Your message dated Tue, 08 Dec 2009 04:47:45 +0000
with message-id <e1nhrzf-0004yo...@ries.debian.org>
and subject line Bug#559843: fixed in babel 1.4.0.dfsg-5
has caused the Debian Bug report #559843,
regarding CVE-2009-3736 local privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
559843: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559843
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: babel
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for libtool. I have determined that this package embeds a
vulnerable copy of the libtool source code. However, since this is a
mass bug filing (due to so many packages embedding libtool), I have not
had time to determine whether the vulnerable code is actually present
in any of the binary packages. Please determine whether this is the
case. If the binary packages are not affected, please feel free to close
the bug with a message containing the details of what you did to check.
CVE-2009-3736[0]:
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
| attempts to open a .la file in the current working directory, which
| allows local users to gain privileges via a Trojan horse file.
Note that this problem also affects etch and lenny, so if your package
is affected, please coordinate with the security team to release the
DSA for the affected packages.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
http://security-tracker.debian.org/tracker/CVE-2009-3736
--- End Message ---
--- Begin Message ---
Source: babel
Source-Version: 1.4.0.dfsg-5
We believe that the bug you reported is fixed in the latest version of
babel, which is due to be installed in the Debian FTP archive:
babel-1.4.0_1.4.0.dfsg-5_all.deb
to main/b/babel/babel-1.4.0_1.4.0.dfsg-5_all.deb
babel-doc_1.4.0.dfsg-5_all.deb
to main/b/babel/babel-doc_1.4.0.dfsg-5_all.deb
babel_1.4.0.dfsg-5.diff.gz
to main/b/babel/babel_1.4.0.dfsg-5.diff.gz
babel_1.4.0.dfsg-5.dsc
to main/b/babel/babel_1.4.0.dfsg-5.dsc
libsidl-1.4.0_1.4.0.dfsg-5_amd64.deb
to main/b/babel/libsidl-1.4.0_1.4.0.dfsg-5_amd64.deb
libsidl-dev_1.4.0.dfsg-5_amd64.deb
to main/b/babel/libsidl-dev_1.4.0.dfsg-5_amd64.deb
libsidl1.4.0-java_1.4.0.dfsg-5_all.deb
to main/b/babel/libsidl1.4.0-java_1.4.0.dfsg-5_all.deb
python-sidl_1.4.0.dfsg-5_amd64.deb
to main/b/babel/python-sidl_1.4.0.dfsg-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 559...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam C. Powell, IV <hazel...@debian.org> (supplier of updated babel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 07 Dec 2009 18:29:06 -0500
Source: babel
Binary: babel-1.4.0 libsidl1.4.0-java python-sidl libsidl-dev libsidl-1.4.0
babel-doc
Architecture: source all amd64
Version: 1.4.0.dfsg-5
Distribution: unstable
Urgency: low
Maintainer: Adam C. Powell, IV <hazel...@debian.org>
Changed-By: Adam C. Powell, IV <hazel...@debian.org>
Description:
babel-1.4.0 - Scientific Interface Definition Language (SIDL) compiler
babel-doc - Scientific Interface Definition Language (SIDL) suite documentati
libsidl-1.4.0 - Scientific Interface Definition Language (SIDL) C(++)/FORTRAN
run
libsidl-dev - Scientific Interface Definition Language (SIDL) C(++)/FORTRAN run
libsidl1.4.0-java - Scientific Interface Definition Language (SIDL) Java
runtime
python-sidl - Scientific Interface Definition Language (SIDL) Python runtime
Closes: 559843
Changes:
babel (1.4.0.dfsg-5) unstable; urgency=low
.
* Include libtool in Build-Depends and libtoolize (closes: #559843).
* Added README.source file.
* Bumped Standards-Version.
