Your message dated Thu, 05 Feb 2009 18:47:06 +0000
with message-id <e1lv9fi-0003zo...@ries.debian.org>
and subject line Bug#513509: fixed in xchat 2.8.6-2.1
has caused the Debian Bug report #513509,
regarding CVE-2009-0315: Untrusted search path vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
513509: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513509
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xchat
Severity: important
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xchat.
CVE-2009-0315[0]:
| Untrusted search path vulnerability in the Python module in xchat
| allows local users to execute arbitrary code via a Trojan horse Python
| file in the current working directory, related to a vulnerability in
| the PySys_SetArgv function (CVE-2008-5983).
The redhat bugreport[1] contains some additional information.
For stable, this issue could be fixed via stable-proposed-updates.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0315
http://security-tracker.debian.net/tracker/CVE-2009-0315
[1] https://bugzilla.redhat.com/show_bug.cgi?id=481560
--- End Message ---
--- Begin Message ---
Source: xchat
Source-Version: 2.8.6-2.1
We believe that the bug you reported is fixed in the latest version of
xchat, which is due to be installed in the Debian FTP archive:
xchat-common_2.8.6-2.1_all.deb
to pool/main/x/xchat/xchat-common_2.8.6-2.1_all.deb
xchat_2.8.6-2.1.diff.gz
to pool/main/x/xchat/xchat_2.8.6-2.1.diff.gz
xchat_2.8.6-2.1.dsc
to pool/main/x/xchat/xchat_2.8.6-2.1.dsc
xchat_2.8.6-2.1_amd64.deb
to pool/main/x/xchat/xchat_2.8.6-2.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 513...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated xchat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 05 Feb 2009 19:20:23 +0100
Source: xchat
Binary: xchat xchat-common
Architecture: source all amd64
Version: 2.8.6-2.1
Distribution: unstable
Urgency: high
Maintainer: Davide Puricelli (evo) <e...@debian.org>
Changed-By: Nico Golde <n...@debian.org>
Description:
xchat - IRC client for X similar to AmIRC
xchat-common - Common files for X-Chat
Closes: 513509
Changes:
xchat (2.8.6-2.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix insecure search path vulnerability in the python module by
sanitizing sys.path (46_CVE-2009-0315.dpatch; Closes: #513509)
Checksums-Sha1:
03a02e6b9d817f8db326f6a50c1d271864154cf4 1316 xchat_2.8.6-2.1.dsc
823606926148dea48f539866718f3d85ed3d65a0 25197 xchat_2.8.6-2.1.diff.gz
77b1e5b06c026f1c7f75edd8e05e4872d2a69e69 1063164 xchat-common_2.8.6-2.1_all.deb
3f57ecf5e451c8513d4468e7c144e934fade1ca2 353786 xchat_2.8.6-2.1_amd64.deb
Checksums-Sha256:
7e822e26a0e2cd2d399278b7a9a3f17e5d833abe3113283dc0169976dd7a12b1 1316
xchat_2.8.6-2.1.dsc
91dc9db055f1ea35980dc8cddca7ee42b5fc2d20f1a1279c98862f3529145577 25197
xchat_2.8.6-2.1.diff.gz
91f23f2d5ed28c582e10c7a0b7a61e6fd5dcf0621d1053d35eae98387631d240 1063164
xchat-common_2.8.6-2.1_all.deb
2f86a1a5dfbceb171b3c7f113acdf5992b5d7e3470e3658f845d3561ff8427bc 353786
xchat_2.8.6-2.1_amd64.deb
Files:
8899c8a97afd75b70ed3c310dea73812 1316 net optional xchat_2.8.6-2.1.dsc
18f3c2b9179a93cb3ea35f94a503c156 25197 net optional xchat_2.8.6-2.1.diff.gz
25b6791f360ba7bfa638a9ff79d8dec1 1063164 net optional
xchat-common_2.8.6-2.1_all.deb
e9e3562b5d61c80cef73bcaf45626e4c 353786 net optional xchat_2.8.6-2.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmLL1AACgkQHYflSXNkfP8G8QCghky5xoDcjD5EWWSArTnTs+tR
Jz4An3PF5CeLdTbJ5XWoo3m56sQC2A89
=INDE
-----END PGP SIGNATURE-----
--- End Message ---
