Your message dated Sat, 26 Dec 2009 13:47:24 +0000
with message-id <e1nowzm-00062e...@ries.debian.org>
and subject line Bug#559809: fixed in gnu-smalltalk 3.1-2
has caused the Debian Bug report #559809,
regarding CVE-2009-3736 local privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
559809: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559809
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gnu-smalltalk
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for libtool. I have determined that this package embeds a
vulnerable copy of the libtool source code. However, since this is a
mass bug filing (due to so many packages embedding libtool), I have not
had time to determine whether the vulnerable code is actually present
in any of the binary packages. Please determine whether this is the
case. If the package is not affected, please feel free to close the bug
with a message containing the details of what you did to check.
CVE-2009-3736[0]:
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
| attempts to open a .la file in the current working directory, which
| allows local users to gain privileges via a Trojan horse file.
Note that this problem also affects etch and lenny, so if your package
is affected, please coordinate with the security team to release the
DSA for the affected packages.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
http://security-tracker.debian.org/tracker/CVE-2009-3736
--- End Message ---
--- Begin Message ---
Source: gnu-smalltalk
Source-Version: 3.1-2
We believe that the bug you reported is fixed in the latest version of
gnu-smalltalk, which is due to be installed in the Debian FTP archive:
gnu-smalltalk-browser_3.1-2_amd64.deb
to main/g/gnu-smalltalk/gnu-smalltalk-browser_3.1-2_amd64.deb
gnu-smalltalk-common_3.1-2_all.deb
to main/g/gnu-smalltalk/gnu-smalltalk-common_3.1-2_all.deb
gnu-smalltalk-doc_3.1-2_all.deb
to main/g/gnu-smalltalk/gnu-smalltalk-doc_3.1-2_all.deb
gnu-smalltalk-el_3.1-2_all.deb
to main/g/gnu-smalltalk/gnu-smalltalk-el_3.1-2_all.deb
gnu-smalltalk_3.1-2.diff.gz
to main/g/gnu-smalltalk/gnu-smalltalk_3.1-2.diff.gz
gnu-smalltalk_3.1-2.dsc
to main/g/gnu-smalltalk/gnu-smalltalk_3.1-2.dsc
gnu-smalltalk_3.1-2_amd64.deb
to main/g/gnu-smalltalk/gnu-smalltalk_3.1-2_amd64.deb
libgdbm-gst_3.1-2_amd64.deb
to main/g/gnu-smalltalk/libgdbm-gst_3.1-2_amd64.deb
libgst-dev_3.1-2_amd64.deb
to main/g/gnu-smalltalk/libgst-dev_3.1-2_amd64.deb
libgst7_3.1-2_amd64.deb
to main/g/gnu-smalltalk/libgst7_3.1-2_amd64.deb
libgtk2-gst_3.1-2_amd64.deb
to main/g/gnu-smalltalk/libgtk2-gst_3.1-2_amd64.deb
libncurses-gst_3.1-2_all.deb
to main/g/gnu-smalltalk/libncurses-gst_3.1-2_all.deb
libpostgresql-gst_3.1-2_all.deb
to main/g/gnu-smalltalk/libpostgresql-gst_3.1-2_all.deb
libsqlite3-gst_3.1-2_amd64.deb
to main/g/gnu-smalltalk/libsqlite3-gst_3.1-2_amd64.deb
libtk-gst_3.1-2_amd64.deb
to main/g/gnu-smalltalk/libtk-gst_3.1-2_amd64.deb
zlib-gst_3.1-2_amd64.deb
to main/g/gnu-smalltalk/zlib-gst_3.1-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 559...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Girard <thomas.g.gir...@free.fr> (supplier of updated gnu-smalltalk
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 25 Dec 2009 15:14:31 +0100
Source: gnu-smalltalk
Binary: gnu-smalltalk libgst7 libgst-dev gnu-smalltalk-doc gnu-smalltalk-common
gnu-smalltalk-el libpostgresql-gst libsqlite3-gst libncurses-gst libgdbm-gst
libtk-gst libgtk2-gst gnu-smalltalk-browser zlib-gst
Architecture: source all amd64
Version: 3.1-2
Distribution: unstable
Urgency: low
Maintainer: Debian GNU Smalltalk maintainers
<pkg-gnu-smalltalk-de...@lists.alioth.debian.org>
Changed-By: Thomas Girard <thomas.g.gir...@free.fr>
Description:
gnu-smalltalk - GNU Smalltalk interpreter and image
gnu-smalltalk-browser - GNU Smalltalk browser
gnu-smalltalk-common - GNU Smalltalk class library sources and extras
gnu-smalltalk-doc - GNU Smalltalk info documentation
gnu-smalltalk-el - GNU Smalltalk Emacs front-end
libgdbm-gst - GDBM bindings for GNU Smalltalk
libgst-dev - GNU Smalltalk virtual machine development files
libgst7 - GNU Smalltalk virtual machine shared library
libgtk2-gst - Gtk bindings and environment for GNU Smalltalk
libncurses-gst - Ncurses bindings for GNU Smalltalk
libpostgresql-gst - PostgreSQL bindings for GNU Smalltalk
libsqlite3-gst - SQLite bindings for GNU Smalltalk
libtk-gst - Tk environment for GNU Smalltalk
zlib-gst - Zlib bindings for GNU Smalltalk
Closes: 530090 553768 559809
Changes:
gnu-smalltalk (3.1-2) unstable; urgency=low
.
