Your message dated Sat, 20 Oct 2007 09:32:11 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#444430: fixed in xen-3 3.1.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: xen-3.0
Version: 3.0.3-0-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-3.0.
CVE-2007-4993[0]:
| pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest
| domain, allows local users with elevated privileges in the guest domain to
| execute arbitrary commands in domain 0 via a crafted grub.conf file whose
| contents are used in exec statements.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4993
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpVGh1HZBSZA.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: xen-3
Source-Version: 3.1.1-1
We believe that the bug you reported is fixed in the latest version of
xen-3, which is due to be installed in the Debian FTP archive:
xen-3_3.1.1-1.dsc
to pool/main/x/xen-3/xen-3_3.1.1-1.dsc
xen-3_3.1.1-1.tar.gz
to pool/main/x/xen-3/xen-3_3.1.1-1.tar.gz
xen-docs-3.1_3.1.1-1_all.deb
to pool/main/x/xen-3/xen-docs-3.1_3.1.1-1_all.deb
xen-hypervisor-3.1-1-amd64_3.1.1-1_amd64.deb
to pool/main/x/xen-3/xen-hypervisor-3.1-1-amd64_3.1.1-1_amd64.deb
xen-utils-3.1-1_3.1.1-1_amd64.deb
to pool/main/x/xen-3/xen-utils-3.1-1_3.1.1-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Blank <[EMAIL PROTECTED]> (supplier of updated xen-3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 19 Oct 2007 16:02:37 +0000
Source: xen-3
Binary: xen-utils-3.1-1 xen-docs-3.1 xen-hypervisor-3.1-1-i386-nonpae
xen-hypervisor-3.1-1-amd64 xen-hypervisor-3.1-1-i386
Architecture: source amd64 all
Version: 3.1.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian Xen Team <[EMAIL PROTECTED]>
Changed-By: Bastian Blank <[EMAIL PROTECTED]>
Description:
xen-docs-3.1 - documentation for XEN, a Virtual Machine Monitor
xen-hypervisor-3.1-1-amd64 - The Xen Hypervisor on AMD64
xen-utils-3.1-1 - XEN administrative tools
Closes: 444430
Changes:
xen-3 (3.1.1-1) unstable; urgency=low
.
* New upstream release:
- Don't use exec with untrusted values in pygrub. (closes: #444430)
See CVE-2007-4993.
Files:
c1199cc8aef40a49783c2ee64d52762c 1089 misc extra xen-3_3.1.1-1.dsc
702fc8cfb6c7364e688281adf5030e9e 7711618 misc extra xen-3_3.1.1-1.tar.gz
041261398d5f36d68a13040526123603 1099324 misc extra
xen-docs-3.1_3.1.1-1_all.deb
7b757ecc3f52da95851397afe187b411 1126574 misc extra
xen-utils-3.1-1_3.1.1-1_amd64.deb
d389a2afa116ea99f19f441fe949162a 360808 misc extra
xen-hypervisor-3.1-1-amd64_3.1.1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iEYEARECAAYFAkcZuvsACgkQLkAIIn9ODhFougCfZvP/glET5XryC52nHqcb/iVW
4GoAn25SxCauDS3rJrHUR40/KGAglN2D
=bVUF
-----END PGP SIGNATURE-----
--- End Message ---