Checksums-Sha1:
d23e5d955534ceaa22dc12c0a8c4da2a64940aa9 1436 babel_1.4.0.dfsg-5.dsc
0c5383014f2588cf0e726052378ccb57234f249d 17564 babel_1.4.0.dfsg-5.diff.gz
7401bf3dbbbf29eee894fef4fa8def895cf9b48e 1239852
babel-1.4.0_1.4.0.dfsg-5_all.deb
98889014271b20f6404baccfa0d34fea60144bae 2006588
libsidl1.4.0-java_1.4.0.dfsg-5_all.deb
d1ed84c091df5e69047c116e721bd35025fa6302 1021906 babel-doc_1.4.0.dfsg-5_all.deb
c4a173d2b866ed78a8ef7bf3cf6bf99a18e92607 3141888
python-sidl_1.4.0.dfsg-5_amd64.deb
6dec21da632a7681e2766ee4b9a5b0e6b268eddb 6888124
libsidl-dev_1.4.0.dfsg-5_amd64.deb
071c0b93e009c1e81e9cd470d8c3bc08887930c2 3853476
libsidl-1.4.0_1.4.0.dfsg-5_amd64.deb
Checksums-Sha256:
103a1cfe2ace4d34f11dc111901faca7790bac0c21ccd3017576ca4677a22a8b 1436
babel_1.4.0.dfsg-5.dsc
7be2ed8ad9d820a3279ffd685f8b1b57398872ec027768790657520575d1fe72 17564
babel_1.4.0.dfsg-5.diff.gz
bb187993193f842d40f8c49d5eff221ece06074c555c993bf977ac76f4090281 1239852
babel-1.4.0_1.4.0.dfsg-5_all.deb
16a7bbb7040dedae20209a302a57da054b353a5749a482e20a4371875cca3bed 2006588
libsidl1.4.0-java_1.4.0.dfsg-5_all.deb
c6ba589148950aed7dfb3ca98967782b44ff20549de71563b469de3340047e1f 1021906
babel-doc_1.4.0.dfsg-5_all.deb
65bf7da15dc999795c949a77272bad539a17699d2bd0c7c410d80ded2ded3487 3141888
python-sidl_1.4.0.dfsg-5_amd64.deb
26e5d86fb277b864de9aa5c49e33b4ed64c35ee108486ac4d154845be5d02838 6888124
libsidl-dev_1.4.0.dfsg-5_amd64.deb
039f145aa0c18423f652cebe4403f6cdda2cb5eb904607afb8dfb967c321a5b5 3853476
libsidl-1.4.0_1.4.0.dfsg-5_amd64.deb
Files:
2dbbbd19608ca46bc0b90499c9bcea43 1436 devel extra babel_1.4.0.dfsg-5.dsc
9ecc3f8dbc6f0d30353b67cf2ef47ada 17564 devel extra babel_1.4.0.dfsg-5.diff.gz
efb68f8056e9ddf85eb7ca4c7152abc6 1239852 devel extra
babel-1.4.0_1.4.0.dfsg-5_all.deb
eee630537317703e7e92a93267d24322 2006588 java extra
libsidl1.4.0-java_1.4.0.dfsg-5_all.deb
723940f855b055ae34f3c1c639708622 1021906 doc extra
babel-doc_1.4.0.dfsg-5_all.deb
12d5bdb04f76e0c20abc61f67ecf6f8b 3141888 python extra
python-sidl_1.4.0.dfsg-5_amd64.deb
fbb096b88042f0547cc140c65eb7b453 6888124 libdevel extra
libsidl-dev_1.4.0.dfsg-5_amd64.deb
4a86e54e5d5a94befbde31f802210173 3853476 libs extra
libsidl-1.4.0_1.4.0.dfsg-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksdo2AACgkQUm8B6FZO5LZKXQCfcVqYx7cmmjstoNGUB+yK4gg3
4SwAnjQCCQPMK6MRD5bZU12yZ/b9OYlm
=ml/k
-----END PGP SIGNATURE-----
--- End Message ---
