Your message dated Tue, 27 May 2014 22:47:24 +0000 with message-id <e1wpq9u-0000yq...@franck.debian.org> and subject line Bug#748827: fixed in torque 2.4.16+dfsg-1+deb7u3 has caused the Debian Bug report #748827, regarding torque: CVE-2014-0749 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 748827: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748827 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: torque Version: 2.4.8+dfsg-9 Severity: grave Tags: security upstream Hi, the following vulnerability was published for torque. CVE-2014-0749[0]: | Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale | Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) | 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code | via a large count value. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0749 https://security-tracker.debian.org/tracker/CVE-2014-0749 The vulnerability also applies to the 2.4 branch but was not checked as it is already long end-of-lifed upstream. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: torque Source-Version: 2.4.16+dfsg-1+deb7u3 We believe that the bug you reported is fixed in the latest version of torque, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 748...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated torque package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 21 May 2014 14:43:18 +0200 Source: torque Binary: torque-common torque-server torque-pam torque-scheduler torque-client torque-mom torque-client-x11 libtorque2 libtorque2-dev Architecture: source amd64 Version: 2.4.16+dfsg-1+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Morten Kjeldgaard <m...@bioxray.au.dk> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libtorque2 - shared library for Torque client and server libtorque2-dev - header files for libtorque2 torque-client - command line interface to Torque server torque-client-x11 - GUI for torque clients torque-common - Torque Queueing System shared files torque-mom - job execution engine for Torque batch system torque-pam - PAM module for PBS MOM nodes torque-scheduler - scheduler part of Torque torque-server - PBS-derived batch processing server Closes: 748827 Changes: torque (2.4.16+dfsg-1+deb7u3) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-0749.patch patch. CVE-2014-0749: Fix stack-based buffer overflow vulnerability which can be exploited in order to remotely execute code from an unauthenticated perspective. (Closes: #748827) Checksums-Sha1: b324124c2fd3f1adfb34b2bef9032f9aac66277e 2612 torque_2.4.16+dfsg-1+deb7u3.dsc ce84db00bcd49d267b33eb1fdeb7b3a329d1794d 22123 torque_2.4.16+dfsg-1+deb7u3.debian.tar.gz 4767ae99600834d49bec3fe433ab68ab6df91a2a 41994 torque-common_2.4.16+dfsg-1+deb7u3_amd64.deb d44f07f387423ad8b248252f209b8121f0c5d8e4 196198 torque-server_2.4.16+dfsg-1+deb7u3_amd64.deb b0a41a267f591f666fe117a4840d3e1d2b0c9915 38414 torque-pam_2.4.16+dfsg-1+deb7u3_amd64.deb 488a36aab45d139dcd8b57fc9d79b508e9469163 97028 torque-scheduler_2.4.16+dfsg-1+deb7u3_amd64.deb 8996f042b56fdbf1f2ae123440fa2293d88b3d4b 398860 torque-client_2.4.16+dfsg-1+deb7u3_amd64.deb ba9eb03010643b734213aa2a1b786d9f9760217c 200630 torque-mom_2.4.16+dfsg-1+deb7u3_amd64.deb 16d1941847a243e5c32c3397018cacd918dd7c9e 648160 torque-client-x11_2.4.16+dfsg-1+deb7u3_amd64.deb 6b45e194857a49981a93ce601733a6f25b627ac3 