 33498 libs optional android-libbacktrace_7.0.0+r1-4_amd64.deb
9a1f94fb71c2f84202e6524f0e426638 161310 debug extra android-libbase-dbgsym_7.0.0+r1-4_amd64.deb
80d6973a39746cc80225c82f09ed02d7 17220 libdevel optional android-libbase-dev_7.0.0+r1-4_amd64.deb
9d3a6155e11685568a039bd54a6fbdb7 20438 libs optional android-libbase_7.0.0+r1-4_amd64.deb
e90e564febd971bd4a92621fe76ed8a9 56268 debug extra android-libcutils-dbgsym_7.0.0+r1-4_amd64.deb
976bb1a65038118b9ee062799c5d67f5 23062 libdevel optional android-libcutils-dev_7.0.0+r1-4_amd64.deb
7a25c59438cebcf4dead977af52bfbc5 24290 libs optional android-libcutils_7.0.0+r1-4_amd64.deb
49ef52ff4189de3fdc324dedd038a5b1 33506 debug extra android-liblog-dbgsym_7.0.0+r1-4_amd64.deb
84cb5d83bd21a18a7cd80e8b362a9b45 19056 libdevel optional android-liblog-dev_7.0.0+r1-4_amd64.deb
c33bc16f93aad7cc4eb83922787f56b6 18016 libs optional android-liblog_7.0.0+r1-4_amd64.deb
b5fb9ae93f02d4843d220989fec1ad45 28922 debug extra android-libsparse-dbgsym_7.0.0+r1-4_amd64.deb
108cf88c5d78091a5fd09cd17d012e18 9250 libdevel optional android-libsparse-dev_7.0.0+r1-4_amd64.deb
89cd1d81122ffc53c12e49b0ea70f1d8 18272 libs optional android-libsparse_7.0.0+r1-4_amd64.deb
55e202fc731d578a0b8e9a2cfcb62f96 242736 debug extra android-libutils-dbgsym_7.0.0+r1-4_amd64.deb
5e7860a14b9a8de1364e06b6f32012c9 52240 libdevel optional android-libutils-dev_7.0.0+r1-4_amd64.deb
c38c77fbb22176e44c12353b9c87c4e7 50582 libs optional android-libutils_7.0.0+r1-4_amd64.deb
7154ce7b732d20947936f5eda6a5d34e 116826 debug extra android-libziparchive-dbgsym_7.0.0+r1-4_amd64.deb
227aa43f0fd1c7c7b49e974dc6535c75 10768 libdevel optional android-libziparchive-dev_7.0.0+r1-4_amd64.deb
9c5c978f9c252929d7c8caa25a353e10 21244 libs optional android-libziparchive_7.0.0+r1-4_amd64.deb
fbd96e7007303eae2559a9f22ecdfbbb 32846 libdevel optional android-platform-system-core-headers_7.0.0+r1-4_all.deb
b8de9fd8fee9c219589caa7fba26c2a3 16729 devel optional android-platform-system-core_7.0.0+r1-4_amd64.buildinfo
57a002a174e03bfbe2df23254de6cde4 6722 oldlibs extra android-tools-adb_7.0.0+r1-4_all.deb
6819914667c76ff1ee3559d6cdaa901f 6726 oldlibs extra android-tools-fastboot_7.0.0+r1-4_all.deb
429e81276978b6f80cc4941c2d6d4dda 6596 debug extra append2simg-dbgsym_7.0.0+r1-4_amd64.deb
3f5b7e63c33d15aaa2d6b692b0089adb 9766 devel optional append2simg_7.0.0+r1-4_amd64.deb
03945268d76307ac6b3179c649f37693 300994 debug extra fastboot-dbgsym_7.0.0+r1-4_amd64.deb
84cbfd24bc9aa1300b25222fa41b5dee 48876 devel optional fastboot_7.0.0+r1-4_amd64.deb
88327f14eb1041d8aed191a8e683d69d 6178 debug extra img2simg-dbgsym_7.0.0+r1-4_amd64.deb
73bd405fc3f65e37ea723fd05aea86e2 9610 devel optional img2simg_7.0.0+r1-4_amd64.deb
b6dd278625890354c08b92606685f2f0 6278 debug extra simg2img-dbgsym_7.0.0+r1-4_amd64.deb
a308270621e73699952a80b6052d78bd 10668 devel optional simg2img_7.0.0+r1-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPG for Android - https://guardianproject.info/code/gnupg/
iQEcBAEBCAAGBQJY2Lr+AAoJED4XeBe6G5v69RIIAMO58UtnpUyiUmga6LhyKvk/
QL/5T7WDLTKws9GDNLhmh4j/J+3z3ROu+byEAQzQc3jaDeUxhyhLVA1i98VXsIJS
40ej430x+T3MGmAeqps+esW5L/n1hFtCrxKzp3I6tM28tFfFx1aDgbSQpGxBm0Hh
8M25V6iq/UQX4fSaqMSQ9mJ9xt6l/jwKnEUAJbWmhXNVzV0/VRuMgJT9xoTlcOfg
4AOObTsbDATVEpYg7whKkd0wzozAqQI2uOaOuawiWWYQGCFSFC3jY43ohNcKAF0i
kOLYaB1j8FJijTppPYBW6VZSOgpIYLQokGMiS353BN3GQdmZkCP+1mYP3ENQ2N0=
=99yw
-----END PGP SIGNATURE-----
No longer marked as found in versions android-tools/5.1.1.r38-1 and android-tools/4.1.1+git20120801-1.
Request was from Andreas Beckmann <anbe@debian.org>
to control@bugs.debian.org
.
(Sun, 02 Jul 2017 22:39:17 GMT) (full text, mbox, link).
No longer marked as fixed in versions android-platform-system-core/1:7.0.0+r1-4.
Request was from Andreas Beckmann <anbe@debian.org>
to control@bugs.debian.org
.
(Sun, 02 Jul 2017 22:39:18 GMT) (full text, mbox, link).
Added indication that 688280 affects android-tools-adb
Request was from Andreas Beckmann <anbe@debian.org>
to control@bugs.debian.org
.
(Sun, 02 Jul 2017 22:39:18 GMT) (full text, mbox, link).
Marked as fixed in versions android-platform-system-core/1:7.0.0+r1-4.
Request was from Andreas Beckmann <anbe@debian.org>
to control@bugs.debian.org
.
(Sun, 02 Jul 2017 22:39:18 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 08 Aug 2017 07:29:44 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:20:36 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.