Your message dated Sat, 22 Sep 2012 07:47:45 +0000 with message-id <e1tfkrf-0002zn...@franck.debian.org> and subject line Bug#688210: fixed in condor 7.8.4~dfsg.1-1 has caused the Debian Bug report #688210, regarding condor: Multiple security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 688210: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: condor Severity: grave Tags: security Justification: user security hole Please see here for details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3490 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3491 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3493 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: condor Source-Version: 7.8.4~dfsg.1-1 We believe that the bug you reported is fixed in the latest version of condor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 688...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Hanke <m...@debian.org> (supplier of updated condor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 21 Sep 2012 20:56:32 +0200 Source: condor Binary: condor condor-dev condor-doc condor-dbg libclassad-dev libclassad3 Architecture: source amd64 all Version: 7.8.4~dfsg.1-1 Distribution: experimental Urgency: low Maintainer: Condor Developers <condor-deb...@cs.wisc.edu> Changed-By: Michael Hanke <m...@debian.org> Description: condor - distributed workload management system condor-dbg - distributed workload management system - debugging symbols condor-dev - distributed workload management system - development files condor-doc - distributed workload management system - documentation libclassad-dev - Condor classads expression language - development library libclassad3 - Condor classads expression language - runtime library Closes: 685892 688210 Changes: condor (7.8.4~dfsg.1-1) experimental; urgency=low . * New upstream bug fix release (missed 7.8.3). This release addresses four security-related issues, as well as numerous other bug fixes (Closes: #688210): - Security Item: Some code that was no longer used was removed. The presence of this code could expose information which would allow an attacker to control another user's job. (CVE-2012-3493) - Security Item: Some code that was no longer used was removed. The presence of this code could have lead to a Denial-of-Service attack which would allow an attacker to remove another user's idle job. (CVE-2012-3491) - Security Item: Filesystem (FS) authentication was improved to check the UNIX permissions of the directory used for authentication. Without this, an attacker may have been able to impersonate another submitter on the same submit machine. (CVE-2012-3492) - Security Item: Although not user-visible, there were multiple updates to remove places in the code where potential buffer overruns could occur, thus removing potential attacks. None were known to be exploitable. - Security Item: Although not user-visible, there were updates to the code to improve error checking of system calls, removing some potential security threats. None were known to be exploitable. - The full changelog listing numerous additional bugs is available at http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html * Added patch to fix a FTBFS on alpha, due to missing getpid syscall. Courtesy of Michael Cree <mc...