Your message dated Fri, 29 Nov 2013 09:18:49 +0000
with message-id <e1vmkdp-0006my...@franck.debian.org>
and subject line Bug#730691: fixed in adequate 0.8.1
has caused the Debian Bug report #730691,
regarding adequate: CVE-2013-6409: privilege escalation via tty hijacking
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
730691: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730691
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: adequate
Version: 0.4
Severity: serious
Tags: security
Justification: user security hole
If root uses the --user option, then the user can hijack the tty with the
TIOCSTI ioctl.
This is similar to CVE-2005-4890.
--
Jakub Wilk
--- End Message ---
--- Begin Message ---
Source: adequate
Source-Version: 0.8.1
We believe that the bug you reported is fixed in the latest version of
adequate, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 730...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jakub Wilk <jw...@debian.org> (supplier of updated adequate package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 28 Nov 2013 11:27:21 +0100
Source: adequate
Binary: adequate
Architecture: source all
Version: 0.8.1
Distribution: unstable
Urgency: medium
Maintainer: Jakub Wilk <jw...@debian.org>
Changed-By: Jakub Wilk <jw...@debian.org>
Description:
adequate - Debian package quality testing tool
Closes: 730691
Changes:
adequate (0.8.1) unstable; urgency=medium
.
* Fix possible privilege escalation via tty hijacking (closes: #730691).
+ Switch users only when running ldd.
+ Run ldd with stdin redirected to /dev/null, and without controlling
terminal when run with reduced privileges.
* Bump standards version to 3.9.5 (no changes needed).
Checksums-Sha1:
7ef365addca56192cc0b3f199c190747f35b4163 1597 adequate_0.8.1.dsc
6edbddea4266830550ca652b575361bf57858156 22303 adequate_0.8.1.tar.gz
426892da06b2b1b26efd9e11523590a461e859e9 16636 adequate_0.8.1_all.deb
Checksums-Sha256:
f19126cc509c37315bad2bcab5f33128e8bd043795357312cc276f50d3feffa4 1597
adequate_0.8.1.dsc
ed098eba2302956ca4a2462d4cd3c2086afad9d02b14f9336ce7189760fbb34d 22303
adequate_0.8.1.tar.gz
a22ed27d295c210392d236c910cc248461a6e8b786d104588c00c760635b2d76 16636
adequate_0.8.1_all.deb
Files:
cfb9942eafaf16cb86aae9829c5ffffc 1597 utils optional adequate_0.8.1.dsc
9fb8ca089ded9a7d27ae5c379974b7cd 22303 utils optional adequate_0.8.1.tar.gz
754bc247a5c43f34ae81991cca07dda3 16636 utils optional adequate_0.8.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBCAAGBQJSlxtgAAoJEC1Os6YBVHX1wusP/Ao6mcwkQslPR01oZhqpQWI0
3EqmxdhhP09jqkzTJH+K0MfL9n2fwCKBZYjknovwxu8lnG10/XizLVoBcIS37RmN
SZ5qd7y1jWpfXblDixqjJaSQuNtP5wzQiOQuPGaI17/9gXUpa8V8kYO7Wh4Pg/xY
era0P14befN6knCcjUgh9+i32OzK+IwsAO+XtvJXfNLRP4f+J0MzNRanKNOtP1gD
m4F1krxEUAqPaRrdjj3bucbB+TI92qansbSqOt2o/k3vRPNWhyxFdiDIquMbeTOd
h8ban080cETz5SWXAQzoLSMLLhnNBNrqMpHB6tUDJ5qDRCIz/CZ8PsO67KD31+Ps
sryEZoAgPfwr1yO9q5ebwuwKbLSlcLQVo/pTUrohjMKbJ+GtPmVBLQo1Yd6LJHBp
aYsC8tvsApANa+OJfSH1vEiDUBWEpjnSLELmJVfXMpACiKk35KJuGX4NeyTaEkJi
ZOdU2+fGjFjcPJWdn1OTRk2qdTq01i1+UOsKuyEpvO4YGgUbtLwBVtJ0tU49tVRt
Q4EsolmGKs0zKnONOuWOp5ncXA59pkftCo1gFr957SUPkUTFFYphQ23pNOZCAGGW
PnMzFjUtAjnJgm4Te4liP/pfaQVNPbwRDdc/6F/2b4u5he3huy0xb+09zTdg8xXD
QecdTEXWE4fC9bRpc+E5
=qjSc
-----END PGP SIGNATURE-----
--- End Message ---
