Your message dated Thu, 17 Dec 2009 23:47:22 +0000
with message-id <e1nlq42-0000zv...@ries.debian.org>
and subject line Bug#559826: fixed in redland 1.0.10-1
has caused the Debian Bug report #559826,
regarding CVE-2009-3736 local privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
559826: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559826
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: redland
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for libtool. I have determined that this package embeds a
vulnerable copy of the libtool source code. However, since this is a
mass bug filing (due to so many packages embedding libtool), I have not
had time to determine whether the vulnerable code is actually present
in any of the binary packages. Please determine whether this is the
case. If the binary packages are not affected, please feel free to close
the bug with a message containing the details of what you did to check.
CVE-2009-3736[0]:
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
| attempts to open a .la file in the current working directory, which
| allows local users to gain privileges via a Trojan horse file.
Note that this problem also affects etch and lenny, so if your package
is affected, please coordinate with the security team to release the
DSA for the affected packages.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
http://security-tracker.debian.org/tracker/CVE-2009-3736
--- End Message ---
--- Begin Message ---
Source: redland
Source-Version: 1.0.10-1
We believe that the bug you reported is fixed in the latest version of
redland, which is due to be installed in the Debian FTP archive:
librdf-storage-mysql_1.0.10-1_i386.deb
to main/r/redland/librdf-storage-mysql_1.0.10-1_i386.deb
librdf-storage-postgresql_1.0.10-1_i386.deb
to main/r/redland/librdf-storage-postgresql_1.0.10-1_i386.deb
librdf-storage-sqlite_1.0.10-1_i386.deb
to main/r/redland/librdf-storage-sqlite_1.0.10-1_i386.deb
librdf0-dev_1.0.10-1_i386.deb
to main/r/redland/librdf0-dev_1.0.10-1_i386.deb
librdf0_1.0.10-1_i386.deb
to main/r/redland/librdf0_1.0.10-1_i386.deb
redland-utils_1.0.10-1_i386.deb
to main/r/redland/redland-utils_1.0.10-1_i386.deb
redland_1.0.10-1.diff.gz
to main/r/redland/redland_1.0.10-1.diff.gz
redland_1.0.10-1.dsc
to main/r/redland/redland_1.0.10-1.dsc
redland_1.0.10.orig.tar.gz
to main/r/redland/redland_1.0.10.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 559...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dave Beckett <daj...@debian.org> (supplier of updated redland package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 17 Dec 2009 15:34:28 -0800
Source: redland
Binary: librdf0-dev librdf0 librdf-storage-postgresql librdf-storage-mysql
librdf-storage-sqlite redland-utils
Architecture: source i386
Version: 1.0.10-1
Distribution: unstable
Urgency: low
Maintainer: Dave Beckett <daj...@debian.org>
Changed-By: Dave Beckett <daj...@debian.org>
Description:
librdf-storage-mysql - RDF library, MySQL backend
librdf-storage-postgresql - RDF library, PostGreSQL backend
librdf-storage-sqlite - RDF library, SQLite backend
librdf0 - Redland Resource Description Framework (RDF) library
librdf0-dev - Redland RDF library development libraries and headers
redland-utils - Redland Resource Description Framework (RDF) Utility programs
Closes: 559826
Changes:
redland (1.0.10-1) unstable; urgency=low
.
