Your message dated Thu, 13 Jan 2005 12:51:51 +0900
with message-id <[EMAIL PROTECTED]>
and subject line Bug#279680: Any progress on libc6: CAN-2004-0968 (woody) ?
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Nov 2004 16:10:43 +0000
>From [EMAIL PROTECTED] Thu Nov 04 08:10:43 2004
Return-path: <[EMAIL PROTECTED]>
Received: from mrelay3.uni-hannover.de [130.75.2.41] (root)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CPkCB-00064T-00; Thu, 04 Nov 2004 08:10:43 -0800
Received: from mail.itp.uni-hannover.de (mail.itp.uni-hannover.de
[130.75.25.242])
by mrelay3.uni-hannover.de (8.12.10/8.12.10) with ESMTP id
iA4GAXlA005803
for <[EMAIL PROTECTED]>; Thu, 4 Nov 2004 17:10:33 +0100 (MET)
Received: from pleione.itp.uni-hannover.de (pleione.itp.uni-hannover.de
[130.75.25.99])
by mail.itp.uni-hannover.de (Postfix) with ESMTP
id 597FB2F081; Thu, 4 Nov 2004 17:10:26 +0100 (CET)
Received: by pleione.itp.uni-hannover.de (Postfix, from userid 237)
id 025A65F42; Thu, 4 Nov 2004 17:10:25 +0100 (CET)
From: Helge Kreutzmann <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: libc6: CAN-2004-0968 not fixed in woody
X-Mailer: reportbug 1.50
Date: Thu, 04 Nov 2004 17:10:25 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.2.2
(mrelay3.uni-hannover.de [130.75.2.41]); Thu, 04 Nov 2004 17:10:33 +0100 (MET)
X-Scanned-By: MIMEDefang 2.42
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: libc6
Version: 2.2.5-11.5
Severity: grave
Tags: woody, security
Justification: user security hole
I notice the Ubuntu Security USN-4-1 and did not find CAN-2004-0968 in
the "Non-Vulnerable" list. I looked at catchsegv as an example and
code like
segv_output=`basename "$prog"`.segv.$$
does not look secure to me.
http://lwn.net/Alerts/108824/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-00968
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US
---------------------------------------
Received: (at 279680-done) by bugs.debian.org; 13 Jan 2005 03:51:58 +0000
>From [EMAIL PROTECTED] Wed Jan 12 19:51:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from omega.webmasters.gr.jp (webmasters.gr.jp) [218.44.239.78]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cow1e-0008Un-00; Wed, 12 Jan 2005 19:51:58 -0800
Received: from omega.webmasters.gr.jp (localhost [127.0.0.1])
by webmasters.gr.jp (Postfix) with ESMTP
id 9ED19DEB4B; Thu, 13 Jan 2005 12:51:51 +0900 (JST)
Date: Thu, 13 Jan 2005 12:51:51 +0900
Message-ID: <[EMAIL PROTECTED]>
From: GOTO Masanori <[EMAIL PROTECTED]>
To: Helge Kreutzmann <[EMAIL PROTECTED]>,
Martin Pitt <[EMAIL PROTECTED]>, Martin Schulze <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Subject: Re: Bug#279680: Any progress on libc6: CAN-2004-0968 (woody) ?
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
User-Agent: Wanderlust/2.9.9 (Unchained Melody) SEMI/1.14.3 (Ushinoya)
FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.2
(i386-debian-linux-gnu) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=US-ASCII
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
At Sat, 18 Dec 2004 16:24:35 +0100,
Helge Kreutzmann wrote:
> on 25 of November a patch for woody was posted, and since then no
> further messages are recorded. What is the status of this security
> issue ?
Recently Martin Schulze in security team worked for this issue.
Thanks to all guys for handling this security problem.
Now I close this bug.
Regards,
-- gotom
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
