Your message dated Mon, 04 Jun 2012 20:51:17 +0000
with message-id <e1sbefb-0001qn...@franck.debian.org>
and subject line Bug#675203: fixed in nut 2.4.3-1.1squeeze2
has caused the Debian Bug report #675203,
regarding [CVE-2012-2944] upsd can be remotely crashed
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
675203: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675203
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: nut
Severity: critical
Tags: security patch
The following potential vulnerability had been reported against NUT
(Network UPS Tools):
https://alioth.debian.org/tracker/index.php?func=detail&aid=313636&group_id=30602&atid=411542
The patch has already been committed upstream (development version),
and include more details on the issue:
http://trac.networkupstools.org/projects/nut/changeset/3633
It will be available in 2.6.4, which will be released by the end of the week.
This will fix Sid and Testing.
But Stable is still exposed (NUT 2.4.3). I'm currently preparing an
upload to fix it (2.4.3-1.1squeeze2).
Please use CVE-2012-2944 for this issue.
This CVE is not yet official, but will be on Friday, June Arst 00:00:00 UTC.
cheers,
Arnaud
--
Linux / Unix Expert R&D - Eaton - http://powerquality.eaton.com
Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org/
Debian Developer - http://www.debian.org
Free Software Developer - http://arnaud.quette.free.fr/
--- End Message ---
--- Begin Message ---
Source: nut
Source-Version: 2.4.3-1.1squeeze2
We believe that the bug you reported is fixed in the latest version of
nut, which is due to be installed in the Debian FTP archive:
libupsclient1-dev_2.4.3-1.1squeeze2_i386.deb
to main/n/nut/libupsclient1-dev_2.4.3-1.1squeeze2_i386.deb
libupsclient1_2.4.3-1.1squeeze2_i386.deb
to main/n/nut/libupsclient1_2.4.3-1.1squeeze2_i386.deb
nut-cgi_2.4.3-1.1squeeze2_i386.deb
to main/n/nut/nut-cgi_2.4.3-1.1squeeze2_i386.deb
nut-hal-drivers_2.4.3-1.1squeeze2_i386.deb
to main/n/nut/nut-hal-drivers_2.4.3-1.1squeeze2_i386.deb
nut-powerman-pdu_2.4.3-1.1squeeze2_i386.deb
to main/n/nut/nut-powerman-pdu_2.4.3-1.1squeeze2_i386.deb
nut-snmp_2.4.3-1.1squeeze2_i386.deb
to main/n/nut/nut-snmp_2.4.3-1.1squeeze2_i386.deb
nut-xml_2.4.3-1.1squeeze2_i386.deb
to main/n/nut/nut-xml_2.4.3-1.1squeeze2_i386.deb
nut_2.4.3-1.1squeeze2.diff.gz
to main/n/nut/nut_2.4.3-1.1squeeze2.diff.gz
nut_2.4.3-1.1squeeze2.dsc
to main/n/nut/nut_2.4.3-1.1squeeze2.dsc
nut_2.4.3-1.1squeeze2_i386.deb
to main/n/nut/nut_2.4.3-1.1squeeze2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 675...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Arnaud Quette <aque...@debian.org> (supplier of updated nut package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 30 May 2012 13:38:46 +0200
Source: nut
Binary: nut nut-cgi nut-snmp nut-hal-drivers nut-xml nut-powerman-pdu
libupsclient1 libupsclient1-dev
Architecture: source i386
Version: 2.4.3-1.1squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Arnaud Quette <aque...@debian.org>
Changed-By: Arnaud Quette <aque...@debian.org>
Description:
libupsclient1 - network UPS tools - client library
libupsclient1-dev - network UPS tools - development files
nut - network UPS tools - core system
nut-cgi - network UPS tools - web interface
nut-hal-drivers - network UPS tools - HAL interface
nut-powerman-pdu - network UPS tools - PowerMan PDU driver
nut-snmp - network UPS tools - SNMP driver
nut-xml - network UPS tools - XML/HTTP driver
Closes: 675203
Changes:
nut (2.4.3-1.1squeeze2) stable-security; urgency=high
.
