Your message dated Fri, 23 May 2014 09:24:56 +0000 with message-id <e1wnlii-0000mr...@franck.debian.org> and subject line Bug#748827: fixed in torque 2.4.16+dfsg-1.4 has caused the Debian Bug report #748827, regarding torque: CVE-2014-0749 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 748827: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748827 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: torque Version: 2.4.8+dfsg-9 Severity: grave Tags: security upstream Hi, the following vulnerability was published for torque. CVE-2014-0749[0]: | Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale | Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) | 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code | via a large count value. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0749 https://security-tracker.debian.org/tracker/CVE-2014-0749 The vulnerability also applies to the 2.4 branch but was not checked as it is already long end-of-lifed upstream. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: torque Source-Version: 2.4.16+dfsg-1.4 We believe that the bug you reported is fixed in the latest version of torque, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 748...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated torque package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 21 May 2014 20:56:21 +0200 Source: torque Binary: torque-common torque-server torque-pam torque-scheduler torque-client torque-mom torque-client-x11 libtorque2 libtorque2-dev Architecture: source amd64 Version: 2.4.16+dfsg-1.4 Distribution: unstable Urgency: high Maintainer: Morten Kjeldgaard <m...@bioxray.au.dk> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libtorque2 - shared library for Torque client and server libtorque2-dev - header files for libtorque2 torque-client - command line interface to Torque server torque-client-x11 - GUI for torque clients torque-common - Torque Queueing System shared files torque-mom - job execution engine for Torque batch system torque-pam - PAM module for PBS MOM nodes torque-scheduler - scheduler part of Torque torque-server - PBS-derived batch processing server Closes: 748827 Changes: torque (2.4.16+dfsg-1.4) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-0749.patch patch. CVE-2014-0749: Fix stack-based buffer overflow vulnerability which can be exploited in order to remotely execute code from an unauthenticated perspective. (Closes: #748827) Checksums-Sha1: fff294e406cea3a214eea1e54112d3940a2d4c24 2650 torque_2.4.16+dfsg-1.4.dsc 236fe6114384a3fa8a0382e94eea4455c6faefeb 19392 torque_2.4.16+dfsg-1.4.debian.tar.xz 9afaac7bac1e3476e98a7cf61e313e107f24b141 40632 torque-common_2.4.16+dfsg-1.4_amd64.deb 9347aa8b4edd959f46a2d1c89fdaaef25c3bb42f 172082 torque-server_2.4.16+dfsg-1.4_amd64.deb 058fc7dec2e1db5b0fe3f6ca7e574fa688447171 37302 torque-pam_2.4.16+dfsg-1.4_amd64.deb d25fe6740fdfddcf17325a89410fd9ee21011440 87278 torque-scheduler_2.4.16+dfsg-1.4_amd64.deb 698396eb9e672e4160f857eafe0b0f233b274a10 331582 torque-client_2.4.16+dfsg-1.4_amd64.deb e24a81b32f0317430a4d2c15bc62c71079cbb795 176450 torque-mom_2.4.16+dfsg-1.4_amd64.deb d5857c731ab0dc2244e449a230c766d2cbeb8f55 478930 torque-client-x11_2.4.16+dfsg-1.4_amd64.deb 