Bug#697375: marked as done (rpm: CVE-2012-6088)

[Debian Bug Tracking System]

Your message dated Sat, 05 Jan 2013 23:17:45 +0000
with message-id <e1trczp-0000u1...@franck.debian.org>
and subject line Bug#697375: fixed in rpm 4.10.1-2.1
has caused the Debian Bug report #697375,
regarding rpm: CVE-2012-6088
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697375: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697375
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: rpm
Severity: grave
Tags: security
Justification: user security hole

This was assigned CVE-2012-6088:
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43e7424bc8bf95f5e031446ecb6b08381e8

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: rpm
Source-Version: 4.10.1-2.1

We believe that the bug you reported is fixed in the latest version of
rpm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated rpm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 05 Jan 2013 13:06:25 +0100
Source: rpm
Binary: rpm rpm2cpio rpm-common rpm-i18n librpm-dbg librpm3 librpmio3 
librpmbuild3 librpmsign1 librpm-dev python-rpm
Architecture: source amd64 all
Version: 4.10.1-2.1
Distribution: unstable
Urgency: low
Maintainer: Michal Čihař <ni...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description: 
 librpm-dbg - debugging symbols for RPM
 librpm-dev - RPM shared library, development kit
 librpm3    - RPM shared library
 librpmbuild3 - RPM build shared library
 librpmio3  - RPM IO shared library
 librpmsign1 - RPM signing shared library
 python-rpm - Python bindings for RPM
 rpm        - package manager for RPM
 rpm-common - common files for RPM
 rpm-i18n   - localization and localized man pages for rpm
 rpm2cpio   - tool to convert RPM package to CPIO archive
Closes: 697375
Changes: 
 rpm (4.10.1-2.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Add 0001-Ensure-correct-return-code-on-malformed-signature-in.patch
     [SECURITY] CVE-2012-6088: Ensure correct return code on malformed
     signature in packages. Patch cherry-picked from upstream git repository.
     (Closes: #697375)
Checksums-Sha1: 
 7e28fa2f97f1d38a6b154ca7cc42f3dba3a0dc65 2698 rpm_4.10.1-2.1.dsc
 3256f354d2e338e9f37599c1dabcab8cfcf3181c 36282 rpm_4.10.1-2.1.debian.tar.gz
 aad1843e3a56e25d23dc9369cb752e3311c25ff5 1076690 rpm_4.10.1-2.1_amd64.deb
 8fd2154c59672f5670021a7a42091fba97add33e 929214 rpm2cpio_4.10.1-2.1_amd64.deb
 4eca73b66244164473141d8725e379444eb3475c 949150 rpm-common_4.10.1-2.1_amd64.deb
 2e178cdd3bbdf2ede006aa1f60ff13e9b3edce62 1445578 rpm-i18n_4.10.1-2.1_all.deb
 59665b99fdf2768c8672dc00d4cc41f1620acb7d 2323726 
librpm-dbg_4.10.1-2.1_amd64.deb
 7d8f3d3fb706df8b210ad7d414108a42b857d215 1108278 librpm3_4.10.1-2.1_amd64.deb
 94a023231319d629afc251ea4fb74e9f5371312a 1002770 librpmio3_4.10.1-2.1_amd64.deb
 fb93c1d454ba2b7af90f4a0a861b7aaa83803376 993668 
librpmbuild3_4.10.1-2.1_amd64.deb
 46eb3ee6a73b422816cccb37ae44212d6a20f754 932870 
librpmsign1_4.10.1-2.1_amd64.deb
 77b0b69a7e3da28b438d896a2698b9ae94c2eecc 985984 librpm-dev_4.10.1-2.1_amd64.deb
 2157e2d02967493ce0c58033174e9bf8fd572fda 1006768 
python-rpm_4.10.1-2.1_amd64.deb
Checksums-Sha256: 
 e045b31450953542e70d4aa1fdaa4688721dde73b7ea379301b94a4c19a9f42d 2698 