* The "Merry Christmas" release.
* Upload to unstable.
* Switch Standards-Version: to 3.8.3.
* Switch debhelper dependency to 7.
* Fix bashism in VFS scripts. Thanks to Raphael Geissert for the report
and to Paolo Bonzini for the patch. Closes: #530090.
* Do not depend on libreadline5-dev anymore. Closes: #553768.
* Apply CVE-2009-3736 patch. Closes: #559809.
* Add missing ${misc:Depends} where needed.
* Use LIBTOOLIZE=/bin/true to prevent libtoolize from running when
autoreconf is invoked.
* Regenerate testsuite for bash 4.
* Add dependency on dpkg (>= 1.15.4) | install-info to gnu-smalltalk-doc.
* Add README.source.
Checksums-Sha1:
700e97970871a5cffb978bae1f70ed4d2ed6085c 1591 gnu-smalltalk_3.1-2.dsc
4377ca11a72cd6378393508e53ade25e01ef9714 595227 gnu-smalltalk_3.1-2.diff.gz
099f6255c4abc5e17df9c1938b91d58e94f94949 495502 gnu-smalltalk-doc_3.1-2_all.deb
d5af9a1c04df1991a07d640e7a28bf4697d6ff5a 1462956
gnu-smalltalk-common_3.1-2_all.deb
bcc98af05193ae018a3557672187a67b1b9a8d4e 80644 gnu-smalltalk-el_3.1-2_all.deb
c7d4fa99c058033ca3a8ba670d7a0189cc5c654f 72870 libpostgresql-gst_3.1-2_all.deb
f385ee619088974dcd3c4d501529819e87a63496 82432 libncurses-gst_3.1-2_all.deb
91478215aaa60c50dbd8f55e9e121d5b9a3af26f 736932 gnu-smalltalk_3.1-2_amd64.deb
b66db7bc7dda1f60709162873dbb02cedf026b45 359436 libgst7_3.1-2_amd64.deb
aaaa58aac2e58209ebf600a1782afdfb5f008c13 453428 libgst-dev_3.1-2_amd64.deb
e88917eb3a0c7f4cde7149c04a507e0ace977b25 75770 libsqlite3-gst_3.1-2_amd64.deb
a5a76409449b5878698baa92eb77674c26d741b0 71406 libgdbm-gst_3.1-2_amd64.deb
5a48a435cf45017ef56e0544f41b230ab08c7934 192730 libtk-gst_3.1-2_amd64.deb
ad1c35a179b62e4e33b695c23a40e1151e2308b8 258062 libgtk2-gst_3.1-2_amd64.deb
6975ea37934a8af1e5fcbb7ff705868aa21342e7 143706
gnu-smalltalk-browser_3.1-2_amd64.deb
b8bab0a254e0e047b38aabb9ef21efaf0adfe1f0 74660 zlib-gst_3.1-2_amd64.deb
Checksums-Sha256:
e14434eae9ccba243ab2a97b9cbbfc72ab1944d1d02348d002ec97323f764c10 1591
gnu-smalltalk_3.1-2.dsc
df6334186d7edbf6a9416a6b317e7998bed00a30557b92626616bf8fd316cdc9 595227
gnu-smalltalk_3.1-2.diff.gz
0063a9830b4910062754a1b9cf4f57a0b036c0f69539d40230519b03002aa77a 495502
gnu-smalltalk-doc_3.1-2_all.deb
6bdfecdb4e352c7baad1bb3eedb00ba2aaf5c10d2828657d30b0de7140dd09d9 1462956
gnu-smalltalk-common_3.1-2_all.deb
5e4aaf95dbbfe0bed21a12c0f4eedbaffe2c7040b5587b635d940a97377478ba 80644
gnu-smalltalk-el_3.1-2_all.deb
719545f1d4931cec8c15c7be79bd5c66e196a89b8a4e5c605b7a18c38826cc89 72870
libpostgresql-gst_3.1-2_all.deb
380774080d1b581f1ea26173177b9b62fa987090ebf573c0329ebf58e5c696a6 82432
