Bug#697375: marked as done (rpm: CVE-2012-6088)

[Debian Bug Tracking System]

Your message dated Sun, 06 Jan 2013 14:49:27 +0000
with message-id <e1trrxt-0004w7...@franck.debian.org>
and subject line Bug#697375: fixed in rpm 4.10.0-5+deb7u1
has caused the Debian Bug report #697375,
regarding rpm: CVE-2012-6088
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697375: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697375
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: rpm
Severity: grave
Tags: security
Justification: user security hole

This was assigned CVE-2012-6088:
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43e7424bc8bf95f5e031446ecb6b08381e8

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: rpm
Source-Version: 4.10.0-5+deb7u1

We believe that the bug you reported is fixed in the latest version of
rpm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated rpm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 05 Jan 2013 13:11:49 +0100
Source: rpm
Binary: rpm rpm2cpio rpm-common rpm-i18n librpm-dbg librpm3 librpmio3 
librpmbuild3 librpmsign1 librpm-dev python-rpm
Architecture: source amd64 all
Version: 4.10.0-5+deb7u1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Michal Čihař <ni...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description: 
 librpm-dbg - debugging symbols for RPM
 librpm-dev - RPM shared library, development kit
 librpm3    - RPM shared library
 librpmbuild3 - RPM build shared library
 librpmio3  - RPM IO shared library
 librpmsign1 - RPM signing shared library
 python-rpm - Python bindings for RPM
 rpm        - package manager for RPM
 rpm-common - common files for RPM
 rpm-i18n   - localization and localized man pages for rpm
 rpm2cpio   - tool to convert RPM package to CPIO archive
Closes: 697375
Changes: 
 rpm (4.10.0-5+deb7u1) testing-proposed-updates; urgency=low
 .
   * Non-maintainer upload.
   * Add 0001-Ensure-correct-return-code-on-malformed-signature-in.patch
     [SECURITY] CVE-2012-6088: Ensure correct return code on malformed
     signature in packages. Patch cherry-picked from upstream git repository.
     (Closes: #697375)
Checksums-Sha1: 
 524dffa096d3d7173f9667d1f718001194fc5414 2718 rpm_4.10.0-5+deb7u1.dsc
 58f42356f2f4c681d50d93e863950aee14dbc9d6 36138 
rpm_4.10.0-5+deb7u1.debian.tar.gz
 a371f5e8158df9a951f628f5a345ac98455c9ec9 1066956 rpm_4.10.0-5+deb7u1_amd64.deb
 b2a9f57c5a19e217c5397e1edded5466e51ba04e 922646 
rpm2cpio_4.10.0-5+deb7u1_amd64.deb
 94aebe22870cec3341de3f83b732241a44672b06 941966 
rpm-common_4.10.0-5+deb7u1_amd64.deb
 91048891d509fe6ce1348d564f5ca5984daba3b6 1439802 
rpm-i18n_4.10.0-5+deb7u1_all.deb
 27945207c66155a4784c8f3d7884b43793fbad26 2316658 
librpm-dbg_4.10.0-5+deb7u1_amd64.deb
 2e7950b43c31b80879e4d4631b827554e15e6a90 1101254 
librpm3_4.10.0-5+deb7u1_amd64.deb
 b4c7fb57aa917cac05045825cfdd737b7fac248a 996742 
librpmio3_4.10.0-5+deb7u1_amd64.deb
 73f5ed9110655d8640900b7a064a095c9ca4d32f 987116 
librpmbuild3_4.10.0-5+deb7u1_amd64.deb
 3e11d7cefe50624ff6bc3bccdb92be5172665bbf 926316 
librpmsign1_4.10.0-5+deb7u1_amd64.deb
 f8c0133296522bbbd5093708d040e1814c518862 978668 
librpm-dev_4.10.0-5+deb7u1_amd64.deb
 60f683147a1cc25c490dc6cd5bf92e5de05fea8d 999804 
python-rpm_4.10.0-5+deb7u1_amd64.deb
Checksums-Sha256: 
 87b14ea39476c764da3a5dab04398b28f84583d06cb91702641eb99847c8105b 2718 