rpm_4.10.1-2.1.dsc
 12d0fbd5324c60d8b3bf41bb777f682a71d8bc10e90971af6b48361a39205dfa 36282 
rpm_4.10.1-2.1.debian.tar.gz
 fa5d7f40d3b96b47ea5850873934e244a9bfcb2dead384a4aed921d9ca3b1b69 1076690 
rpm_4.10.1-2.1_amd64.deb
 cf27e1f6c1edd5141a905958b91f3ea591176bf73e2164483aa2cea42ffc5cb7 929214 
rpm2cpio_4.10.1-2.1_amd64.deb
 15de4c5d56e46e58d4419e039353e218a61c789bb0fe6931e46b85b008d42905 949150 
rpm-common_4.10.1-2.1_amd64.deb
 f4380105decbe8bdcee5fd817003740dd4b9d8cd294acc6d06f0054c42f1f35c 1445578 
rpm-i18n_4.10.1-2.1_all.deb
 837b5569054b4629963347b07ea74e05d1d10b0b0ea00af9adfdc33d19c97a8e 2323726 
librpm-dbg_4.10.1-2.1_amd64.deb
 ec633f90261f83b0fcf271109da85bf68f0671d20d59172b26e63cfafa18ffb1 1108278 
librpm3_4.10.1-2.1_amd64.deb
 a94ff401d3440051823f2c0facbeb134ee43f204a864cbcc622a0856ebd53091 1002770 
librpmio3_4.10.1-2.1_amd64.deb
 d96b78c76203ab7f8c1df6c4e7ac6b1b69d84742b766fe152cf6207fba863e05 993668 
librpmbuild3_4.10.1-2.1_amd64.deb
 1efef1e0413fcdc9322e3449dc767ab3140004fbacbb06d37f5dcfbbaae84082 932870 
librpmsign1_4.10.1-2.1_amd64.deb
 fcfff9aececa644e7091a1d65b4bbae67d81988b2c9cdcfefee072b87db76845 985984 
librpm-dev_4.10.1-2.1_amd64.deb
 91a79d329ed68560a9cdeda9af69a532d5c2597b70052b8a2dcf56d93c806f91 1006768 
python-rpm_4.10.1-2.1_amd64.deb
Files: 
 4fcbf8f7f4baf377261508e406bc2807 2698 admin optional rpm_4.10.1-2.1.dsc
 968b10d34ce7b3b86fd8d3debc2c5dfd 36282 admin optional 
rpm_4.10.1-2.1.debian.tar.gz
 296af3affe14217ba358afcfbf20d66f 1076690 admin optional 
rpm_4.10.1-2.1_amd64.deb
 6e1ac10e2c6f911baaf375d65d19a6eb 929214 admin optional 
rpm2cpio_4.10.1-2.1_amd64.deb
 bbec01eb88c8a439fcffd8e0ac55ac91 949150 admin optional 
rpm-common_4.10.1-2.1_amd64.deb
 f24c229d55bcd9b20ac2090bc401ae56 1445578 localization optional 
rpm-i18n_4.10.1-2.1_all.deb
 009def86abc27ca3632da1f4ffd6e910 2323726 debug extra 
librpm-dbg_4.10.1-2.1_amd64.deb
 e862c8fc7199bf954c0b64ae92a8c38f 1108278 libs optional 
librpm3_4.10.1-2.1_amd64.deb
 966732279138555fc54006301337e6ca 1002770 libs optional 
librpmio3_4.10.1-2.1_amd64.deb
 fc0caa8b67c9c70a1f7ed0b7e85d23e9 993668 libs optional 
librpmbuild3_4.10.1-2.1_amd64.deb
 50091927be9a05e3e6038713785989a5 932870 libs optional 
librpmsign1_4.10.1-2.1_amd64.deb
 65a7ad1a2a76643449bba7a40db8173f 985984 libdevel extra 
librpm-dev_4.10.1-2.1_amd64.deb
 3da37b2a3caa271a1ea132f77aa7676d 1006768 python extra 
python-rpm_4.10.1-2.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ6K/BAAoJEHidbwV/2GP+0CYQAI5S0pcCvcYgCDrFq9YMj1ds
iye+xLd5kQJ5eLOkJnS02fIZDE21GbddLkFdcv9MImIeK5U89KdkkRfup1CSJoLF
K2K8V6u5VZk9vQGU5FCHRXwCk7Vvaj/dqwpu43LhyxQS+EZEBpvAHs+VLnyeJBQN
3aBpoLKL8c/Wop3gQ5nWunBzImXdgoHqX9eHGGftDX10n8ReBDTxwLrA3hasssaw
RWvDN/a3OfaHeNl4mb/cq6oFvLZb3tXw4R39yeonnn4hwpwnYJYqLHR9cGYEx3Bj
cSHL+x0isNUOa8LnZGshoHyYolzaSQoci0MWz8j+uJY+TL4puV7FE4lE1AGmhZdM
9njrRO3kvm3apDndh+82NlmzqDJBPCK4Fbn0756SDLEaq77flIY+z0JOCj/qHMMr
YufxpZA4iKokR4B1N1WD/OLrtXwni9Mx4O30xMqgrT6zi7/bHyywxCN3D8wP+4tH
wofl4DReaFmC9pRGYdnXxE8cwbGwzAkwa0j/7ml+sGhNGVrFf9jTUCZdH0Fht6Yg
DHXXWmYOCU2rSKZiw3dEKP7I4cCc+cKODJhYT0h89BAgaoxMuO05XyQg0ptE5hW3
NlzEtoSvgbqe+DauxGklm9J3GeE6PX++onsv+OzbARuZ/jhih1VFGMQslr8fJNEn
oTOIixWPeaJhBBlWSLZc
=VwzX
-----END PGP SIGNATURE-----

--- End Message ---