Your message dated Mon, 01 Apr 2024 19:17:11 +0000
with message-id <e1rrn9b-00deqv...@fasolo.debian.org>
and subject line Bug#1067849: fixed in util-linux 2.38.1-5+deb12u1
has caused the Debian Bug report #1067849,
regarding util-linux: CVE-2024-28085: wall: escape sequence injection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1067849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067849
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: util-linux
Version: 2.39.3-11
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 2.38.1-5
Control: found -1 2.36.1-8+deb11u1
Control: found -1 2.36.1-8
Control: found -1 2.33.1-0.1
Hi,
The following vulnerability was published for util-linux.
CVE-2024-28085[0]:
| escape sequence injection in wall
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-28085
https://www.cve.org/CVERecord?id=CVE-2024-28085
[1] https://www.openwall.com/lists/oss-security/2024/03/27/5
[2] https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
[3] https://github.com/skyler-ferrante/CVE-2024-28085
Regards,
Salvatore
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-18-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
--- End Message ---
--- Begin Message ---
Source: util-linux
Source-Version: 2.38.1-5+deb12u1
Done: Chris Hofstaedtler <z...@debian.org>
We believe that the bug you reported is fixed in the latest version of
util-linux, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <z...@debian.org> (supplier of updated util-linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 28 Mar 2024 10:52:12 +0100
Source: util-linux
Architecture: source
Version: 2.38.1-5+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: util-linux packagers <util-li...@packages.debian.org>
Changed-By: Chris Hofstaedtler <z...@debian.org>
Closes: 1067849
Changes:
util-linux (2.38.1-5+deb12u1) bookworm-security; urgency=medium
.
* Add upstream patches to fix CVE-2024-28085 (Closes: #1067849)
* No longer install wall, write setgid tty to address CVE-2024-28085
* d/gbp.conf: update for stable release
Checksums-Sha1:
54ddd5493323ae44404aba68c2ddf78a69c91f93 4579 util-linux_2.38.1-5+deb12u1.dsc
f62a7b6fe64ce7f4569b57d7d2d0875b39f79836 7495904 util-linux_2.38.1.orig.tar.xz
297967a6bfa48f0c8c8b8dac7d12760922f532eb 118748
util-linux_2.38.1-5+deb12u1.debian.tar.xz
fd3119a6d9e2ad19b9c839dd655327a176436b66 7736
util-linux_2.38.1-5+deb12u1_source.buildinfo
Checksums-Sha256:
980d9d9d9e56c12c067c281d8e4e6b1314537d8dac408b9f933e033da535d455 4579
util-linux_2.38.1-5+deb12u1.dsc
60492a19b44e6cf9a3ddff68325b333b8b52b6c59ce3ebd6a0ecaa4c5117e84f 7495904
util-linux_2.38.1.orig.tar.xz
751272cc0bbf1ed84a5a3378798aac17164de12f449575cc979b5b294f27d305 118748
util-linux_2.38.1-5+deb12u1.debian.tar.xz
013688753f75751c11ab72360d5bedf856ff91915053e531a65165b2e842d8ec 7736
util-linux_2.38.1-5+deb12u1_source.buildinfo
Files:
a1a361170185e7c126b380931c290701 4579 base required
util-linux_2.38.1-5+deb12u1.dsc
cd11456f4ddd31f7fbfdd9488c0c0d02 7495904 base required
util-linux_2.38.1.orig.tar.xz
20ad3c99e9f82bbb81f27f44117869a7 118748 base required
util-linux_2.38.1-5+deb12u1.debian.tar.xz
b9da2223bdb388076b68c4573ee5d528 7736 base required
util-linux_2.38.1-5+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmYFREwACgkQXBPW25MF
LgPG+Q/9HBcjLpOMMqJitTr2BuYh6Y4jnVBv3cHj+/e47MLp4+v6ZaPnKUfTRIM5
966xbNpDH6TPoX187Uwc9Ai74Xw2nsYMAJSy+UaRCINlld5wK9gcWPuZL8mKTB1+
4qOxegDLdFaBRX02rainA569p2hGJP1zpswb3uJFbGECDWzdnylHkvmLsQcR/c2W
cB2//VaVm/Z8nmoQMnPt5NaDJ99g+yB8RyXodOwckbIvQCsTAGPSmw3GCHCli1xS
uoxZE3dpbC2KRZf/qdyLzrbdrumkUn5lqa+9acMGEJU2ek8hdXMEKTjlRT4xfpsp
XvymRIuKoWE1jduBqZ9dNiN/yNiGkYKc6RE3EfGQP/25AWkg8OK2FdzneDC7AFrH
76d6e97eUC292SPfTlnKtSpXSRZRZrGceqyUEe1n/kvtffw8FHNzeFO6Ixx+S7at
1b+t0WG7+SSgA3UnBXtYKEOdMiFEKditcPEkV9mgQrPeR5VcCcgjhGsnpo9hPmz7
aeorwzRVgd4tsVWm+9rZjS9q6fK7Qn4b4UOS1lx47HV8+nbRM6LxsLmAPLBIro0N
CNzAFUvKo+PmeS7hKFOkgq6m2Fcw5VrOCkHYlxG6HZPQs1gURTnzJrzH6QHsMwKh
Uc9hlC0KJFjyxEUjDXnzjEqZzC012f3d+zBEU0/9WEwzRsF1Wo4=
=kT6e
-----END PGP SIGNATURE-----
pgp9k_H9QC5Gf.pgp
Description: PGP signature
--- End Message ---
