Your message dated Wed, 04 Jun 2014 12:42:45 +0000 with message-id <e1wsawj-00076y...@franck.debian.org> and subject line Bug#748827: fixed in torque 2.4.8+dfsg-9squeeze4 has caused the Debian Bug report #748827, regarding torque: CVE-2014-0749 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 748827: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748827 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: torque Version: 2.4.8+dfsg-9 Severity: grave Tags: security upstream Hi, the following vulnerability was published for torque. CVE-2014-0749[0]: | Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale | Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) | 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code | via a large count value. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0749 https://security-tracker.debian.org/tracker/CVE-2014-0749 The vulnerability also applies to the 2.4 branch but was not checked as it is already long end-of-lifed upstream. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: torque Source-Version: 2.4.8+dfsg-9squeeze4 We believe that the bug you reported is fixed in the latest version of torque, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 748...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated torque package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 21 May 2014 17:48:07 +0200 Source: torque Binary: torque-common torque-server torque-pam torque-scheduler torque-client torque-mom torque-client-x11 libtorque2 libtorque2-dev Architecture: source amd64 Version: 2.4.8+dfsg-9squeeze4 Distribution: squeeze-security Urgency: high Maintainer: Morten Kjeldgaard <m...@bioxray.au.dk> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libtorque2 - shared library for Torque client and server libtorque2-dev - header files for libtorque2 torque-client - command line interface to Torque server torque-client-x11 - GUI for torque clients torque-common - Torque Queueing System shared files torque-mom - job execution engine for Torque batch system torque-pam - PAM module for PBS MOM nodes torque-scheduler - scheduler part of Torque torque-server - PBS-derived batch processing server Closes: 748827 Changes: torque (2.4.8+dfsg-9squeeze4) squeeze-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-0749.patch patch. CVE-2014-0749: Fix stack-based buffer overflow vulnerability which can be exploited in order to remotely execute code from an unauthenticated perspective. (Closes: #748827) Checksums-Sha1: d984f93371bd04d1296bc226a65afedd0d99fdd5 2315 torque_2.4.8+dfsg-9squeeze4.dsc 7d6c9b77bc951768ed8a34e27da0411bd969eaf6 26686 torque_2.4.8+dfsg-9squeeze4.debian.tar.gz 604f36ff23d8e2d8f8da4c6de22f5ba36fd45525 38064 torque-common_2.4.8+dfsg-9squeeze4_amd64.deb 6d363dcf7b25e7d763cf14f726c0678c6def43da 187846 torque-server_2.4.8+dfsg-9squeeze4_amd64.deb 802d1a0f99ad61bdc45d43cc30f3bf0d6bb63777 34540 torque-pam_2.4.8+dfsg-9squeeze4_amd64.deb c5d62d57af6da2e1998500ebcb313500eae33473 92320 torque-scheduler_2.4.8+dfsg-9squeeze4_amd64.deb 58ea152250e66afda318ca3c190a7a6c7724237d 388204 torque-client_2.4.8+dfsg-9squeeze4_amd64.deb 390b3c622b9d0444750357fda0f621091b7a66cc 194544 torque-mom_2.4.8+dfsg-9squeeze4_amd64.deb 16e312a0083b5aff32dcb9ecd3c68c7b6742bd7b 641728 torque-client-x11_2.4.8+dfsg-9squeeze4_amd64.deb