Your message dated Sun, 4 May 2008 16:26:13 +1000
with message-id <[EMAIL PROTECTED]>
and subject line patch is in the sid version
has caused the Debian Bug report #478135,
regarding util-linux: CVE-2008-1926 argument injection passed to audit
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
478135: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478135
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: util-linux
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for util-linux.
CVE-2008-1926[0]:
| Argument injection vulnerability in login (login-utils/login.c) in
| util-linux-ng 2.14 and earlier makes it easier for remote attackers to
| hide activities by modifying portions of log events, as demonstrated
| by appending an "addr=" statement to the login name, aka "audit log
| injection."
Patch:
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commitdiff_plain;h=8ccf0b253ac0f4f58d64bc9674de18bff5a88782
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1926
http://security-tracker.debian.net/tracker/CVE-2008-1926
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpEk9gqRmOyp.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
fixed 478135 2.13.1.1-1
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
