Your message dated Mon, 19 May 2014 16:19:07 +0000
with message-id <e1wmqhl-0002w5...@franck.debian.org>
and subject line Bug#705690: fixed in libuser 1:0.60~dfsg-1
has caused the Debian Bug report #705690,
regarding libuser: CVE-2012-5630 CVE-2012-5644
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
705690: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705690
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libuser
Severity: important
Tags: security
Hi,
the following vulnerabilities were published for libuser.
CVE-2012-5630[0]:
TOCTOU race conditions by copying and removing directory trees
CVE-2012-5644[1]:
(Complete) Information disclosure when moving user's home directory
The patch however looks unfortunately quite substantial, see [2], so
might be better to update for unstable directly to the new upstream
version.
Ghe, are you still interested/maintaining the package? I wonder
because there was no upload since 2008 apart NMUs.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2012-5630
[1] http://security-tracker.debian.org/tracker/CVE-2012-5644
[2] https://bugzilla.redhat.com/show_bug.cgi?id=885724#c7
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libuser
Source-Version: 1:0.60~dfsg-1
We believe that the bug you reported is fixed in the latest version of
libuser, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 705...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tzafrir Cohen <tzaf...@debian.org> (supplier of updated libuser package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 28 Apr 2014 11:03:38 +0300
Source: libuser
Binary: libuser libuser1-dev libuser1 python-libuser
Architecture: source amd64
Version: 1:0.60~dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Ghe Rivero <g...@debian.org>
Changed-By: Tzafrir Cohen <tzaf...@debian.org>
Description:
libuser - user and group account administration library - utilities
libuser1 - user and group account administration library - shared libraries
libuser1-dev - user and group account administration library - development
files
python-libuser - user and group account administration library - Python
interface
Closes: 670663 705690
Changes:
libuser (1:0.60~dfsg-1) unstable; urgency=low
.
* complete repackaging (Closes: #670663).
* New upstream release (Closes: #705690).
* Remove Conflict with python2.3-libuser that was never in a stable release.
* Standard version 3.9.5.
Checksums-Sha1:
e2b1685999323b1b89901ef27bd41b4bcb232080 1416 libuser_0.60~dfsg-1.dsc
a76696f6c003451decfdf3a20564605703b6790d 1524564 libuser_0.60~dfsg.orig.tar.gz
d4e5fd9dff0c057de6bf5eefc20678cd7406397b 5684 libuser_0.60~dfsg-1.debian.tar.xz
e407a725ffd7679f022df570db0fcfb75c353282 269272 libuser_0.60~dfsg-1_amd64.deb
bf6be116c7dead5f4283d3c0412d006b59044f0a 40838
libuser1-dev_0.60~dfsg-1_amd64.deb
8947866ab221205d9b5ffcd878a0d9435a2fe122 84850 libuser1_0.60~dfsg-1_amd64.deb
39e55dc54ba6a363d8f87aaab542fcb190932b0d 47746
python-libuser_0.60~dfsg-1_amd64.deb
Checksums-Sha256:
6d1d9a2b61b72f75b2b76074f45a3174202ade08af62f55ba7973540f06a2a58 1416
libuser_0.60~dfsg-1.dsc
26eba9171a059651161074ce38d1aaf259206392dcdb0d6deb838d3a31500e54 1524564
libuser_0.60~dfsg.orig.tar.gz
e2595d9bab114f161148ff485ef55b45a7ee5477238f7bc1cb0e82aba22884cf 5684
libuser_0.60~dfsg-1.debian.tar.xz
f97eb0c9f24a5c57b25b732a3180b5b07321b84c0768bc838e8eba4901ed3ee2 269272
libuser_0.60~dfsg-1_amd64.deb
d69d85455c047bebeb5e1dac18ac49d30d802c0789757573c2cb9ed8df9e154d 40838
libuser1-dev_0.60~dfsg-1_amd64.deb
14d3c3d8a7d2d3d708c5fd7fef69a829321ac1880084f1bc459a98f07f0efa49 84850
libuser1_0.60~dfsg-1_amd64.deb
f3ede2e8f45b1f375d98a243da35f78af52ebbc34e48fad572bf77596a16314f 47746
python-libuser_0.60~dfsg-1_amd64.deb
Files:
f46dc86b07cca824e25ff9c5b555bb4e 269272 admin optional
libuser_0.60~dfsg-1_amd64.deb
c3b43059490b59da741a9681fe859679 40838 libdevel optional
libuser1-dev_0.60~dfsg-1_amd64.deb
e555516a5b27d2d17392e19d76a995bb 84850 libs optional
libuser1_0.60~dfsg-1_amd64.deb
2fde0f1d1da316bb82e4d9ca799c9eb9 47746 admin optional
python-libuser_0.60~dfsg-1_amd64.deb
ffb6619636226c60433a8696b6138119 1416 admin optional libuser_0.60~dfsg-1.dsc
b75e1f3947c3f3c6cdb037103aa8229f 1524564 admin optional
libuser_0.60~dfsg.orig.tar.gz
f6f07787ec6c10db03cd0617f7cceda2 5684 admin optional
libuser_0.60~dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlN6K2cACgkQZttaNibwIPeoXQCg3GvU1+8Tz7ZJodooRyCPdoZw
SacAn13iNNnuY3a96z2UtfaC5w+5lLhK
=BoAH
-----END PGP SIGNATURE-----
--- End Message ---
