Bug#591204: marked as done (CVE-2010-2526: insecure communication between lvm2 and clvmd)

Debian Bug Tracking System Thu, 19 Aug 2010 06:06:36 -0700

Your message dated Thu, 19 Aug 2010 13:02:25 +0000
with message-id <e1om4lf-0001vz...@franck.debian.org>
and subject line Bug#591204: fixed in lvm2 2.02.66-3
has caused the Debian Bug report #591204,
regarding CVE-2010-2526: insecure communication between lvm2 and clvmd
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
591204: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591204
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: clvm
Severity: grave
Tags: security

Please see

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2526

https://www.redhat.com/archives/rhsa-announce/2010-July/msg00021.html
https://www.redhat.com/archives/rhsa-announce/2010-July/msg00022.html

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages clvm depends on:
ii  libc6                        2.11.2-2    Embedded GNU C Library: Shared lib
pn  libcman2                     <none>      (no description available)
ii  libdevmapper1.02.1           2:1.02.48-2 The Linux Kernel Device Mapper use
pn  libdlm2                      <none>      (no description available)
ii  libreadline5                 5.2-7       GNU readline and history libraries
pn  lvm2                         <none>      (no description available)

clvm recommends no packages.

Versions of packages clvm suggests:
pn  cman                          <none>     (no description available)

--- End Message ---

--- Begin Message ---

Source: lvm2
Source-Version: 2.02.66-3

We believe that the bug you reported is fixed in the latest version of
lvm2, which is due to be installed in the Debian FTP archive:

clvm_2.02.66-3_amd64.deb
  to main/l/lvm2/clvm_2.02.66-3_amd64.deb
dmsetup-udeb_1.02.48-3_amd64.udeb
  to main/l/lvm2/dmsetup-udeb_1.02.48-3_amd64.udeb
dmsetup_1.02.48-3_amd64.deb
  to main/l/lvm2/dmsetup_1.02.48-3_amd64.deb
libdevmapper-dev_1.02.48-3_amd64.deb
  to main/l/lvm2/libdevmapper-dev_1.02.48-3_amd64.deb
libdevmapper1.02.1-udeb_1.02.48-3_amd64.udeb
  to main/l/lvm2/libdevmapper1.02.1-udeb_1.02.48-3_amd64.udeb
libdevmapper1.02.1_1.02.48-3_amd64.deb
  to main/l/lvm2/libdevmapper1.02.1_1.02.48-3_amd64.deb
liblvm2-dev_2.02.66-3_amd64.deb
  to main/l/lvm2/liblvm2-dev_2.02.66-3_amd64.deb
liblvm2app2.2_2.02.66-3_amd64.deb
  to main/l/lvm2/liblvm2app2.2_2.02.66-3_amd64.deb
liblvm2cmd2.02_2.02.66-3_amd64.deb
  to main/l/lvm2/liblvm2cmd2.02_2.02.66-3_amd64.deb
lvm2-udeb_2.02.66-3_amd64.udeb
  to main/l/lvm2/lvm2-udeb_2.02.66-3_amd64.udeb
lvm2_2.02.66-3.debian.tar.gz
  to main/l/lvm2/lvm2_2.02.66-3.debian.tar.gz
lvm2_2.02.66-3.dsc
  to main/l/lvm2/lvm2_2.02.66-3.dsc
lvm2_2.02.66-3_amd64.deb
  to main/l/lvm2/lvm2_2.02.66-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 591...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Blank <wa...@debian.org> (supplier of updated lvm2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 19 Aug 2010 14:44:02 +0200
Source: lvm2
Binary: lvm2 lvm2-udeb clvm libdevmapper-dev libdevmapper1.02.1 
libdevmapper1.02.1-udeb dmsetup dmsetup-udeb liblvm2app2.2 liblvm2cmd2.02 
liblvm2-dev
Architecture: source amd64
Version: 2.02.66-3
Distribution: unstable
Urgency: high
Maintainer: Debian LVM Team <pkg-lvm-maintain...@lists.alioth.debian.org>
Changed-By: Bastian Blank <wa...@debian.org>
Description: 
 clvm       - Cluster LVM Daemon for lvm2
 dmsetup    - The Linux Kernel Device Mapper userspace library
 dmsetup-udeb - The Linux Kernel Device Mapper userspace library (udeb)
 libdevmapper-dev - The Linux Kernel Device Mapper header files
 libdevmapper1.02.1 - The Linux Kernel Device Mapper userspace library
 libdevmapper1.02.1-udeb - The Linux Kernel Device Mapper userspace library 
(udeb)
 liblvm2-dev - LVM2 libraries - development files
 liblvm2app2.2 - LVM2 application library
 liblvm2cmd2.02 - LVM2 command library
 lvm2       - The Linux Logical Volume Manager
 lvm2-udeb  - The Linux Logical Volume Manager (udeb)
Closes: 591204
Changes: 
 lvm2 (2.02.66-3) unstable; urgency=high
 .
   * Import upstream version 2.02.72:
     - CVE-2010-2526: Fix insecure communication between lvm2 and clvmd.
      (Closes: #591204)
     - Only use single node clvm if explicitly requested.
Checksums-Sha1: 
 dee8aa1838bc12e4c0b19ea099f2683566252c07 1449 lvm2_2.02.66-3.dsc
 978cbca884ccd72573f8a427c10b6392bb3dc808 34832 lvm2_2.02.66-3.debian.tar.gz
 b64262635c79d4e234088d52ebac134ab01712f6 85206 
libdevmapper1.02.1_1.02.48-3_amd64.deb
 ae60dd416dafbd15cf53fcab1c68a3335db9cbae 52966 
libdevmapper1.02.1-udeb_1.02.48-3_amd64.udeb
 c76aacd564234f8c2537d02eb94d7eadb351c097 32480 
libdevmapper-dev_1.02.48-3_amd64.deb
 287f15f90dac849afdb537ba3b1f6416e7524ff8 56566 dmsetup_1.02.48-3_amd64.deb
 c69573a7e8c245593d6d6183e8b845e8ab39b8fc 21646 
dmsetup-udeb_1.02.48-3_amd64.udeb
 53b19497a0a565e6dfdd3b255e1ad5fdbf8621fd 257422 
liblvm2app2.2_2.02.66-3_amd64.deb