libncurses-gst_3.1-2_all.deb
5b9e6b2a80a5bc946c6016721e644269648c102e86eea1c2219e95d6b6f83279 736932
gnu-smalltalk_3.1-2_amd64.deb
a407f0350f582cadddd6e42aef17ee19e57dbc4d277bf344668252d80951f333 359436
libgst7_3.1-2_amd64.deb
59153ddf73b415d32b0e5200eefb979744e0c8c9dc53da3730436430138e1974 453428
libgst-dev_3.1-2_amd64.deb
1487c2d9b190396dfaae898f2e7a2a9dc40f66598600747b75edbdd34fcf37b6 75770
libsqlite3-gst_3.1-2_amd64.deb
65fc5cee4ddb9906c5d2e8fafdc2d77523d14062d5ffbf84f468f99c02ac4109 71406
libgdbm-gst_3.1-2_amd64.deb
8ef1e982e355b85d0e45fa4ef583278119000dd89ead7de563277a8c527f040f 192730
libtk-gst_3.1-2_amd64.deb
55a0783ea54c8798deca44c53584eef2cc086264c7edc9a90dfdf33c22af230e 258062
libgtk2-gst_3.1-2_amd64.deb
e21a547009724f4fe767c341b35952d5471c97be7fcd339d63ca4f2251674923 143706
gnu-smalltalk-browser_3.1-2_amd64.deb
4881b7a46dd035d80e7be10f32858db086f0c6d4059ed03394403afb36268dc8 74660
zlib-gst_3.1-2_amd64.deb
Files:
43b844b3bcaf9a12c5d5bd60e1f8b551 1591 interpreters extra
gnu-smalltalk_3.1-2.dsc
86dfb6eddb4668036566caced717bdbd 595227 interpreters extra
gnu-smalltalk_3.1-2.diff.gz
178de5ae929e85eb8d6c623207571d2b 495502 doc extra
gnu-smalltalk-doc_3.1-2_all.deb
46d0ba28ae6911f294a8ef4cb490799f 1462956 interpreters extra
gnu-smalltalk-common_3.1-2_all.deb
f9c4b7d592c1fccca59e287125a5fb80 80644 interpreters extra
gnu-smalltalk-el_3.1-2_all.deb
b76d6e0cb9dba968215440cbc9eefe23 72870 interpreters extra
libpostgresql-gst_3.1-2_all.deb
2ac584c5be1cc81521df838949072898 82432 interpreters extra
libncurses-gst_3.1-2_all.deb
e0ef75109e14e5c06f31dc5c5c1ef497 736932 interpreters extra
gnu-smalltalk_3.1-2_amd64.deb
72525f87456653426db3531b8af549f3 359436 libs extra libgst7_3.1-2_amd64.deb
d4c861b60836019bc2f05f398e8c081f 453428 libdevel extra
libgst-dev_3.1-2_amd64.deb
ead483aa3a596ec289c0d54c13f4da34 75770 interpreters extra
libsqlite3-gst_3.1-2_amd64.deb
ce82c98101684d784b37b9fb92e50f0b 71406 interpreters extra
libgdbm-gst_3.1-2_amd64.deb
1dd8227eb2d7fd7e688de4b45ff6d41d 192730 interpreters extra
libtk-gst_3.1-2_amd64.deb
a476cbad3af0dac7f1caabb09e2a9e8c 258062 interpreters extra
libgtk2-gst_3.1-2_amd64.deb
fc6165aaf4ebe9aa3703590f60d9c658 143706 interpreters extra
gnu-smalltalk-browser_3.1-2_amd64.deb
36793f3f4086efba9680c1a0aa163be0 74660 interpreters extra
zlib-gst_3.1-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAks2EIkACgkQz2LXlDjmjg4jLACgp5UFTyp1OxEmxJGB01J92Jrg
sx8AnAiGN8wFua4oasbKXrupM4R+5wmz
=0/Mk
-----END PGP SIGNATURE-----
--- End Message ---
