Your message dated Thu, 10 Oct 2013 22:17:38 +0000 with message-id <e1vuoy6-0003hj...@franck.debian.org> and subject line Bug#722306: fixed in torque 2.4.8+dfsg-9squeeze2 has caused the Debian Bug report #722306, regarding torque: CVE-2013-4319: privilege escalation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 722306: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722306 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: torque Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for torque. CVE-2013-4319[0]: Torque privilege escalation Upstream announce[1] contains also a patch. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [1] http://security-tracker.debian.org/tracker/CVE-2013-4319 [1] http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: torque Source-Version: 2.4.8+dfsg-9squeeze2 We believe that the bug you reported is fixed in the latest version of torque, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 722...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated torque package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 08 Oct 2013 22:46:53 +0200 Source: torque Binary: torque-common torque-server torque-pam torque-scheduler torque-client torque-mom torque-client-x11 libtorque2 libtorque2-dev Architecture: source amd64 Version: 2.4.8+dfsg-9squeeze2 Distribution: squeeze-security Urgency: high Maintainer: Morten Kjeldgaard <m...@bioxray.au.dk> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libtorque2 - shared library for Torque client and server libtorque2-dev - header files for libtorque2 torque-client - command line interface to Torque server torque-client-x11 - GUI for torque clients torque-common - Torque Queueing System shared files torque-mom - job execution engine for Torque batch system torque-pam - PAM module for PBS MOM nodes torque-scheduler - scheduler part of Torque torque-server - PBS-derived batch processing server Closes: 722306 Changes: torque (2.4.8+dfsg-9squeeze2) squeeze-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2013-4319.patch. CVE-2013-4319: remote arbitrary command execution as root on cluster by a non-priviledged user who is able to run jobs or login to a node which runs pbs_server or pbs_mon. (Closes: #722306) Checksums-Sha1: 5fea230379e1d504397514dbad8cfb3a7c2b06e0 2332 torque_2.4.8+dfsg-9squeeze2.dsc 7380b04b809e1d9135ef3601d4490e498634bf1d 22713 torque_2.4.8+dfsg-9squeeze2.debian.tar.gz 7481ffd329a3b5c367239de7d35e005ceb35ff28 37822 torque-common_2.4.8+dfsg-9squeeze2_amd64.deb 652d0db2358d42c352f516f7a827e84351a23985 187352 torque-server_2.4.8+dfsg-9squeeze2_amd64.deb 1a5f35f5dfcb62c102852b42f938d72aea06bd08 34314 torque-pam_2.4.8+dfsg-9squeeze2_amd64.deb cabd7b51d33342649836a5434d6d597f6c00068f 92070 torque-scheduler_2.4.8+dfsg-9squeeze2_amd64.deb 6446b69f7d42b193a0cd6818bd6e2fdff12b716c 388018 torque-client_2.4.8+dfsg-9squeeze2_amd64.deb 6834a121fc289f53475ce0fa703b209d570a6b51 194318 torque-mom_2.4.8+dfsg-9squeeze2_amd64.deb c0eaace67c95d404cc200c76339f63c73b9e0574 641438 torque-client-x11_2.4.8+dfsg-9squeeze2_amd64.deb 958e3849fd3eaf3d11ebc2fdddbe931828545e0a 115132 libtorque2_2.4.8+dfsg-9squeeze2_amd64.deb 7ce9ca18f64e88def1651bdbd49bb7b1b93fca76 46408 