Your message dated Fri, 26 Aug 2005 00:35:49 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#274342: CAN-2004-0815 - Can this bug finally be closed?
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 1 Oct 2004 09:24:57 +0000
>From [EMAIL PROTECTED] Fri Oct 01 02:24:57 2004
Return-path: <[EMAIL PROTECTED]>
Received: from mail.enyo.de [212.9.189.167]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CDJer-0000TA-00; Fri, 01 Oct 2004 02:24:57 -0700
Received: (debugging) helo=deneb.enyo.de ip=212.9.189.171 name=deneb.enyo.de
Received: from deneb.enyo.de ([212.9.189.171])
by mail.enyo.de with esmtp id 1CDJeq-0001up-2R
for [EMAIL PROTECTED]; Fri, 01 Oct 2004 11:24:56 +0200
Received: from fw by deneb.enyo.de with local (Exim 4.34)
id 1CDJep-0001Oo-Md; Fri, 01 Oct 2004 11:24:55 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Florian Weimer <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: samba: [CAN-2004-0815] access outside of shared path
X-Mailer: reportbug 2.99.3
Date: Fri, 01 Oct 2004 11:24:55 +0200
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: samba
Version: 2.2.3a-13
Severity: grave
Tags: security woody fixed-upstream
Justification: user security hole
Upstream announced a new security bug:
Security Notice -- CVE CAN-2004-0815
A security vulnerability has been located in Samba 2.2.x <= 2.2.11 and
Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain access to
files which exist outside of the share's defined path. Such files must
still be readable by the account used for the connection.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (800, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8.1
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8
---------------------------------------
Received: (at 274342-done) by bugs.debian.org; 26 Aug 2005 07:35:50 +0000
>From [EMAIL PROTECTED] Fri Aug 26 00:35:50 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (tennyson.netexpress.net)
[66.93.39.86]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E8Ykg-0000ZH-00; Fri, 26 Aug 2005 00:35:50 -0700
Received: by tennyson.netexpress.net (Postfix, from userid 1003)
id DEF6B7049; Fri, 26 Aug 2005 00:35:49 -0700 (PDT)
Date: Fri, 26 Aug 2005 00:35:49 -0700
From: Steve Langasek <[EMAIL PROTECTED]>
To: Sven Mueller <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#274342: CAN-2004-0815 - Can this bug finally be closed?
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="u3/rZRmxL6MmkK24"
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--u3/rZRmxL6MmkK24
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Aug 23, 2005 at 07:42:38PM +0200, Sven Mueller wrote:
> 2.2.3a-15 is in the latest Woody version, released well after this bug
> had been tagged pending. So can this bug be closed? Yes or no? ;-)
> I#m just trying to clean up the list of security tagged bugs a bit,
> especially for packages I use (OK, I don't use samba 2.2 anymore, but
> samba 3).
Yes, it can be closed. I tried to close it once before, but the
submitter felt it was necessary to keep it open even though the source
packages (including final changelog) for 2.2.3a-14 had already been
turned over to the security team before the bug was opened.
--=20
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
--u3/rZRmxL6MmkK24
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDDsZVKN6ufymYLloRAu1FAKCXl8NePHua8SHwYD2M+WYftvSdfgCfVm6w
JPPh3xqQ2tCWfnxeKikfb+4=
=1gDT
-----END PGP SIGNATURE-----
--u3/rZRmxL6MmkK24--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