b894fbcbf9985847c99a631635464fa36927f345 115322 libtorque2_2.4.8+dfsg-9squeeze4_amd64.deb b7185c7ad7a83542e774fc3610d6561382d3ca1d 46682 libtorque2-dev_2.4.8+dfsg-9squeeze4_amd64.deb Checksums-Sha256: 3b5c22c29c745d6704616a2918f3dcf4523a84cfb15e20ff85a629361645e3a2 2315 torque_2.4.8+dfsg-9squeeze4.dsc 0ab042543a78df501775c488b74cdb70e6758cd6016f3ed13961b01584fd3eb4 26686 torque_2.4.8+dfsg-9squeeze4.debian.tar.gz a1f786a4027b728463117fba6bf9593e44ae8b45c29f434ebe66705f5024f5e7 38064 torque-common_2.4.8+dfsg-9squeeze4_amd64.deb 6e7e0e9dd6c774380c084416a5b1264d07e3fc01d5f1f6eb7fd19666432ea620 187846 torque-server_2.4.8+dfsg-9squeeze4_amd64.deb 0d14b4da1fc45fd62af775309ebcac33cd2e4592c4047f00f62b9406efe88aed 34540 torque-pam_2.4.8+dfsg-9squeeze4_amd64.deb cf4511ba79c82670fa6faf465c19b91c0e27a4f280b431dc006b8fc57422c1a3 92320 torque-scheduler_2.4.8+dfsg-9squeeze4_amd64.deb 873ee87781e184ecf01271a2f16ec918d8249073de80e81d84d56e9cab7a7479 388204 torque-client_2.4.8+dfsg-9squeeze4_amd64.deb ed91699bcec8239dd81b459f082d0fadb49eb404094c2b707e246f0c0f3af076 194544 torque-mom_2.4.8+dfsg-9squeeze4_amd64.deb 13ac1b87a792e86d497cc7192dae336a73bbf899d2b62171ed02b145e19374f1 641728 torque-client-x11_2.4.8+dfsg-9squeeze4_amd64.deb 29e4f1c0ccecf6092b9c31a1d652e8e8dbf5d1989d660582dad07ad3e2fd4225 115322 libtorque2_2.4.8+dfsg-9squeeze4_amd64.deb 66d833208b14d34ebc6bb2a0c2217185188d935d1d47350dfdac070cefd98063 46682 libtorque2-dev_2.4.8+dfsg-9squeeze4_amd64.deb Files: aa203b2ec6d2038f9066feee55cb29e0 2315 net optional torque_2.4.8+dfsg-9squeeze4.dsc aacba9c95ed33f7a2a496384d78a7ac7 26686 net optional torque_2.4.8+dfsg-9squeeze4.debian.tar.gz 78fc1678bbe8559bb7bd8bc4581b64e1 38064 utils optional torque-common_2.4.8+dfsg-9squeeze4_amd64.deb 06f1ec055ab05065e1a1d840bea9e0af 187846 utils optional torque-server_2.4.8+dfsg-9squeeze4_amd64.deb aef0cfb0849890e030deaa913785e54b 34540 utils optional torque-pam_2.4.8+dfsg-9squeeze4_amd64.deb 6eff8fb9242d6637674367651d7c33f3 92320 net optional torque-scheduler_2.4.8+dfsg-9squeeze4_amd64.deb 1a6a6158bd3be159747874795c13d77a 388204 utils optional torque-client_2.4.8+dfsg-9squeeze4_amd64.deb 4f71cf5755c1c3b26acc1c46ea1c31f4 194544 utils optional torque-mom_2.4.8+dfsg-9squeeze4_amd64.deb b9eb7472cd39c2de49f092c2c1f9e8bf 641728 x11 optional torque-client-x11_2.4.8+dfsg-9squeeze4_amd64.deb e52bf7c28e544d0e0fc9de6218d15f0a 115322 libs optional libtorque2_2.4.8+dfsg-9squeeze4_amd64.deb dab3b1054c4628323856d4b206310662 46682 libdevel optional libtorque2-dev_2.4.8+dfsg-9squeeze4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTfMucAAoJEAVMuPMTQ89Ej2kP/36GJDByIoAlY4O+juazOUTW PGGCXGPO8ziNh67xSwt+sWXDo19LSLDgllSrBlAXFjnd9obXuyXnuzt5Wymy0C6g l9AZC8Zq5qHjWhPE7jfXCeFy37HOO8yUrss+280OR5d6eMiggXKovJ0p4kS1Wbop VRTN2AzGLzhzs4VFs/zGFiOfAVepcEv5vuMkxAuVwJgUA99XmnfwS0EJFWL+2c7T nCf0cGxbMIScDaxCAvZZmvpgzSUcfd2E6+0jQumTeFUhY531SDsPtRAyQeSBUIyq 4u65fWOzsI3bC5Wb7MtmAN/5SMrTEBeoS+35/kpVaA+rsN70vDSk/RAXDY9rmQBe n6fXHaOKRMrAZjlDaoRSE9WqvI9J28c6tAznGCv/xJerWreNcSVW9mD8dPtL2F1j 01C7PBflQgDK+YuSATsJGNcALQ+03eGUjqbaJ0zrisk44pnysdLTkMmz77mnIHu8 76PaYt8lxtLa/hjtam5jCHFjpxI+R06zmItlXxCSnKxk6vLYmSP6w2h1HS1hSh+1 ZNY3JJ1OMs8v+bgqhpfw2/iO3QjX61sg9PvJ2R176n4n852PREKAbrAxQLIcstPy GnCjTjl9LgbfOx/fFM42mwD1LyI7URr7vPiQ14t7Cgk8DQnZbkWJ7j0p/vuCR23L kFWseEO9RrkZ2nyfUoiA =drQb -----END PGP SIGNATURE-----
--- End Message ---