 640e16ab08a85f4b6e049702783c21c7ae2d5a60 343224 
liblvm2cmd2.02_2.02.66-3_amd64.deb
 9c68f036796f47d64084b7a0dcd8636d5f6b8c27 53022 liblvm2-dev_2.02.66-3_amd64.deb
 4dd1c6622e7ca4eeab96307c10aecdab375b0b00 447822 lvm2_2.02.66-3_amd64.deb
 deb4e3114b3d965514670ae41ef04a9f3e17481d 272350 lvm2-udeb_2.02.66-3_amd64.udeb
 106ff974c2e880ae69d35e8980f87d83953afeac 281156 clvm_2.02.66-3_amd64.deb
Checksums-Sha256: 
 052b3597e5165132fe4512ea965f43552212fefb1ea70388112c18434c9634be 1449 
lvm2_2.02.66-3.dsc
 45175c773cb712c37e48548faf0d8fcde347db044ad0be2bd4e80461db57b4b0 34832 
lvm2_2.02.66-3.debian.tar.gz
 2cd052dd772413ea287a98c76d5dc746c14ed061c8183ae3c6b8a2c109dd6718 85206 
libdevmapper1.02.1_1.02.48-3_amd64.deb
 bcfdb5408fdff9526759312ba392a4d36fc5849eb8d9e4f0045c8ad9bf9b8044 52966 
libdevmapper1.02.1-udeb_1.02.48-3_amd64.udeb
 2e2a0217a3d4c93cbec1742a7b79c1a4b0937818a0cda3e3f87d504da621e8d2 32480 
libdevmapper-dev_1.02.48-3_amd64.deb
 80a3cb7176b122858b18b93085133f80c882f5166b78ce19170e71ddef6a2a42 56566 
dmsetup_1.02.48-3_amd64.deb
 01c7a30ab1f7060c6471673d30d5e5b1ac48eb8a3103dff2e3058df1a7deecf6 21646 
dmsetup-udeb_1.02.48-3_amd64.udeb
 cb187a487ac3a13707b054b3bffd903ea2cac1c1226ce08eb5480fb21a027693 257422 
liblvm2app2.2_2.02.66-3_amd64.deb
 e9532f7895a12cba2266a7a4d44b515a090302dce00830af0f0b88e936d7865b 343224 
liblvm2cmd2.02_2.02.66-3_amd64.deb
 54beb8093531c4ca6c119856298343e91ea1f4daf0e4d95c20fd6b335d0d67f0 53022 
liblvm2-dev_2.02.66-3_amd64.deb
 a9221ffc6dbdc5b35c29faeb229577fab6707ac8e540c31ed0468f54e21e1853 447822 
lvm2_2.02.66-3_amd64.deb
 9ba4b87b2e2c6ebe5ca9b0ce868ba64f7b605eb35ef8d5f5aa1d43462d90a76f 272350 
lvm2-udeb_2.02.66-3_amd64.udeb
 e6bbe3efb79b445a6899d8c54f7e57dd7c9af21b6c2c9d046f501a899c54ab54 281156 
clvm_2.02.66-3_amd64.deb
Files: 
 c461c8407cadedcc7585d772f42ea99e 1449 admin optional lvm2_2.02.66-3.dsc
 f90e175212d97e5eda524adb84e4409f 34832 admin optional 
lvm2_2.02.66-3.debian.tar.gz
 0bc52936d36ac2ae27f73acd537a7d7c 85206 libs required 
libdevmapper1.02.1_1.02.48-3_amd64.deb
 e4b6cc12433307ded390da7be28431ab 52966 debian-installer optional 
libdevmapper1.02.1-udeb_1.02.48-3_amd64.udeb
 0fc316f6f396b57a834406a347207404 32480 libdevel optional 
libdevmapper-dev_1.02.48-3_amd64.deb
 4092bfffe03cd933c0dd96ee53dfe7cb 56566 admin optional 
dmsetup_1.02.48-3_amd64.deb
 e84cdc234cd08ea84f19d4231eb1412d 21646 debian-installer optional 
dmsetup-udeb_1.02.48-3_amd64.udeb
 7a8d2e16276e099c734bf9a74104a635 257422 libs optional 
liblvm2app2.2_2.02.66-3_amd64.deb
 32e8160b58f671f06a015deeaa2c607c 343224 libs optional 
liblvm2cmd2.02_2.02.66-3_amd64.deb
 a889f270e38f88cad2098497450e2f68 53022 libdevel optional 
liblvm2-dev_2.02.66-3_amd64.deb
 aeadf2b9988f0a76d87b8257cea5751d 447822 admin optional lvm2_2.02.66-3_amd64.deb
 c8a38401f950c6ce1a16223a9fb4c0eb 272350 debian-installer optional 
lvm2-udeb_2.02.66-3_amd64.udeb
 4ad75fcf0e31454e66e377e95e35ed33 281156 admin extra clvm_2.02.66-3_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkxtKDYACgkQLkAIIn9ODhGxfQCfeRAWv8jN2y5/ZdFni4xeyyke
0oMAoLt3RR7QAIpsGhWmWLOMW0VyUMGh
=Gj0f
-----END PGP SIGNATURE-----

--- End Message ---

Bug#591204: marked as done (CVE-2010-2526: insecure communication between lvm2 and clvmd)

Reply via email to