Your message dated Mon, 18 May 2009 16:47:47 +0000
with message-id <e1m660b-0002al...@ries.debian.org>
and subject line Bug#527952: fixed in system-tools-backends 2.6.0-6.1
has caused the Debian Bug report #527952,
regarding system-tools-backends: CVE-2008-6792 limiting effective password
length to 8 characters
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
527952: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: system-tools-backends
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for system-tools-backends.
CVE-2008-6792[0]:
| system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used
| by "Users and Groups" in GNOME System Tools, hashes account passwords
| with 3DES and consequently limits effective password lengths to eight
| characters, which makes it easier for context-dependent attackers to
| successfully conduct brute-force password attacks.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Patch:
http://launchpadlibrarian.net/19037678/system-tools-backends_2.6.0-1ubuntu1.1.diff
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6792
http://security-tracker.debian.net/tracker/CVE-2008-6792
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp5pJgsfneT2.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: system-tools-backends
Source-Version: 2.6.0-6.1
We believe that the bug you reported is fixed in the latest version of
system-tools-backends, which is due to be installed in the Debian FTP archive:
system-tools-backends-dev_2.6.0-6.1_all.deb
to
pool/main/s/system-tools-backends/system-tools-backends-dev_2.6.0-6.1_all.deb
system-tools-backends_2.6.0-6.1.diff.gz
to pool/main/s/system-tools-backends/system-tools-backends_2.6.0-6.1.diff.gz
system-tools-backends_2.6.0-6.1.dsc
to pool/main/s/system-tools-backends/system-tools-backends_2.6.0-6.1.dsc
system-tools-backends_2.6.0-6.1_i386.deb
to pool/main/s/system-tools-backends/system-tools-backends_2.6.0-6.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 527...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jan Christoph Nordholz <he...@pool.math.tu-berlin.de> (supplier of updated
system-tools-backends package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 18 May 2009 17:55:01 +0200
Source: system-tools-backends
Binary: system-tools-backends system-tools-backends-dev
Architecture: source all i386
Version: 2.6.0-6.1
Distribution: unstable
Urgency: high
Maintainer: Jose Carlos Garcia Sogo <js...@debian.org>
Changed-By: Jan Christoph Nordholz <he...@pool.math.tu-berlin.de>
Description:
system-tools-backends - System Tools to manage computer configuration --
scripts
system-tools-backends-dev - System Tools to manage computer configuration --
development file
Closes: 527952
Changes:
system-tools-backends (2.6.0-6.1) unstable; urgency=high
.
* Security NMU.
* Fix CVE-2008-6792 "limiting effective password length to 8 characters"
and another related bug in do_get_use_md5(). Closes: #527952.
Checksums-Sha1:
a8ca08cba61d1fec0f920e80b8b4cc78f0480f06 1686
system-tools-backends_2.6.0-6.1.dsc
7b9f0e6923a2a3e818d8314a30b6495edaf0f5c8 10144
system-tools-backends_2.6.0-6.1.diff.gz
74f440b0085bafd56a7dc5be10a188f0e3558a1c 77944
system-tools-backends-dev_2.6.0-6.1_all.deb
081361eae4de16d621897f6b5e1175f27fc2a3a5 173892
system-tools-backends_2.6.0-6.1_i386.deb
Checksums-Sha256:
fe2ffb518335413d810629308cfad1de00b80568fcb43aafa7ae4d63a724369f 1686
system-tools-backends_2.6.0-6.1.dsc
418e878d06021850e65a5ede7de982a5b29fff586dfd237b46007d9c08af9d77 10144
system-tools-backends_2.6.0-6.1.diff.gz
ea3a1ae82de5849ed723596929d5d1d1a130ba34462bfbbc1f6ded5f96146119 77944
system-tools-backends-dev_2.6.0-6.1_all.deb
43aeeea2ca1204d2a50a47e4b2d85ee9655c7aeaa3b59f3765293cedf474bf85 173892
system-tools-backends_2.6.0-6.1_i386.deb
Files:
3a1515344dad21250ed2267c4c529fa9 1686 admin optional
system-tools-backends_2.6.0-6.1.dsc
d7b80e9cdcc3ba681d2510ee79215d2c 10144 admin optional
system-tools-backends_2.6.0-6.1.diff.gz
38ce0df5ceca9bf88f31cf478a8f3fa0 77944 devel optional
system-tools-backends-dev_2.6.0-6.1_all.deb
7057cb5e9989732a28f7f461fb2086d7 173892 admin optional
system-tools-backends_2.6.0-6.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoRjEAACgkQHYflSXNkfP89dACgqHDEnrxsfBkciIVxAaC8tK8r
aIcAoJX8Kk7TtoNxjPzM7qtvEYFevPFP
=Kc1w
-----END PGP SIGNATURE-----
--- End Message ---
