Your message dated Thu, 10 Oct 2013 18:04:03 +0000 with message-id <e1vukah-0001jm...@franck.debian.org> and subject line Bug#722306: fixed in torque 2.4.16+dfsg-1.1 has caused the Debian Bug report #722306, regarding torque: CVE-2013-4319: privilege escalation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 722306: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722306 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: torque Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for torque. CVE-2013-4319[0]: Torque privilege escalation Upstream announce[1] contains also a patch. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [1] http://security-tracker.debian.org/tracker/CVE-2013-4319 [1] http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: torque Source-Version: 2.4.16+dfsg-1.1 We believe that the bug you reported is fixed in the latest version of torque, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 722...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated torque package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 07 Oct 2013 07:09:57 +0200 Source: torque Binary: torque-common torque-server torque-pam torque-scheduler torque-client torque-mom torque-client-x11 libtorque2 libtorque2-dev Architecture: source amd64 Version: 2.4.16+dfsg-1.1 Distribution: unstable Urgency: low Maintainer: Morten Kjeldgaard <m...@bioxray.au.dk> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libtorque2 - shared library for Torque client and server libtorque2-dev - header files for libtorque2 torque-client - command line interface to Torque server torque-client-x11 - GUI for torque clients torque-common - Torque Queueing System shared files torque-mom - job execution engine for Torque batch system torque-pam - PAM module for PBS MOM nodes torque-scheduler - scheduler part of Torque torque-server - PBS-derived batch processing server Closes: 722306 Changes: torque (2.4.16+dfsg-1.1) unstable; urgency=low . * Non-maintainer upload. * Add CVE-2013-4319.patch. CVE-2013-4319: remote arbitrary command execution as root on cluster by a non-priviledged user who is able to run jobs or login to a node which runs pbs_server or pbs_mon. (Closes: #722306) Checksums-Sha1: c9d4640afca0f19cfd263235eacd14fd660a5451 2586 torque_2.4.16+dfsg-1.1.dsc 59f199eb8bc4e3b813b5d618a4215bb34451c5a1 17874 torque_2.4.16+dfsg-1.1.debian.tar.gz e9fa71554d7b8f460527dc84d749bccf1f24e6d6 40212 torque-common_2.4.16+dfsg-1.1_amd64.deb 07f43c8d3d71238da51cd694d3b6c8ac3fb81f49 171246 torque-server_2.4.16+dfsg-1.1_amd64.deb dcba3cf8ccc230e98e1c2bdd14f8ffd8273e4d84 36898 torque-pam_2.4.16+dfsg-1.1_amd64.deb 4ecce27ef84a4658d2e860d84af123c484018434 86826 torque-scheduler_2.4.16+dfsg-1.1_amd64.deb c4c311c18dd4241e64850f159d382ec3d6b9842b 331126 torque-client_2.4.16+dfsg-1.1_amd64.deb d292f1b999eaeb3e30b47285dee77482b8cea299 176058 torque-mom_2.4.16+dfsg-1.1_amd64.deb 5563f63a0951b8fb747bb6215c879a6694885caf 478334 torque-client-x11_2.4.16+dfsg-1.1_amd64.deb a7872660084f67acefd8d5329d37f4fa88100acd 104304 libtorque2_2.4.16+dfsg-1.1_amd64.deb 5275afdf80ec50cfba083e142d7c4f78bb3b64ab 