rpm_4.10.0-5+deb7u1.dsc
 182f8bb4d480b497a71c84a33761f4e43eda1dee0d7efca079e0c9ee07c7fbcb 36138 
rpm_4.10.0-5+deb7u1.debian.tar.gz
 f75003b6507247995a26161f2701524d826787538eb9471ca1bcd16023ea1d2a 1066956 
rpm_4.10.0-5+deb7u1_amd64.deb
 6cbe3647a3dfc81e7147abacf8aff38fb31f4b17db155a690e03dd90482a2795 922646 
rpm2cpio_4.10.0-5+deb7u1_amd64.deb
 9d5de8e2ac87dc7edc7bee309d21a55d80d8e7070d6b3898074fc79a596a7ced 941966 
rpm-common_4.10.0-5+deb7u1_amd64.deb
 9b38c522cee4db7c7bf6ceb12da7eeea117a4bff4dcdd528276b9c297dbf3d25 1439802 
rpm-i18n_4.10.0-5+deb7u1_all.deb
 dceadb20e9887b611924b661bb9596ec648525b96f334250b3aba9cbcf955431 2316658 
librpm-dbg_4.10.0-5+deb7u1_amd64.deb
 c43e10b867beaaf51874e68f99333c497a56b1072f36b39ea6e46ce432e60caf 1101254 
librpm3_4.10.0-5+deb7u1_amd64.deb
 33f3445dfea287c7f87adcb1d3f04c5efeb7de8bf52e2a53fb1412f466562022 996742 
librpmio3_4.10.0-5+deb7u1_amd64.deb
 003567f88788176df16d4c9c5bbda50870671b2f0c2e6bd548825233364d648d 987116 
librpmbuild3_4.10.0-5+deb7u1_amd64.deb
 fd99b175d08426a30cea3a29fc1d90cd7460d1a1bf4ca9cc7dc0f0ae70f86029 926316 
librpmsign1_4.10.0-5+deb7u1_amd64.deb
 00a0eafa5232ad7a9f07e2e4ea1bec3b0ed0131fad65bd186ad3691eb23b0b76 978668 
librpm-dev_4.10.0-5+deb7u1_amd64.deb
 835d488acceabcf53db8020c7c5f02041d20e653823004ecf3b9461c13a0f952 999804 
python-rpm_4.10.0-5+deb7u1_amd64.deb
Files: 
 80039ef3bb44f3234ba70ded463a82f8 2718 admin optional rpm_4.10.0-5+deb7u1.dsc
 8af82a6fb07a9e9252a889971ad4083b 36138 admin optional 
rpm_4.10.0-5+deb7u1.debian.tar.gz
 6f053445f22626706e06e1ded8b899b2 1066956 admin optional 
rpm_4.10.0-5+deb7u1_amd64.deb
 dc4e9f08288c4dd4dbc1fb7807bddd85 922646 admin optional 
rpm2cpio_4.10.0-5+deb7u1_amd64.deb
 1effe25d4b7112434669c2367fdd8d28 941966 admin optional 
rpm-common_4.10.0-5+deb7u1_amd64.deb
 f4551ad76f6874019a36971ad86a0271 1439802 localization optional 
rpm-i18n_4.10.0-5+deb7u1_all.deb
 8b81a4011a96517c100597830757686f 2316658 debug extra 
librpm-dbg_4.10.0-5+deb7u1_amd64.deb
 adccada5656a948b0ed74fb1ec789477 1101254 libs optional 
librpm3_4.10.0-5+deb7u1_amd64.deb
 d6745f1ec5ebb560633d821796f73ddc 996742 libs optional 
librpmio3_4.10.0-5+deb7u1_amd64.deb
 4abf9c2b0abbe1a575764c14170d15f5 987116 libs optional 
librpmbuild3_4.10.0-5+deb7u1_amd64.deb
 885d240c52e15d87e6532e0568a5f6c2 926316 libs optional 
librpmsign1_4.10.0-5+deb7u1_amd64.deb
 3510a00f7785b91591a160771ce75582 978668 libdevel extra 
librpm-dev_4.10.0-5+deb7u1_amd64.deb
 eaefde55c9b8b8c2f8fb2ffaea5a2095 999804 python extra 
python-rpm_4.10.0-5+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ6YiNAAoJEHidbwV/2GP+BAQP+QFp7fJj5iQI/mvA4qwd2PcB
4AmREUBmpQ1izOMB9udcFc1/znei96ib6Y9F21uSUeOnCgctZYjvjfq5bje+cZqG
Ni4WBwUcB+6dqBgEjlm1X4l1BttPB7MX/wHt0o/rEVd3+HTEffO2glTYbsLUdXo2
WJubmL2HxcXi2etgheqlF86vtJxpcigwNb9b/es1pyQ+njkcsr9PlmXFprkgf/kh
M9uzFUT8iHzlb0kUp2PBfb6HM283LvbZEPZeyNhB8Z9XAsQfH5v1lq1hWFjuElxx
UQq5oKDI+AUuXNls2WY+Nmo2echRYcS9dDH3Kkji8t9bgYfbCiTbnlfP5tNHdDMp
3N5wiIydLPb1Z7ZCgm6y7sJm1YwHuqMwRB2N2mq0XklGQdz39FSz9RvBuWYNtLQJ
U1gNijliAOwOol1/yoVWIqF9M1fvJ/kRH+pn2TS6KR3W2ZphJz57NOvA4hpVSUYm
SqneOC06PQiQQMX8/SuoId9fKT5vohl6gFumfN6alVxlFZLfcm9GSsJCzDlPfINK
tMi8iTHi6ezUyzP3sJWP3d8/4hDUv267FOMu22wDZfX7S8T4ibmO2sBG3NhK/CyH
E2NZS9KHByqgbwMSv81OGWjCjOVGsM25CYn42Eozdkx64uBwelcSzmGOmbqxvKpo
Ng0kQd1jITZEs7wrXSBZ
=g0oS
-----END PGP SIGNATURE-----

--- End Message ---