Your message dated Mon, 06 Dec 2010 21:20:58 +0000 with message-id <e1ppiuu-0001e1...@franck.debian.org> and subject line Bug#598424: fixed in texmacs 1:1.0.7.4-3.1 has caused the Debian Bug report #598424, regarding texmacs: CVE-2010-3394: insecure library loading to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 598424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598424 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: texmacs Version: 1:1.0.7.4-2 Severity: grave Tags: security User: t...@security.debian.org Usertags: ldpath Hello, During a review of the Debian archive, I've found your package to contain a script that can be abused by an attacker to execute arbitrary code. The vulnerability is introduced by an insecure change to LD_LIBRARY_PATH, an environment variable used by ld.so(8) to look for libraries on a directory other than the standard paths. Vulnerable code follows: /usr/lib/texmacs/TeXmacs/bin/tm_mupad_help line 29: LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${MuPAD_ROOT_PATH}/${SYSINFO}/lib:/usr/local/X11R6/motif-2.0/lib:/usr/local/X11R6/lib:$MuPAD_ROOT_PATH/$SYSINFO/bin /usr/bin/texmacs line 30: LD_LIBRARY_PATH="$TEXMACS_BIN_PATH/lib${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}" When there's an empty item on the colon-separated list of LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.) If the given script is executed from a directory where a potential, local, attacker can write files to, there's a chance to exploit this bug. This vulnerability has been assigned the CVE id CVE-2010-3394. Please make sure you mention it when forwarding this report to upstream and when fixing this bug (everywhere: upstream and here at Debian.) [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3394 [1] http://security-tracker.debian.org/tracker/CVE-2010-3394 Sincerely, Raphael Geissert
--- End Message ---
--- Begin Message ---Source: texmacs Source-Version: 1:1.0.7.4-3.1 We believe that the bug you reported is fixed in the latest version of texmacs, which is due to be installed in the Debian FTP archive: texmacs-common_1.0.7.4-3.1_all.deb to main/t/texmacs/texmacs-common_1.0.7.4-3.1_all.deb texmacs_1.0.7.4-3.1.diff.gz to main/t/texmacs/texmacs_1.0.7.4-3.1.diff.gz texmacs_1.0.7.4-3.1.dsc to main/t/texmacs/texmacs_1.0.7.4-3.1.dsc texmacs_1.0.7.4-3.1_amd64.deb to main/t/texmacs/texmacs_1.0.7.4-3.1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 598...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mehdi Dogguy <me...@debian.org> (supplier of updated texmacs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 04 Dec 2010 20:40:54 +0100 Source: texmacs Binary: texmacs texmacs-common Architecture: source all amd64 Version: 1:1.0.7.4-3.1 Distribution: testing-proposed-updates Urgency: low Maintainer: Atsuhito KOHDA <ko...@debian.org> Changed-By: Mehdi Dogguy <me...@debian.org> Description: texmacs - WYSIWYG mathematical text editor using TeX fonts texmacs-common - WYSIWYG mathematical text editor using TeX fonts Closes: 598424 Changes: texmacs (1:1.0.7.4-3.1) testing-proposed-updates; urgency=low . * Non-maintainer upload. * Fix security issue CVE-2010-3394 (Closes: #598424) - make the substitutions in misc/bundle/TeXmacs too Checksums-Sha1: f970efcb7e1842fce77e212850512d05ee272538 1950 texmacs_1.0.7.4-3.1.dsc 12c50ac24cca63961e3d0bb56307593e85fffa01 32813 texmacs_1.0.7.4-3.1.diff.gz 08b955042b2d6663bcc672f99785c24a4d3c8ec0 3897310 texmacs-common_1.0.7.4-3.1_all.deb f5174d35104a3c98ed283199e6bbc2acd01ca133 1954632 texmacs_1.0.7.4-3.1_amd64.deb Checksums-Sha256: c92206fc0fb7efa39c2262dc059aec19483f6853598348560ced6d7f49fbbc68 1950 texmacs_1.0.7.4-3.1.dsc 0c909f91345c818527080debf19e77173c28a06b3619f59102eed6a1dc1fc943 32813 texmacs_1.0.7.4-3.1.diff.gz 9e1f376a6027bc5280357cd7254be4a8f0524ed3431937ff99431993b05478f6 3897310 texmacs-common_1.0.7.4-3.1_all.deb 997e233f5d01f934df3615cfc68cdf455bc2fc8017ab5a6912dd70949a412847 1954632 texmacs_1.0.7.4-3.1_amd64.deb Files: 6ffeb7a8e37b99558b74dc45f5a77b4d 1950 editors optional texmacs_1.0.7.4-3.1.dsc ee552ec97e641838b109aefb425b7a7c 32813 editors optional texmacs_1.0.7.4-3.1.diff.gz f61e70721de9a33050ad867e0d452d66 3897310 editors optional texmacs-common_1.0.7.4-3.1_all.deb d8e41f43fe00237a4f32a450056aec62 1954632 editors optional texmacs_1.0.7.4-3.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJM+qVrAAoJEDO+GgqMLtj/WysP/2H9IZ+SahO1BUQqUzEe8bpr j0asXkAfIpwlfeMJCa4tsUouoW2ZoP4RmZTopmUIyeZso777T+fqmnbG6Q/Xos+1 gkrKBgnwm2cDg5UiS/hjkheSRGFMXYaz92OrkgZcLV49FPP9PrIMDzMcM8UMDBWN DZYle6R2J1L/0M5i0MK5r+UWROgnwNXBV4aPrn7cgaC0R9lygt34v7E3+O2g2M4g RXuilOJcX4jQEv52IZwv0rlEmGJ/4fQ0KK8WWcDeWt13pmQSgtdX1AkQqtl16vHQ wkW7iZqdJFM3NRBrbecZgU7apN3FGWcpd3yhhDPOkizx7ABHJinlPrfTSvAWFEPT WKles+zs1Oluduk/7CyrEh2OcAhEUc5YUpMDXSc94E+GYrbuS6CGsde9Fn/EyDD4 6/G011FMKWENCwBgfh8jNp8sYyupNgMkOX0qB5ICrtQBVjIo73nYfe41jBFnnEkO 6cYrFqyjkR0tzp1P08lhmC6TORPI9pXhS9n85CrIA3xVEUimuHkwMR9c4EZxCdOJ zXt/l7uXTjfRYHd+7Bs2mSgHNWRhv4omQSyI/EETyscHpdweRvbn4gK+Q/Hh+tI9 svBfHkW552AQ17FPG9oY2G9wv487b0ZABCqbjKyDwMjDd7wo6wmDSnWHGm19WO32 X/vXCOPcJ/JP31d9PvMt =dKX7 -----END PGP SIGNATURE-----
--- End Message ---
