Your message dated Sat, 20 Jun 2009 12:44:20 +0000
with message-id <e1mhzvg-0003kb...@ries.debian.org>
and subject line Bug#522813: fixed in multipath-tools 0.4.7-1.1etch2
has caused the Debian Bug report #522813,
regarding multipath-tools: CVE-2009-0115 insecure permissions of control socket
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
522813: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522813
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: multipath-tools
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for multipath-tools.
CVE-2009-0115[0]:
| multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux
| Enterprise Server (SLES) 10 uses world-writable permissions for the
| socket file (aka /var/run/multipathd.sock), which allows local users
| to send arbitrary commands to the multipath daemon.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115
http://security-tracker.debian.net/tracker/CVE-2009-0115
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpgZSLGuNoSa.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: multipath-tools
Source-Version: 0.4.7-1.1etch2
We believe that the bug you reported is fixed in the latest version of
multipath-tools, which is due to be installed in the Debian FTP archive:
multipath-tools_0.4.7-1.1etch2.diff.gz
to pool/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.diff.gz
multipath-tools_0.4.7-1.1etch2.dsc
to pool/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.dsc
multipath-tools_0.4.7-1.1etch2_powerpc.deb
to pool/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 522...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <a...@sigxcpu.org> (supplier of updated multipath-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 06 Apr 2009 20:19:17 +0200
Source: multipath-tools
Binary: multipath-tools
Architecture: source powerpc
Version: 0.4.7-1.1etch2
Distribution: oldstable-security
Urgency: low
Maintainer: Debian LVM Team <pkg-lvm-maintain...@lists.alioth.debian.org>
Changed-By: Guido Günther <a...@sigxcpu.org>
Description:
multipath-tools - Command-line utilities for administering multipath disk
access
Closes: 522813
Changes:
multipath-tools (0.4.7-1.1etch2) oldstable-security; urgency=low
.
* [5c0d036] fix umask of multipathd socket (CVE-2009-0115). Upstream
commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813)
Files:
96af45800ec71a9fcf8f811416ff90e7 794 admin extra
multipath-tools_0.4.7-1.1etch2.dsc
b14f35444f6fee34b6be49a79ebe9439 179914 admin extra
multipath-tools_0.4.7.orig.tar.gz
971e214f6a43d817da8da4dcc3763443 25941 admin extra
multipath-tools_0.4.7-1.1etch2.diff.gz
923e02c8131bbfd298bd2958637fc90b 161776 admin extra
multipath-tools_0.4.7-1.1etch2_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ3KWrn88szT8+ZCYRAqbZAJ9OHXpvW93J98nMT0jEajuqQBPgcgCfXySz
bgLWyevUGa60gIb1lAK553k=
=Z8We
-----END PGP SIGNATURE-----
--- End Message ---