45980 libtorque2-dev_2.4.16+dfsg-1.1_amd64.deb Checksums-Sha256: ad0cd47ea766654687178e25acbb91850104d5fe10f6b11a3f902c18706b12bf 2586 torque_2.4.16+dfsg-1.1.dsc eb3dfbbb1b4fb0e461f2414944a83c8ddf49a858e1ebc1a35257fa7499f8364a 17874 torque_2.4.16+dfsg-1.1.debian.tar.gz 03b37ce539c655b0690d0e92d70e1a32276a2f68889cbae3f2223a24fa9c7b05 40212 torque-common_2.4.16+dfsg-1.1_amd64.deb 2f33497b5d20e0120040691bdb8afd2680e797549f684852c49e724275095bb9 171246 torque-server_2.4.16+dfsg-1.1_amd64.deb e818250317681c6dd82a5f57ec3cdcb3ed4c47d86a7ea16a933d24fc2a09e8e2 36898 torque-pam_2.4.16+dfsg-1.1_amd64.deb 88c0914ac41875ff6fc9786bf3cad80ae6640e2d3e5a5101bf8ce63fa3bb521c 86826 torque-scheduler_2.4.16+dfsg-1.1_amd64.deb 6ffb83ad43faa119f1d98b67137205c49e468a103e9644321edb8c8431f6bd76 331126 torque-client_2.4.16+dfsg-1.1_amd64.deb aed904495b7dd0b82dc8c180e4296589d369ea631ca74a24e4900c0685b5946c 176058 torque-mom_2.4.16+dfsg-1.1_amd64.deb c980e7b54951d9b7191b68cfe7ee41d2bbe5b09a2bb693f752f613dc16d858e0 478334 torque-client-x11_2.4.16+dfsg-1.1_amd64.deb 3ef1029b697cd1bbec4a7ac85b7e39e57a46a596590d97f456af87817cc95e4b 104304 libtorque2_2.4.16+dfsg-1.1_amd64.deb 5cbd061f3971e3aca2bfef1e2615a95a451aff0c029fad97927821f8ef1dc09a 45980 libtorque2-dev_2.4.16+dfsg-1.1_amd64.deb Files: ae67bfbd9c91a41779f2d96a1957e89a 2586 net optional torque_2.4.16+dfsg-1.1.dsc 139eeb3b2ab5515b9391afe2b19ca5fd 17874 net optional torque_2.4.16+dfsg-1.1.debian.tar.gz e57b73a701ed0c20622deb5a23cb63f8 40212 utils optional torque-common_2.4.16+dfsg-1.1_amd64.deb d3a05b2574ad3d343f71461d246db2e8 171246 utils optional torque-server_2.4.16+dfsg-1.1_amd64.deb 5256d1fca0d3b4c3d68ded3b9d2417d5 36898 utils optional torque-pam_2.4.16+dfsg-1.1_amd64.deb 22b9e01127170228ede140cd9bc38490 86826 net optional torque-scheduler_2.4.16+dfsg-1.1_amd64.deb 35b28c8a231a64e5054ea1e11f861f83 331126 utils optional torque-client_2.4.16+dfsg-1.1_amd64.deb d4800ea789b746fa2ad1c4f37379a489 176058 utils optional torque-mom_2.4.16+dfsg-1.1_amd64.deb e59330a6f4801967a950f046bc08c5c7 478334 x11 optional torque-client-x11_2.4.16+dfsg-1.1_amd64.deb 5c27c2e4fb968cf756a7155fa061cdbb 104304 libs optional libtorque2_2.4.16+dfsg-1.1_amd64.deb 3abb8f6cd63d2ad51143a0fedbfbf168 45980 libdevel optional libtorque2-dev_2.4.16+dfsg-1.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBCgAGBQJSVEIuAAoJEAVMuPMTQ89ERwUP/1U7t3DcOrVVDzkHpXg2nyLb ewKDpP/Ei4orqG0Sy2AomZ1ck5AJ/vm47kaRJ1+BdpiHfQYaUMzxf6ads8/lHt41 JmdJp58cGwB1dzTd+8xUTfm1KFYKl6f2kPeHDdIKD9h6eP0zZtQ1IsSDGeh7j22v LFnPZKElAcRtcJFpyDk+vQqoBGqPOQqeSDE+e5xP9a3i1M3drxQuh5QY3j/qZJfc CHyD/IJruxUv+xxZwZoswtq/6ICl1YESWSaPxfPcJ6x7EMBadgvFUuYQlkwk4J3E IPSLZi8q5AluN8OhTwL+vNY6HR+r6ojedPAB9A503N1/HdxDxN/7FgG1aZbQhgZf x2FdqITROaxeAoxSXC+zk1ltUHYlhZDsRd62Ux5lfTJUA+Ij/Y2PD8TkYzWp325Q IbJjYPP8XdeufTxDVDnAf7/2YD85teTgDuow72ShxJHpqR2g1H+L30I6VcTLXA2Z PjKEbfGgF/NZyfCTnPFUXgxyc4VKkTqrL6rnGljFCoCEhzKwVFP6jaKpJNAXbSeo mgPmLVGe+TNuiOlLBwwErraQ6Y/2Ihy/eYDacgJqlAf4YMHfEL4CLEC9T4QNFTHr /PbXzDXFRw+MYGagXrK7yraJw59wfh2aSgdlKugmrg9oTpQxNgF5oB+v5lD/lpVt 4uhSDcli32m9NZK53DKa =5vYK -----END PGP SIGNATURE-----
--- End Message ---
