Your message dated Thu, 10 Dec 2009 19:32:26 +0000
with message-id <e1nioku-0002cr...@ries.debian.org>
and subject line Bug#559825: fixed in pinball 0.3.1-10
has caused the Debian Bug report #559825,
regarding CVE-2009-3736 local privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
559825: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559825
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: pinball
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for libtool. I have determined that this package embeds a
vulnerable copy of the libtool source code. However, since this is a
mass bug filing (due to so many packages embedding libtool), I have not
had time to determine whether the vulnerable code is actually present
in any of the binary packages. Please determine whether this is the
case. If the binary packages are not affected, please feel free to close
the bug with a message containing the details of what you did to check.
CVE-2009-3736[0]:
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
| attempts to open a .la file in the current working directory, which
| allows local users to gain privileges via a Trojan horse file.
Note that this problem also affects etch and lenny, so if your package
is affected, please coordinate with the security team to release the
DSA for the affected packages.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
http://security-tracker.debian.org/tracker/CVE-2009-3736
--- End Message ---
--- Begin Message ---
Source: pinball
Source-Version: 0.3.1-10
We believe that the bug you reported is fixed in the latest version of
pinball, which is due to be installed in the Debian FTP archive:
pinball-data_0.3.1-10_all.deb
to main/p/pinball/pinball-data_0.3.1-10_all.deb
pinball-dev_0.3.1-10_sparc.deb
to main/p/pinball/pinball-dev_0.3.1-10_sparc.deb
pinball_0.3.1-10.diff.gz
to main/p/pinball/pinball_0.3.1-10.diff.gz
pinball_0.3.1-10.dsc
to main/p/pinball/pinball_0.3.1-10.dsc
pinball_0.3.1-10_sparc.deb
to main/p/pinball/pinball_0.3.1-10_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 559...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jochen Friedrich <joc...@scram.de> (supplier of updated pinball package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 10 Dec 2009 18:57:19 +0100
Source: pinball
Binary: pinball pinball-dev pinball-data
Architecture: source sparc all
Version: 0.3.1-10
Distribution: unstable
Urgency: low
Maintainer: Jochen Friedrich <joc...@scram.de>
Changed-By: Jochen Friedrich <joc...@scram.de>
Description:
pinball - Emilia Pinball Emulator
pinball-data - Data files for the Emilia Pinball Emulator
pinball-dev - Development files for the Emilia Pinball Emulator
Closes: 559825
Changes:
pinball (0.3.1-10) unstable; urgency=low
.
* Build-depend on libltdl-dev (>= 2.2.6b) as earlier versions were
vulnerable to a priviledge escalation. (Closes: #559825)
Fixes priviledge escalation vulnerability CVE-2009-3736.
Checksums-Sha1:
f8d28c8fddc6f30496774c872a5527d913c6a1b1 1287 pinball_0.3.1-10.dsc
3e7eb95ef79b80340bf49c3918f16174d204176b 7511 pinball_0.3.1-10.diff.gz
c3aa445da9705e760c2dd990bac8ef0b91c26b95 169766 pinball_0.3.1-10_sparc.deb
c13248fb2b1fbc68f391bc3a85a752e1ce60c8d8 220692 pinball-dev_0.3.1-10_sparc.deb
01096fd3f842dac843ad228c8388648f442e2dcc 5543896 pinball-data_0.3.1-10_all.deb
Checksums-Sha256:
b74b8f7876680c89984249e19cc29da94d76985ed22d417566778e2295f4f6e5 1287
pinball_0.3.1-10.dsc
5574759e9d1bdb60590a9ef2002c5feb2877eaef26cb54524099de3c92632e45 7511
pinball_0.3.1-10.diff.gz
51d22d6bcebf1cdb79bb13172602032881152bb4b5a67b5c60363e8d2140525d 169766
pinball_0.3.1-10_sparc.deb
aef5b24980ee4ebd7faeadc6d1c7219b0ff0a199880a97578444b079abbc9145 220692
pinball-dev_0.3.1-10_sparc.deb
be6b9ac50f0c14492f1de3521f592bb2138f1ac932ddeb66a0c957970952b3b7 5543896
pinball-data_0.3.1-10_all.deb
Files:
e274b06e4e807135a4bedee6f354f2ca 1287 games optional pinball_0.3.1-10.dsc
036da557a13da039d0759ca6bc9916f7 7511 games optional pinball_0.3.1-10.diff.gz
86561474bdeb294237808e0e94838bd7 169766 games optional
pinball_0.3.1-10_sparc.deb
8e8019e73360e790a9706ab283cd74f1 220692 games optional
pinball-dev_0.3.1-10_sparc.deb
6431854536e3f7ced42f0a9e0811a634 5543896 games optional
pinball-data_0.3.1-10_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFLIUrk0fhX0Y/ocz0RAqH6AJ4gYWQXlwXMWIleYLBawXqgeh/1RACbBoeQ
myL378YVfmqHXsm6Ouki9QI=
=psmn
-----END PGP SIGNATURE-----
--- End Message ---