libtorque2-dev_2.4.8+dfsg-9squeeze2_amd64.deb Checksums-Sha256: 1f46b0a702718fa6c09620b6549dc25abf77e2ebdb22fb730944477d6907cff5 2332 torque_2.4.8+dfsg-9squeeze2.dsc 1acb657f6cacff108ee61931ebbb571faa7c3d2deeb7e14f8fde71c6676378fe 22713 torque_2.4.8+dfsg-9squeeze2.debian.tar.gz ecf29eca863b030af321dc842fa9f8f5f38a49bb6892b5ffbd79c4649c69779b 37822 torque-common_2.4.8+dfsg-9squeeze2_amd64.deb e0bcb7b983311efdd20e35a2a9ce4bd572592ed36b847a13817f4c8e1fdbac7f 187352 torque-server_2.4.8+dfsg-9squeeze2_amd64.deb 10076fa0955112c3f17fc596855c12efb0ed46050085115e5b2dbc7b9badbab1 34314 torque-pam_2.4.8+dfsg-9squeeze2_amd64.deb 28a73457abb70e5674334b3f81f230615101e779b8aea5c4300528cf185a3ad6 92070 torque-scheduler_2.4.8+dfsg-9squeeze2_amd64.deb bf814e332d43599736e2baa186ea25443faf1b596ea04ecf4aeadb22d6422b3e 388018 torque-client_2.4.8+dfsg-9squeeze2_amd64.deb 7d44894f58565abae0164dde54293f66ceaaacda4134704d99ac99a0e3f995ae 194318 torque-mom_2.4.8+dfsg-9squeeze2_amd64.deb 62a4bfaf6d21ee5a61ec412b603efa38db6de37db1b2ebb78551b6230347366d 641438 torque-client-x11_2.4.8+dfsg-9squeeze2_amd64.deb a7de710ef6da0fa23b2f88cdf2d16f451c6f3b6c3f7035699d77505f498bd748 115132 libtorque2_2.4.8+dfsg-9squeeze2_amd64.deb 9eec7171dde60ceffd89b05b5fbc70ee8e3b44d55840ccd16d67d5c930b2b294 46408 libtorque2-dev_2.4.8+dfsg-9squeeze2_amd64.deb Files: c6638ba1187111819742e25fd40494cd 2332 net optional torque_2.4.8+dfsg-9squeeze2.dsc 7d1b85ed84040fed08ecd20804f752c7 22713 net optional torque_2.4.8+dfsg-9squeeze2.debian.tar.gz b0d49520ffda915cff2f5843f9182853 37822 utils optional torque-common_2.4.8+dfsg-9squeeze2_amd64.deb e99e3ddd83767de9ac976d6d6f48c9f5 187352 utils optional torque-server_2.4.8+dfsg-9squeeze2_amd64.deb 415293ec71db8229411174100e997e48 34314 utils optional torque-pam_2.4.8+dfsg-9squeeze2_amd64.deb a49b09206a0c22c451771d1e1d404ef8 92070 net optional torque-scheduler_2.4.8+dfsg-9squeeze2_amd64.deb 7f51688ebf0ef6ea2ef930806ce03b3c 388018 utils optional torque-client_2.4.8+dfsg-9squeeze2_amd64.deb f8e62f77118041779fb8d04856d2825e 194318 utils optional torque-mom_2.4.8+dfsg-9squeeze2_amd64.deb daefd9243a147ce536c1f6a97b7c5abf 641438 x11 optional torque-client-x11_2.4.8+dfsg-9squeeze2_amd64.deb 2dc683cbf151594247a9bdfd7ee9fc96 115132 libs optional libtorque2_2.4.8+dfsg-9squeeze2_amd64.deb 942abfe3e9d4974e6b2abd07dfa01890 46408 libdevel optional libtorque2-dev_2.4.8+dfsg-9squeeze2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBCgAGBQJSVHEMAAoJEAVMuPMTQ89Ej5EP+wR9oRQyMU0OuYhVPSb++H1+ o4XpL9282FqdUM4k3oRHM3OEY23kJ6rveTPrIwo30QD60iPdXBInInxoI9/2Ehgr gjqFW8ELO4WeboErhPr49OI8GOFMIUnicZWKRancoDGfGhWYYER/eUTbthKYBPVz 8SgotMRQtWUQPwEAjlaivszQKWBLAXle6VeeWn+jSqeR16yXHtdrXS6uCPWzyIgD LSgxpB97DLG7vjkSFf0hMnE809ZETVQWdvjS3J34RvmWWUyrlaTvLuVc18duByNk vPW9P5V93hkFSLYfM5O4TG92PN+bdGLBkKCKnpfTaupIVtkqrCJ/OYhnN1EsVPSe Bvnb44yfBSV6fPkA5ph4IEZOPU7wGrl6pqyNgIRVcyMVwtCx+qeVMDLKzobm7uQ6 MAuoV26GDFsKsk/PEwsc4mjwZfDTWk5cx+WLzMIgYlb/W8klqpSfuMje4SYd6dRV 5d30A2NIB2cQeEb29p/J6KcmPLxtUroFm7ieVrlpWMi55TTQrxD+xnNFMt2kkU5E ejzcccs5eDPfSLi2maypm++yn769fFARZgYrY32OFUUpS1F7bnk6xLCXSizKohc1 sforNxSNM9dS/9s/vkdyQGkgOciDtoQyqBXwLchruZMyfQW0KJQFh0hta3Gwmcvx qZxYzEDB0C4vH9aqZ9pT =rwoz -----END PGP SIGNATURE-----
--- End Message ---
