Your message dated Tue, 13 Jan 2009 18:47:22 +0000
with message-id <e1lmoim-0004fo...@ries.debian.org>
and subject line Bug#510585: fixed in netatalk 2.0.3-11+lenny1
has caused the Debian Bug report #510585,
regarding CVE-2008-5718: arbitrary command execution in papd in netatalk
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
510585: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510585
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: netatalk
Version: 2.0.3-4
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for netatalk.
CVE-2008-5718[0]:
| The papd daemon in Netatalk before 2.0.4-beta2 allows remote
attackers
| to execute arbitrary commands via shell metacharacters in a print
| request. NOTE: some of these details are obtained from third party
| information.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5718
http://security-tracker.debian.net/tracker/CVE-2008-5718
--- End Message ---
--- Begin Message ---
Source: netatalk
Source-Version: 2.0.3-11+lenny1
We believe that the bug you reported is fixed in the latest version of
netatalk, which is due to be installed in the Debian FTP archive:
netatalk_2.0.3-11+lenny1.diff.gz
to pool/main/n/netatalk/netatalk_2.0.3-11+lenny1.diff.gz
netatalk_2.0.3-11+lenny1.dsc
to pool/main/n/netatalk/netatalk_2.0.3-11+lenny1.dsc
netatalk_2.0.3-11+lenny1_amd64.deb
to pool/main/n/netatalk/netatalk_2.0.3-11+lenny1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 510...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated netatalk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 13 Jan 2009 11:48:33 +0100
Source: netatalk
Binary: netatalk
Architecture: source amd64
Version: 2.0.3-11+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Jonas Smedegaard <d...@jones.dk>
Changed-By: Nico Golde <n...@debian.org>
Description:
netatalk - AppleTalk user binaries
Closes: 510585
Changes:
netatalk (2.0.3-11+lenny1) testing-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix arbitrary code execution via a crafted PostScript stream
used in a print request if papd is configured to use a pipe
command and makes use of variable expansion
(CVE-2008-5718; Closes: #510585).
Checksums-Sha1:
4341ada499e17ef13558af8c55c7892b315588c6 1560 netatalk_2.0.3-11+lenny1.dsc
5f94d9691e14ccf66e37664afc73bb0c31bc8437 1920570 netatalk_2.0.3.orig.tar.gz
8c000b18e89de14e40cc26d11ad2d5c5bd6d31e9 99876 netatalk_2.0.3-11+lenny1.diff.gz
c00f719dd2f43f3de5120abe9b8d199a49a8f7ac 784224
netatalk_2.0.3-11+lenny1_amd64.deb
Checksums-Sha256:
c1851dfacddc2e01ec386880a3b1c23894bc81b2606250f7b70982a979960065 1560
netatalk_2.0.3-11+lenny1.dsc
b6e01cfc0b4223f60fd994eee950635b165d54a96cf63bbe607a5ff64355bd8c 1920570
netatalk_2.0.3.orig.tar.gz
6ecaed87c63402ca4b86d167f697ff89e83407a6c7c6f0d420cc3b22f2709386 99876
netatalk_2.0.3-11+lenny1.diff.gz
1c3c8b4fd796533a98d773a6ece3ddc15f9863187953186494c36523e7a4db2f 784224
netatalk_2.0.3-11+lenny1_amd64.deb
Files:
5f22d08d3bc61f566308896cb8c9dc6a 1560 net extra netatalk_2.0.3-11+lenny1.dsc
17917abd7d255d231cc0c6188ccd27fb 1920570 net extra netatalk_2.0.3.orig.tar.gz
a93d2d1d04218f404481ea796e899b27 99876 net extra
netatalk_2.0.3-11+lenny1.diff.gz
3fb5a7beb4b834b1e126efbb04da16d9 784224 net extra
netatalk_2.0.3-11+lenny1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklsi7UACgkQHYflSXNkfP82XQCgiPvAoiwVguGnN1CG6HBNinZq
LjMAnR0/lmt7GoxL5saCor/bbdrfpGu4
=Tyfx
-----END PGP SIGNATURE-----
--- End Message ---
