Your message dated Wed, 20 Oct 2010 12:02:30 +0000 with message-id <e1p8xng-0002ap...@franck.debian.org> and subject line Bug#598424: fixed in texmacs 1:1.0.7.4-3 has caused the Debian Bug report #598424, regarding texmacs: CVE-2010-3394: insecure library loading to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 598424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598424 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: texmacs Version: 1:1.0.7.4-2 Severity: grave Tags: security User: t...@security.debian.org Usertags: ldpath Hello, During a review of the Debian archive, I've found your package to contain a script that can be abused by an attacker to execute arbitrary code. The vulnerability is introduced by an insecure change to LD_LIBRARY_PATH, an environment variable used by ld.so(8) to look for libraries on a directory other than the standard paths. Vulnerable code follows: /usr/lib/texmacs/TeXmacs/bin/tm_mupad_help line 29: LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${MuPAD_ROOT_PATH}/${SYSINFO}/lib:/usr/local/X11R6/motif-2.0/lib:/usr/local/X11R6/lib:$MuPAD_ROOT_PATH/$SYSINFO/bin /usr/bin/texmacs line 30: LD_LIBRARY_PATH="$TEXMACS_BIN_PATH/lib${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}" When there's an empty item on the colon-separated list of LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.) If the given script is executed from a directory where a potential, local, attacker can write files to, there's a chance to exploit this bug. This vulnerability has been assigned the CVE id CVE-2010-3394. Please make sure you mention it when forwarding this report to upstream and when fixing this bug (everywhere: upstream and here at Debian.) [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3394 [1] http://security-tracker.debian.org/tracker/CVE-2010-3394 Sincerely, Raphael Geissert
--- End Message ---
--- Begin Message ---Source: texmacs Source-Version: 1:1.0.7.4-3 We believe that the bug you reported is fixed in the latest version of texmacs, which is due to be installed in the Debian FTP archive: texmacs-common_1.0.7.4-3_all.deb to main/t/texmacs/texmacs-common_1.0.7.4-3_all.deb texmacs_1.0.7.4-3.diff.gz to main/t/texmacs/texmacs_1.0.7.4-3.diff.gz texmacs_1.0.7.4-3.dsc to main/t/texmacs/texmacs_1.0.7.4-3.dsc texmacs_1.0.7.4-3_i386.deb to main/t/texmacs/texmacs_1.0.7.4-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 598...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Atsuhito KOHDA <ko...@debian.org> (supplier of updated texmacs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 20 Oct 2010 15:09:20 +0900 Source: texmacs Binary: texmacs texmacs-common Architecture: source all i386 Version: 1:1.0.7.4-3 Distribution: unstable Urgency: high Maintainer: Atsuhito KOHDA <ko...@debian.org> Changed-By: Atsuhito KOHDA <ko...@debian.org> Description: texmacs - WYSIWYG mathematical text editor using TeX fonts texmacs-common - WYSIWYG mathematical text editor using TeX fonts Closes: 598424 Changes: texmacs (1:1.0.7.4-3) unstable; urgency=high . * Contribution of Etienne Millon <etienne.millon AT gmail.com>. Thanks for Etienne. - Fix security issue CVE-2010-3394 (Closes: #598424) So urgency=high. Checksums-Sha1: 0ed624ceb4782a77e57cc883dd893cbe70154cdd 1302 texmacs_1.0.7.4-3.dsc fe448d542ee646f866596b9d8ce0b28a6bfd9c30 32345 texmacs_1.0.7.4-3.diff.gz 14ae68aacc287119f39d60a609c78a742ee7be0b 3875996 texmacs-common_1.0.7.4-3_all.deb b35b3d3fcd4922c9f3deb0a9a275f85df961fb56 1752732 texmacs_1.0.7.4-3_i386.deb Checksums-Sha256: 4468b7775371f125d825440a313af492375e79dddb62868c15f78f918046d472 1302 texmacs_1.0.7.4-3.dsc d08d7153e414d97404e653deb330cce0f7ec6cebbcea6458a8af917a88eb80bc 32345 texmacs_1.0.7.4-3.diff.gz e17b29dc877f505139f1146c5d677f2f92ff26f3731b667e6a549a02e7762fd5 3875996 texmacs-common_1.0.7.4-3_all.deb 05fa3a71c42f7a2e90034b3a03232e87e50b3caaed09573e41128869f623fbb3 1752732 texmacs_1.0.7.4-3_i386.deb Files: 4274c1d6b724a1ec0acc7729c2d39e09 1302 editors optional texmacs_1.0.7.4-3.dsc 99dfedbffb9d916844d1a1e4d25fc759 32345 editors optional texmacs_1.0.7.4-3.diff.gz d37e6782303dbc6a01e263db6809ecf6 3875996 editors optional texmacs-common_1.0.7.4-3_all.deb 5bfbbea0ba3384b5af8a342c8e220888 1752732 editors optional texmacs_1.0.7.4-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAky+zIMACgkQ1IXdL1v6kOzfqwCeO4cKIyB5CMBNob7DWo3fqAHw KwgAn1VxYfqAUsyXrLGLtxsf2oBsU1WT =13W1 -----END PGP SIGNATURE-----
--- End Message ---