* New upstream release
- fixes CVE-2009-3736 (Closes: #559826)
* Require rasqal 0.9.17 (librasqal2-dev) to build
* Removed upstream patches 001-storage-module-link.patch and
002-sqlite-storage-3617.patch
Checksums-Sha1:
de7b62854b884cc078911bc573c225a0b60b19f1 1244 redland_1.0.10-1.dsc
e4ba2ef207f293a7740f45661ec90cf9698e217f 1569554 redland_1.0.10.orig.tar.gz
19eacf22fc1576d5b7f2866f4b65a7f5bcd63e57 7065 redland_1.0.10-1.diff.gz
03e9278a29d8486fd1fcbcbb3abeaacbd0a04b31 345784 librdf0-dev_1.0.10-1_i386.deb
0154a654f3f187a87c3bae50ad318c8d0d77e83b 115394 librdf0_1.0.10-1_i386.deb
5968b1c80b1654e2ea970356eb818f798ab351d5 39528
librdf-storage-postgresql_1.0.10-1_i386.deb
e3e0e9c469cfa597894bf668a834a45d0999e772 41538
librdf-storage-mysql_1.0.10-1_i386.deb
59cf805c8f8d923e6afb13a5f90cf57143f8d778 35158
librdf-storage-sqlite_1.0.10-1_i386.deb
93dc8d05f0b6883e11ae6787b1465d2aaf945b3d 86286 redland-utils_1.0.10-1_i386.deb
Checksums-Sha256:
d1684401151455bbb4050e44b0ffcfb923f8b0528292d8c3c96d7ea2dfc3a1a8 1244
redland_1.0.10-1.dsc
e3060d05de27c72fb1d1c8ebb698006462abcb96bff98511c0baf08d85389815 1569554
redland_1.0.10.orig.tar.gz
fa60da11850f4685610c0b11463e1f707e0c8c4df9b8d6c88a07c1f8d48711e6 7065
redland_1.0.10-1.diff.gz
374b05c8df09275fd52c78537074300f980cd6a8e3717a916b49ed30de44d8c9 345784
librdf0-dev_1.0.10-1_i386.deb
3d9798e3fcf7e544eccc0e12d6261870046fdccfdf9f4b2aae3c78fadbe6365d 115394
librdf0_1.0.10-1_i386.deb
c5d6f0f3ba20629d9d2561e2548232044f95772bd2607ad6128e85f49611207d 39528
librdf-storage-postgresql_1.0.10-1_i386.deb
a72d14c25a5c76dc0e146d38b798ab83831793c6d597a8ee2bafb7cc68397f1d 41538
librdf-storage-mysql_1.0.10-1_i386.deb
875f739a9787d38048e771dcf67a2d5adddc22683cb86cb64ee41dc76db98116 35158
librdf-storage-sqlite_1.0.10-1_i386.deb
b3f145be71fedc64165a268e4657ffc6f31a926d2f79c01b1d0adcee1cc118fd 86286
redland-utils_1.0.10-1_i386.deb
Files:
3098fb2d39ff2482c0d0f92ab9e94abb 1244 devel optional redland_1.0.10-1.dsc
bdbb9b8dc614fc09a14cd646079619e1 1569554 devel optional
redland_1.0.10.orig.tar.gz
81e20d9b630d0a9cdd8a1754385a2bcb 7065 devel optional redland_1.0.10-1.diff.gz
bf311605956761e8dba90ff14befd2f9 345784 libdevel optional
librdf0-dev_1.0.10-1_i386.deb
9422e81ef41b857c6189403af2e30223 115394 libs optional librdf0_1.0.10-1_i386.deb
e782a9e504bd7ed9aff891da55b9e9cd 39528 libs optional
librdf-storage-postgresql_1.0.10-1_i386.deb
9710c2bd35344db725630cf679b8b2e7 41538 libs optional
librdf-storage-mysql_1.0.10-1_i386.deb
9a70a1fd1d71c3f8476f030dd941706b 35158 libs optional
librdf-storage-sqlite_1.0.10-1_i386.deb
460a3b48e50bc1ec51377ae5a38f6d4c 86286 text optional
redland-utils_1.0.10-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFLKsCxQ+ySUE9xlVoRAvB7AKCThH5xvswMGvmMlG5nQ4Q0bjA5dACdGclH
YEqfvFWp5M4pSZS57srxVLk=
=TxjU
-----END PGP SIGNATURE-----
--- End Message ---