* debian/control, debian/rules, debian/patches/*: enable dpatch again
* debian/patches/0001-fix_CVE-2012-2944.patch: Fix CVE-2012-2944,
which expose upsd to remote crashes. (Closes: #675203)
Checksums-Sha1:
411e0725ad04c132c97771e8c168b5f6599bb141 1573 nut_2.4.3-1.1squeeze2.dsc
3a09b09c03df7e8b12f70576fd703e65d1cf7b06 1154503 nut_2.4.3.orig.tar.gz
792772fcb69af96a5aa103c2242b5281539d5a48 33544 nut_2.4.3-1.1squeeze2.diff.gz
2a6b96257bc206f66674d20f6d30cc3be7eefc40 1214478 nut_2.4.3-1.1squeeze2_i386.deb
2d8af9406b781a0b74322f5b429d4fd70add3d1c 78116
nut-cgi_2.4.3-1.1squeeze2_i386.deb
e3c96f5516028508cc86e6a4abaecc2fe96e8e19 63714
nut-snmp_2.4.3-1.1squeeze2_i386.deb
9731019e0ce3338ee225cc0cc9238eb13953c3a3 141282
nut-hal-drivers_2.4.3-1.1squeeze2_i386.deb
6d35947e7c7bfacbccc03154e698ff35df6030d8 59958
nut-xml_2.4.3-1.1squeeze2_i386.deb
5de6017a85cefad66f81527208965299e8523738 52048
nut-powerman-pdu_2.4.3-1.1squeeze2_i386.deb
f5db51d99d32d99f635747a993943cfea0f2d8e0 42078
libupsclient1_2.4.3-1.1squeeze2_i386.deb
2d99570c6e95b76bd3a2cb2c6bf9e8e6d6d1c4bd 55560
libupsclient1-dev_2.4.3-1.1squeeze2_i386.deb
Checksums-Sha256:
9631006596c488e0e98f99a2591c52ba1577e8671a01b7920882857a0d455f13 1573
nut_2.4.3-1.1squeeze2.dsc
d3b701f21f1e049abb5df94ee9805fce86fe57a876c3bb41217558a846a49335 1154503
nut_2.4.3.orig.tar.gz
f3e3386b8685bcf0ceb62b21001a5429959dea0e7b4c44a2e60f4df378b8085f 33544
nut_2.4.3-1.1squeeze2.diff.gz
e096afaea0d0ea79732da9dbd05e0e88830f816f400b20074a2e5cd1c681fd20 1214478
nut_2.4.3-1.1squeeze2_i386.deb
51a65aceb5b40a527630158afa73868f5f5cc4ef5cd044e8cbc913dad0f8f20d 78116
nut-cgi_2.4.3-1.1squeeze2_i386.deb
5db0c67ef0f9f0de7b92a1aa3c9c9c615acadcc1aa8b7d5bf8c2cb8a2436410f 63714
nut-snmp_2.4.3-1.1squeeze2_i386.deb
7c379eeb2cb48034170e12936982266c508de9f9e46d3c77d641d7793d37aba1 141282
nut-hal-drivers_2.4.3-1.1squeeze2_i386.deb
817fa74d4852b374b3f9d117e1a95db6059c297af7219a228a3492be26d7458c 59958
nut-xml_2.4.3-1.1squeeze2_i386.deb
f9e0806962f34803f80616a3b167f9f6a5739f43e5769665b8959d84e4c1281d 52048
nut-powerman-pdu_2.4.3-1.1squeeze2_i386.deb
4dbcda9b30222a9456f64821b0ce99c9d16d09bca5f352d31d8176458f85476d 42078
libupsclient1_2.4.3-1.1squeeze2_i386.deb
582fa099f92cf0647a7ad23d534b1a799d0e352a73c8073a3eb37bf0407fa356 55560
libupsclient1-dev_2.4.3-1.1squeeze2_i386.deb
Files:
69f65beac439c52f413bbf7c2e4f15fd 1573 admin optional nut_2.4.3-1.1squeeze2.dsc
6f893b61b07915e7a139324fa3f79121 1154503 admin optional nut_2.4.3.orig.tar.gz
f9a4972545b8ffe40032c5a4f714ea1b 33544 admin optional
nut_2.4.3-1.1squeeze2.diff.gz
2d4e08ad091ee1083a643ed8b474a196 1214478 admin optional
nut_2.4.3-1.1squeeze2_i386.deb
bfff76c2a05cf54e1e53e0cda604f286 78116 admin optional
nut-cgi_2.4.3-1.1squeeze2_i386.deb
af8f11a7796d6902bfa462be0040a65a 63714 admin optional
nut-snmp_2.4.3-1.1squeeze2_i386.deb
e71b8f899bcb1c3cf43497eff0b28c97 141282 admin optional
nut-hal-drivers_2.4.3-1.1squeeze2_i386.deb
d65adce505fdbc28a0168ea1efd2146e 59958 admin optional
nut-xml_2.4.3-1.1squeeze2_i386.deb
e6ae02e9ee62d12d059864a946e6e667 52048 admin optional
nut-powerman-pdu_2.4.3-1.1squeeze2_i386.deb
02451f689cd58e25bdf14762bb82cf54 42078 admin optional
libupsclient1_2.4.3-1.1squeeze2_i386.deb
0f3b1fb74e08f68e63920fe1d84c62e1 55560 libdevel optional
libupsclient1-dev_2.4.3-1.1squeeze2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk/GZW8ACgkQ22QUyiBN3xurzACfWyv8Vdzw016D9voO8/emwHgn
W8kAoJ4I8o0pFrb1SchgyGzQIQWKL4Rl
=jq+A
-----END PGP SIGNATURE-----
--- End Message ---
