Bug#591204: marked as done (CVE-2010-2526: insecure communication between lvm2 and clvmd)

Debian Bug Tracking System Wed, 25 Aug 2010 13:06:57 -0700

Your message dated Wed, 25 Aug 2010 20:03:02 +0000
with message-id <e1oomba-0003ju...@franck.debian.org>
and subject line Bug#591204: fixed in lvm2 2.02.39-8
has caused the Debian Bug report #591204,
regarding CVE-2010-2526: insecure communication between lvm2 and clvmd
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
591204: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591204
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: clvm
Severity: grave
Tags: security

Please see

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2526

https://www.redhat.com/archives/rhsa-announce/2010-July/msg00021.html
https://www.redhat.com/archives/rhsa-announce/2010-July/msg00022.html

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages clvm depends on:
ii  libc6                        2.11.2-2    Embedded GNU C Library: Shared lib
pn  libcman2                     <none>      (no description available)
ii  libdevmapper1.02.1           2:1.02.48-2 The Linux Kernel Device Mapper use
pn  libdlm2                      <none>      (no description available)
ii  libreadline5                 5.2-7       GNU readline and history libraries
pn  lvm2                         <none>      (no description available)

clvm recommends no packages.

Versions of packages clvm suggests:
pn  cman                          <none>     (no description available)

--- End Message ---

--- Begin Message ---

Source: lvm2
Source-Version: 2.02.39-8

We believe that the bug you reported is fixed in the latest version of
lvm2, which is due to be installed in the Debian FTP archive:

clvm_2.02.39-8_amd64.deb
  to main/l/lvm2/clvm_2.02.39-8_amd64.deb
lvm2-udeb_2.02.39-8_amd64.udeb
  to main/l/lvm2/lvm2-udeb_2.02.39-8_amd64.udeb
lvm2_2.02.39-8.diff.gz
  to main/l/lvm2/lvm2_2.02.39-8.diff.gz
lvm2_2.02.39-8.dsc
  to main/l/lvm2/lvm2_2.02.39-8.dsc
lvm2_2.02.39-8_amd64.deb
  to main/l/lvm2/lvm2_2.02.39-8_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 591...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Blank <wa...@debian.org> (supplier of updated lvm2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 19 Aug 2010 16:19:35 +0200
Source: lvm2
Binary: lvm2 lvm2-udeb clvm
Architecture: source amd64
Version: 2.02.39-8
Distribution: stable-security
Urgency: high
Maintainer: Debian LVM Team <pkg-lvm-maintain...@lists.alioth.debian.org>
Changed-By: Bastian Blank <wa...@debian.org>
Description: 
 clvm       - Cluster LVM Daemon for lvm2
 lvm2       - The Linux Logical Volume Manager
 lvm2-udeb  - The Linux Logical Volume Manager (udeb)
Closes: 591204
Changes: 
 lvm2 (2.02.39-8) stable-security; urgency=high
 .
   * CVE-2010-2526: Fix insecure communication between lvm2 and clvmd.
    (Closes: #591204)
Checksums-Sha1: 
 fe00437ea46d2b09519ca274559482fc3399bbab 1132 lvm2_2.02.39-8.dsc
 dd1edf0b15e39e59613553d876e21eb89d782bba 594342 lvm2_2.02.39.orig.tar.gz
 8af4008c043d4aa987529cd3ae007e49b5b91725 17393 lvm2_2.02.39-8.diff.gz
 7c755aa1823afa7b0c3388c3dbc2581c13e061a7 365790 lvm2_2.02.39-8_amd64.deb
 36c9c70464632d8377e8d39c6bf2b0d666e322f2 237884 clvm_2.02.39-8_amd64.deb
 fc0e3fd541a32289bb0967ff5248a3e0dc170e3b 225468 lvm2-udeb_2.02.39-8_amd64.udeb
Checksums-Sha256: 
 f49e9b6acefe1c347e61d4ef6b196b2aa5302878362db5e9b24133d3c0873f71 1132 
lvm2_2.02.39-8.dsc
 2edd044021c345d0e6f5bda2a2ea0d7422800fbfa2db66a44794a3b52d119c47 594342 
lvm2_2.02.39.orig.tar.gz
 b0a469d82f69dcfad834657f9802ee140e9a1e3682b7b7672e8b5c24b57ab2fe 17393 
lvm2_2.02.39-8.diff.gz
 ecb41127bf9e04b08e78770b3356c3e914a7734a94b428fe99b16267010ee1b9 365790 
lvm2_2.02.39-8_amd64.deb
 ca8a51f8e5c05823e3731744fd86fae2abbdfe89aeac06491da5ba5c153c5331 237884 
clvm_2.02.39-8_amd64.deb
 e284634c91defc6db84e10648e2dfa4c85741d92b717de813ea2f487575cfa41 225468 
lvm2-udeb_2.02.39-8_amd64.udeb
Files: 
 a0c84982012567f3ca824e7bdeae7637 1132 admin optional lvm2_2.02.39-8.dsc
 1450ae55a89ea98e4ea51ad7f4ba22d4 594342 admin optional lvm2_2.02.39.orig.tar.gz
 fb9151fdf32540e15eb245389d9d5903 17393 admin optional lvm2_2.02.39-8.diff.gz
 dcc943057cd272357b6650f1eefac73a 365790 admin optional lvm2_2.02.39-8_amd64.deb
 a0125354fa125136d2f9ec3de006cdc2 237884 admin extra clvm_2.02.39-8_amd64.deb
 8c8e5331e9ddb80e616ae52e766007fd 225468 debian-installer optional 
lvm2-udeb_2.02.39-8_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkxtWtQACgkQLkAIIn9ODhHkcACgm1djZHRxG6XMT/C9KHceYATu
24MAoKyeYWh3YqY6skNHb10ko7pbhoES
=46ab
-----END PGP SIGNATURE-----

--- End Message ---

Bug#591204: marked as done (CVE-2010-2526: insecure communication between lvm2 and clvmd)

Reply via email to