120584 libtorque2_2.4.16+dfsg-1+deb7u3_amd64.deb 9e2be568f88b8c48c691388aa4b0bd6f88a6a6b4 49794 libtorque2-dev_2.4.16+dfsg-1+deb7u3_amd64.deb Checksums-Sha256: 1bfb755775b7f6a0c5bb207809fcd75b08e1c7e199dfda218ce82801a7f1d82d 2612 torque_2.4.16+dfsg-1+deb7u3.dsc 5571e0e0d119cebc9fc18425c04deb7114257a3808cc5ccd626d54684176e085 22123 torque_2.4.16+dfsg-1+deb7u3.debian.tar.gz e12bc5b9cf18f1993f942c1ac565cf7de69f6dea2fc4120434e9fe392ab3e06e 41994 torque-common_2.4.16+dfsg-1+deb7u3_amd64.deb 4a1d6912014afe0eac4749c41099c44edb2129c32c463545df8e784034c1e8b3 196198 torque-server_2.4.16+dfsg-1+deb7u3_amd64.deb 42768c5ea6e708f7243869c727e1a58742adef217b7b3af5167a51dcb1e9eaf2 38414 torque-pam_2.4.16+dfsg-1+deb7u3_amd64.deb c96b388f70bcb9dbf719d1a03b0830cee0452fa2a0d66d0096ef54b25e2beb9e 97028 torque-scheduler_2.4.16+dfsg-1+deb7u3_amd64.deb cc6055716229da69696b7418d515128d3a58c2b14dd268ded710151968482ebf 398860 torque-client_2.4.16+dfsg-1+deb7u3_amd64.deb fe5cabf35837058af954e8078fea9890270f0f9b918152abff514879e7e602c4 200630 torque-mom_2.4.16+dfsg-1+deb7u3_amd64.deb 51205ef2e58d04e6a97850f84e643efbce84122bf776720060831e06f5faa894 648160 torque-client-x11_2.4.16+dfsg-1+deb7u3_amd64.deb c9c8b9f7d8999516b111c5e8ba357d83042d4349846924cc3fcd8231e66d1d02 120584 libtorque2_2.4.16+dfsg-1+deb7u3_amd64.deb a993a78d334eaa9c391d0793a6e44d677a01b682d00f2af5c1c0ba5b223ed4a6 49794 libtorque2-dev_2.4.16+dfsg-1+deb7u3_amd64.deb Files: fa94cdead9079b3c088f26ded4ad3196 2612 net optional torque_2.4.16+dfsg-1+deb7u3.dsc 5c4c1f38f17a4f2db981509a34c8c0fb 22123 net optional torque_2.4.16+dfsg-1+deb7u3.debian.tar.gz 6fb3a66dd1087f4e989c01f817b6cd95 41994 utils optional torque-common_2.4.16+dfsg-1+deb7u3_amd64.deb b16cb2277414f6d9a7d02ed5fe6b8c60 196198 utils optional torque-server_2.4.16+dfsg-1+deb7u3_amd64.deb df30ff4c0838571d1f4d89b90f1e09a2 38414 utils optional torque-pam_2.4.16+dfsg-1+deb7u3_amd64.deb ba7601dd6af35baed038b71bcbe1cecc 97028 net optional torque-scheduler_2.4.16+dfsg-1+deb7u3_amd64.deb e4151fb79251f5c23bf3b88264d8d0d2 398860 utils optional torque-client_2.4.16+dfsg-1+deb7u3_amd64.deb 28f289a6d8e9384ac0a67dcaba51b873 200630 utils optional torque-mom_2.4.16+dfsg-1+deb7u3_amd64.deb a69342e62fd5b1dfc3576e3e8b444ddc 648160 x11 optional torque-client-x11_2.4.16+dfsg-1+deb7u3_amd64.deb fcdafb813883124edb9a3daab81889cd 120584 libs optional libtorque2_2.4.16+dfsg-1+deb7u3_amd64.deb 39d0177c4f77dfba7e97e34e30a5077a 49794 libdevel optional libtorque2-dev_2.4.16+dfsg-1+deb7u3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTfKDhAAoJEAVMuPMTQ89Ei3QP/2Ecp/cYZgpB3QvAvhP8v7mb 7l93NoeqPihu1SuMbenEoLYDg8a07txE9rMy7Ke8wbt+0AItDUyQkW+WFMQt8tTE WLjEjT1pWVZwShWFg60WWx3v7XaVl6MbDd3qghkViYzaL7GHyj3X9wXJlzGbCiGd Ltfyxs3BmbdRZghrPN2An5NXSMznLaGqKjS4wd/VDsqkURQkdmGzI/is6K+FUh4D EECSVEzfH1FxUjhos/YU/H5jTt/dzdMSW2o5bdfGdesJLhFtBCNSmLll4I1fiDRv p4N0FS7ZIDohG7c1OTYsNizJ38Qcy8LqAronyage9P8df0U9qlz0PxwyNiuUKw4V 1wePk0nLSvnViMe1qUp5tBXbxqnCUbnKYVSBKX7KAKeiYla6EP4Ol3YHJjJ2VFdQ m4m4QXOET4yBuYVkIYitrwfbl7jfa6a+TeGIRH88YnYqoIBekytV7p9Jjt1Enc2/ VBgp5HEhRYPlH0SHf4bzRnwWIK1n1uOinzefOL1IuYRHNrq6iSZHScMoyZjapcpZ ZQwvBFcCoSTnEJ4IZDY7WsO8vNcv6DbC3S36ea5j86N2fIbJWaeUA8vGpRBTLWf3 lNhwrK0DsFXu89Ge4CCsxvWabtZrv+a8qkcRdexWb/pU8E5vmJEVChYc8qxRlY9T Le0tJlPrpTHW22UU3rbS =pKRT -----END PGP SIGNATURE-----
--- End Message ---
