Your message dated Mon, 06 Dec 2010 20:34:32 +0000 with message-id <e1pphly-0003gz...@franck.debian.org> and subject line Bug#598424: fixed in texmacs 1:1.0.7.7-1.1 has caused the Debian Bug report #598424, regarding texmacs: CVE-2010-3394: insecure library loading to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 598424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598424 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: texmacs Version: 1:1.0.7.4-2 Severity: grave Tags: security User: t...@security.debian.org Usertags: ldpath Hello, During a review of the Debian archive, I've found your package to contain a script that can be abused by an attacker to execute arbitrary code. The vulnerability is introduced by an insecure change to LD_LIBRARY_PATH, an environment variable used by ld.so(8) to look for libraries on a directory other than the standard paths. Vulnerable code follows: /usr/lib/texmacs/TeXmacs/bin/tm_mupad_help line 29: LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${MuPAD_ROOT_PATH}/${SYSINFO}/lib:/usr/local/X11R6/motif-2.0/lib:/usr/local/X11R6/lib:$MuPAD_ROOT_PATH/$SYSINFO/bin /usr/bin/texmacs line 30: LD_LIBRARY_PATH="$TEXMACS_BIN_PATH/lib${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}" When there's an empty item on the colon-separated list of LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.) If the given script is executed from a directory where a potential, local, attacker can write files to, there's a chance to exploit this bug. This vulnerability has been assigned the CVE id CVE-2010-3394. Please make sure you mention it when forwarding this report to upstream and when fixing this bug (everywhere: upstream and here at Debian.) [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3394 [1] http://security-tracker.debian.org/tracker/CVE-2010-3394 Sincerely, Raphael Geissert
--- End Message ---
--- Begin Message ---Source: texmacs Source-Version: 1:1.0.7.7-1.1 We believe that the bug you reported is fixed in the latest version of texmacs, which is due to be installed in the Debian FTP archive: texmacs-common_1.0.7.7-1.1_all.deb to main/t/texmacs/texmacs-common_1.0.7.7-1.1_all.deb texmacs_1.0.7.7-1.1.diff.gz to main/t/texmacs/texmacs_1.0.7.7-1.1.diff.gz texmacs_1.0.7.7-1.1.dsc to main/t/texmacs/texmacs_1.0.7.7-1.1.dsc texmacs_1.0.7.7-1.1_amd64.deb to main/t/texmacs/texmacs_1.0.7.7-1.1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 598...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mehdi Dogguy <me...@debian.org> (supplier of updated texmacs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 04 Dec 2010 20:40:54 +0100 Source: texmacs Binary: texmacs texmacs-common Architecture: source all amd64 Version: 1:1.0.7.7-1.1 Distribution: unstable Urgency: high Maintainer: Atsuhito KOHDA <ko...@debian.org> Changed-By: Mehdi Dogguy <me...@debian.org> Description: texmacs - WYSIWYG mathematical text editor using TeX fonts texmacs-common - WYSIWYG mathematical text editor using TeX fonts Closes: 598424 Changes: texmacs (1:1.0.7.7-1.1) unstable; urgency=high . * Non-maintainer upload. * Fix security issue CVE-2010-3394 (Closes: #598424) - Also make the substitutions in misc/bundle/TeXmacs Checksums-Sha1: cbeb0bcb5a0d3624ab26473203c5b4224762b0a1 1950 texmacs_1.0.7.7-1.1.dsc 40c5d29e1291c3e1c2be793ceee9f2d107745d61 32736 texmacs_1.0.7.7-1.1.diff.gz 149a29a878061ce5e6ce2c1992875ed3ef7ec8cf 3959828 texmacs-common_1.0.7.7-1.1_all.deb 252c61c2312bbe0fa3d41b828318113ae675bcfc 2123032 texmacs_1.0.7.7-1.1_amd64.deb Checksums-Sha256: 7c1d1077d9cd5d169e21bc50d0c06c601512ed31cdca9b85d4a7f049bc3a98e6 1950 texmacs_1.0.7.7-1.1.dsc 960b61d56854408fa129e2279bcd21cedc8d2b820ec3820dd5934c652e3503bd 32736 texmacs_1.0.7.7-1.1.diff.gz 3f30543576e655f6053c3db4d61768afb693a9c17b521df79c301dd1092dc38e 3959828 texmacs-common_1.0.7.7-1.1_all.deb 69328278fa27fe807ad954c2193602f82fd5198aa03e09f126a58739a17d148e 2123032 texmacs_1.0.7.7-1.1_amd64.deb Files: 358818a2e1c7203fad2df12d0d0a49e1 1950 editors optional texmacs_1.0.7.7-1.1.dsc a22b859a7dc67c602b4d5be064b2b0c3 32736 editors optional texmacs_1.0.7.7-1.1.diff.gz bdc0817ec5144a01a0b4e281a9f5b43a 3959828 editors optional texmacs-common_1.0.7.7-1.1_all.deb d3173828a899c0fa1e2a7ad3c56314ee 2123032 editors optional texmacs_1.0.7.7-1.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJM+p4SAAoJEDO+GgqMLtj/rV8P/Ap4dLeP9u9FTOcizOvhZZp4 cBzw9LQ7C01EyWWU7c7YJx2MP2KZ3nqKurdH0iW5i8cuusKjlRVjGzcSBapVI2by /DIhDoLqY3UYzT2rCg4SiUmj4WO3lEGH2zOaiyd2GQXBwARcI3t39cd72ZGX+YhF 262KGg1jNkJ1IYXxU5e5zmTWH1B7+iLi/jOqezh9Z13PVSIb/f8TGte7Xa0WTajy JxMXSD2yGfLEqYTnRllziWT5iAjmZiJop2JYfkaNGhEz5VXbVk+y0quX0lV1LnTV +igLZ1uxBEaLrV2GngWFGSmOj6itdNrlQ7+H1ENPRkZJI0kG4k0/CSw3ZKl2ubnb VN7mMMp+cMk8CYy/j3mqG1TDH03MesIXEcnakx11+7Tja+9A+UoLH4Ie8p2+kyyP zzbNWVz7bGE1T0eCbCfDieQlcnF+pEGLP2rkaG4Bm/s8hgM5MtY608olHhkvQLKd l6oEN5/cYFl0OJ1bATyHlMAbFsXM3xlwLpW2bAXMhreM/3QgT8+jpVQJ1Pu1XDbz XR7UNkCGttbqUQkP+MdG37p1YCOTO5mXySz31avjPGXGVWE87W8ujBcmCWhlhgqf 2dLugyZPqrSYnPA+4TnIW6JS5VBC/e44FiRhFI5cWzDIIG4X/qdgy/FW44XFJBV+ dEGYoCCDd2ZPUzJdq2Cj =FLJg -----END PGP SIGNATURE-----
--- End Message ---
