Your message dated Thu, 06 May 2010 08:34:37 +0000
with message-id <e1o9wxv-0004ee...@ries.debian.org>
and subject line Bug#574935: fixed in iscsitarget 0.4.16+svn162-3.1+lenny1
has caused the Debian Bug report #574935,
regarding iscsitarget: Format string vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
574935: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: iscsitarget
Version: 0.4.16+svn162-3
Severity: critical
Tags: security
Justification: root security hole
There is at least two remotely exploitable format string vulnerabilities in the
debian stable package... which have been fixed upstream.
isns.c:302
isns.c:690
The default init script encourage users to run ietd as root (see the following
bugs)
#545536 iscsitarget: allow running as non-root
#566509 New upstream version
Please fix it.
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages iscsitarget depends on:
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libssl0.9.8 0.9.8g-15+lenny6 SSL shared libraries
Versions of packages iscsitarget recommends:
pn iscsitarget-module <none> (no description available)
Versions of packages iscsitarget suggests:
pn iscsitarget-source <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: iscsitarget
Source-Version: 0.4.16+svn162-3.1+lenny1
We believe that the bug you reported is fixed in the latest version of
iscsitarget, which is due to be installed in the Debian FTP archive:
iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
to main/i/iscsitarget/iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 574...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luciano Bello <luci...@debian.org> (supplier of updated iscsitarget package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 26 Apr 2010 21:15:55 -0300
Source: iscsitarget
Binary: iscsitarget iscsitarget-source
Architecture: source i386 all
Version: 0.4.16+svn162-3.1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Philipp Hug <deb...@hug.cx>
Changed-By: Luciano Bello <luci...@debian.org>
Description:
iscsitarget - iSCSI Enterprise Target userland tools
iscsitarget-source - iSCSI Enterprise Target kernel module source
Closes: 574935
Changes:
iscsitarget (0.4.16+svn162-3.1+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2010-0743: two format string vulnerabilities fixed in isns.c:302
and isns.c:690, reported by Florent Daigniere. Closes: #574935.
Checksums-Sha1:
b75aaf7f2c5d33b91c13f68ea103697460150bc6 1193
iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
c5e6e1c4fd969647b3a7cc442b6a616f49c2c249 354607
iscsitarget_0.4.16+svn162.orig.tar.gz
3cbe3189c0195ec1c3663542409716590fa28e0b 6743
iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
4a9b7673a37713d92f8415b8f562a81396c8aeda 55872
iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
18e68454c7e35311e62509dba1d1d28e927c6bf2 42926
iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
Checksums-Sha256:
fd41d3eabbc707f3eaa4501deb1b0f54533f0707aeb2c30315e6143812ed139d 1193
iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
a962361a817f2ed27fc060b11f6db68bc899dbc73985373c2ed8a3c6c7827971 354607
iscsitarget_0.4.16+svn162.orig.tar.gz
15fa9979475807fdbdcb212e3527665b9043feddd278a3e0eb71705f43622cbc 6743
iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
c9a175a6f4fc86e4c8898510dd91072abc16901612dbd0eb82228f1e3423f476 55872
iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
d9b8c31f4036d0ab77098aed562369250c369a683d7145928d5da3e7688c4038 42926
iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
Files:
df8ae44c0366731c4102f1c5290f6c15 1193 net optional
iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
7105541d6b64f75852a725bcc26636bf 354607 net optional
iscsitarget_0.4.16+svn162.orig.tar.gz
d529b9d00d84471b032a425596ee63fe 6743 net optional
iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
4b76ecbc8b77f188fddeb22c85340730 55872 net optional
iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
006bfefbd074b9dbf72843ef643ff8df 42926 net optional
iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkvYbZEACgkQQWTRs4lLtHm0vwCgnjjl2J07njPgKgMfiplm1HKz
cXMAoJDDrF92LPpxNK+74vzDKZKEQH3T
=7LN4
-----END PGP SIGNATURE-----
--- End Message ---