@orcon.net.nz> (Closes: #685892). Checksums-Sha1: 1e0b1fb78f47dee8056df0255a83807912bdf10c 2632 condor_7.8.4~dfsg.1-1.dsc 5d49894b62a83ffbe5ea593c5e50752442a5ad96 8162567 condor_7.8.4~dfsg.1.orig.tar.gz fcce390f5c59c8b76f62d51ca4e6aa987932beb6 85853 condor_7.8.4~dfsg.1-1.debian.tar.gz d43a4db4f1435da459491996cddbb6a52dbc2eac 5039606 condor_7.8.4~dfsg.1-1_amd64.deb 50f59dd4da715dd2a505f62a8e5e7afd859fdc15 459560 condor-dev_7.8.4~dfsg.1-1_amd64.deb c9db312f5a72c57e1018d2a6aed237dea06e4d96 1360966 condor-doc_7.8.4~dfsg.1-1_all.deb ac82b596b26a70834c6b67becd740a84e5a8b2d4 12340338 condor-dbg_7.8.4~dfsg.1-1_amd64.deb 388fac743b66148c12cc9d9661cf5f9cb7ba964f 522398 libclassad-dev_7.8.4~dfsg.1-1_amd64.deb 2aba39f2891ad94bfdb6eb2a510734cec80e5c70 283298 libclassad3_7.8.4~dfsg.1-1_amd64.deb Checksums-Sha256: f274f9d9f0d8eec5865795d05d8e234a8c3e4fa8348069f8b010e6a5ae2ae564 2632 condor_7.8.4~dfsg.1-1.dsc f558d650227186d903fc4cb0b557c9c987ed28cab3d6a4334e8766f59f6e4947 8162567 condor_7.8.4~dfsg.1.orig.tar.gz 72853167b357e9702a8bcaec725cafe20668b2e50fe9be0903277c9d7fd4612d 85853 condor_7.8.4~dfsg.1-1.debian.tar.gz 7f9a948802d7dedd80103567db5ae3218b76ada970610fad1d93bc20bf65d106 5039606 condor_7.8.4~dfsg.1-1_amd64.deb b259b3a8842ed79fc9f7a9ff30ede88542d2f176eb698eab625c422f0571c66d 459560 condor-dev_7.8.4~dfsg.1-1_amd64.deb 2299d59bcc14e23d663dbe166585b26ed7bbe1765a7402b8747104cef9900248 1360966 condor-doc_7.8.4~dfsg.1-1_all.deb 82d82b8e4dd83dc026d860cbfb53234595c09cf6a0355e45088c3925c2e72f9e 12340338 condor-dbg_7.8.4~dfsg.1-1_amd64.deb 58e4d3af52c1421e654b6cdfcbcf70da3c6e3b8b197534a532a78039d95b48c4 522398 libclassad-dev_7.8.4~dfsg.1-1_amd64.deb 440979af3b67df1a985c9feca65388ecb9c6efd0b20d5b557da3a0d5f19a9105 283298 libclassad3_7.8.4~dfsg.1-1_amd64.deb Files: 965e3f961e0b984b4d9554072f70953a 2632 science extra condor_7.8.4~dfsg.1-1.dsc 62268c55c20baa7d81df61f29451d2df 8162567 science extra condor_7.8.4~dfsg.1.orig.tar.gz 4e21057a450369e0e76b6e74cc186d73 85853 science extra condor_7.8.4~dfsg.1-1.debian.tar.gz c088e89aa360ac1b8a0b7f077362302f 5039606 science extra condor_7.8.4~dfsg.1-1_amd64.deb cbdc2bc09f7da9e5c0c1919b1dc1024f 459560 devel extra condor-dev_7.8.4~dfsg.1-1_amd64.deb 50705a8fa1567bcea9b5e28ee01f9fd4 1360966 doc extra condor-doc_7.8.4~dfsg.1-1_all.deb cc4bf7d9e85a7d297b31ef15890c7a90 12340338 debug extra condor-dbg_7.8.4~dfsg.1-1_amd64.deb 8e671bf0eff8b3e967eff39c2752423d 522398 libdevel extra libclassad-dev_7.8.4~dfsg.1-1_amd64.deb ea644eee9d74448cf1e6678b3e2fdd7c 283298 science extra libclassad3_7.8.4~dfsg.1-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQXWpsAAoJEMBz0ih/+56bljoP/0oB/TspiOuaBwhzsgQbltNs Z+MHv673CuikMM2RRrx2MKT+U9Xes9MM6bGSbd0RfPvQIkYAs/gQFIygE9FH7hRB QE3L72UEoLaaD+A76/FzbTnxDpOyeqaVGX3AVAaMPN+NazOrW/jwEb57Im1ztk+T 7jTiqKpecfyrSK5cfIi9DpK4fFuKHtHNpUZRVK+grbG322Imx95nlZKGdiiFtXyV i9o32+6Lre1WPXQlxPNnplm61pJEBQXIMedHe9r2i7xEjU1UZIGbQRjL8Ld71HYQ w//+mT4W3KhqH1s5ivXjSJTfaOSWldwea4l+Kaef3haehJID4JmRRCEqNRQJ7wlg ilddNEvyIBexrccpd75pYcl3I/u7Z8WexEu3WtPfaJNTn0x2WDdMFQROZycDJQE/ D2xbW8iIB5eX8d5DCYjoFax6cnaAsO7hjXUgwIa+QmK0PMtKMUX05kkNsHIGcOEr u5bEqqN99J/EsMm87l73aDGqMSoQWk5R4TFSWbZCRhpHFGZGCgQZ+vsHmjLANt1B tXJNHKNsGc6m8dQI37g8ZzjFAzBOBxUoun3BtxvzX1UpFMbUX9Om3sb2VXt1hOGM g02xTOJx1gg+LN6IAqZjmvZFCZK5Q6wemtfmeF2W7QFGbucxbkBTeVdEbmBCOHYK 04y4/v5FpSCBWh/4KrKF =ezmh -----END PGP SIGNATURE-----
--- End Message ---