2313cbfe076a6bfc77f679dc410787cea8393aeb 104564 libtorque2_2.4.16+dfsg-1.4_amd64.deb 3e8ec85c974346e63ca4798dae098b3c430fc845 46388 libtorque2-dev_2.4.16+dfsg-1.4_amd64.deb Checksums-Sha256: dfe63a368e5f0f22b5c9e3da9402982a9d5ff4949f6ea6b8aff03cae73af3fd7 2650 torque_2.4.16+dfsg-1.4.dsc 1a6fe9337122817c321b12371296c179d6568edc0bac8b15b70aa6c4ef89c9df 19392 torque_2.4.16+dfsg-1.4.debian.tar.xz 4ec510ef17bc4d7dccf93ca5131194a87c79ad13bac75b6782225b2b5402ff7b 40632 torque-common_2.4.16+dfsg-1.4_amd64.deb 5c2f082c8556c7c475e7721ab056d458248ae2697b267f494968d6fbcedb88b4 172082 torque-server_2.4.16+dfsg-1.4_amd64.deb bfa75fe065782c539d3cebe64d1461bee6e6528d57cd8a68d87594a80badb855 37302 torque-pam_2.4.16+dfsg-1.4_amd64.deb c505a98ca2fde263fb916b0589b28c8593e63af92005607f1cfba2bedbd30a48 87278 torque-scheduler_2.4.16+dfsg-1.4_amd64.deb b0cfb7dc2a8fbab9cf5b1c9be65481bc0213fe7765680224d895e48e2782a0a5 331582 torque-client_2.4.16+dfsg-1.4_amd64.deb 93cdb1424263162f1f08cbf002aebba06a3439c59bbe0a201950c762d23457a6 176450 torque-mom_2.4.16+dfsg-1.4_amd64.deb 0a88c1203447e6d9903e142c316ad39ce15dd29ea18b73a5801f37a630528e8a 478930 torque-client-x11_2.4.16+dfsg-1.4_amd64.deb 20b47f5114969bab2bfa514d38b999dc23c932a12198317360e2cb7ab419e351 104564 libtorque2_2.4.16+dfsg-1.4_amd64.deb 11f72eb9ca37ffa160b4658ba0e7348d4de398f5380041abbcd412418dfa4790 46388 libtorque2-dev_2.4.16+dfsg-1.4_amd64.deb Files: 29ecc122af0baa8c7e0c1cbfb65a21fe 40632 utils optional torque-common_2.4.16+dfsg-1.4_amd64.deb 9d801dde3ae0555e22be8b64d2714e2b 172082 utils optional torque-server_2.4.16+dfsg-1.4_amd64.deb 2d03c75736062c02afe290abe5b59c1b 37302 utils optional torque-pam_2.4.16+dfsg-1.4_amd64.deb 6d5bea1dfa2ad9e8810487e41cc1c3bd 87278 net optional torque-scheduler_2.4.16+dfsg-1.4_amd64.deb b37548bf9ede435e8bcbaaac21081fea 331582 utils optional torque-client_2.4.16+dfsg-1.4_amd64.deb a31089535a013b76096733fcc3dbffbd 176450 utils optional torque-mom_2.4.16+dfsg-1.4_amd64.deb b7f1dacc0cb5c5164151f0a32fdb8de9 478930 x11 optional torque-client-x11_2.4.16+dfsg-1.4_amd64.deb 75c6a0d4501491321c66a9b486055581 104564 libs optional libtorque2_2.4.16+dfsg-1.4_amd64.deb 2b3dc32f00e970b555ebb2c4073ca92f 46388 libdevel optional libtorque2-dev_2.4.16+dfsg-1.4_amd64.deb 54efd54c43280d647316827f28c2dd9f 2650 net optional torque_2.4.16+dfsg-1.4.dsc ae57dc8cef95e3e2267c341fb84397e1 19392 net optional torque_2.4.16+dfsg-1.4.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTfPpTAAoJEAVMuPMTQ89Eio0P/1uPJd5z6Qhn7SBOkwLZVN6J QiwTBRzWXetlXAFginFSrVZBK36yGLfsk2t3+UFDxVRx/EjIrO3nYrmKJemDUO3o XdjBzQdb10Ko4U+Oizh4LdUg2a3MmfP658/GXf036+WkyLSc2DN49fjxqJ3QLGoK 5LDe1CJXUUt3+4lHFMMIzG8ixlHcYxrxkrjUxgIGqQhfIZ8+NlK8IUcc6te6prYL l0yepC+hQmjBzM+2J+/7zk1pfazQt5lisme+a+HbAOjaFJ66pjCAg43YZyHjoLzP 4K+n69efHpYPak7arXJ3ymS2pud7XXvhRhExHQUf+km0l0s+PfbSZ2tsILOqGB3U ToK2ikHR9nTa7zjcvz1r6J88gmujiuvinWM1K05TGbYI5C2K/oknBZUzjg7vTVpP aEWUoSvv0BxFeb5jLWsqNM8bOQuU2m5RQZ1ANJYBz1lZyOFrhh8Yue4t1kShCSie rvvuBcpmYCVZcRil0IksruqHzUwdQZa3bOOrras7VRGHN117z+2XBN8mxuDjlb8w 8hXUDO7EOlodQQpqsNYUthhPKqkMDx75slssEDGuWOLGegzMml/HRhlwTwpLbKgh ksJheaATyN8gQvXXD6Ad/EQA7Tf5w4Ydx+aDT2MQGwv9OB+F+NgGQZTv9gCJK8yU zvT8YNWH4fTA4JW3GSYH =ucC8 -----END PGP SIGNATURE-----
--- End Message ---
