Bug#819952: marked as done (oar: CVE-2016-1235: vulnerability in the oarsh command)

[Debian Bug Tracking System]

Your message dated Fri, 08 Apr 2016 09:47:59 +0000
with message-id <e1aot1d-0004wm...@franck.debian.org>
and subject line Bug#819952: fixed in oar 2.5.4-2+deb8u1
has caused the Debian Bug report #819952,
regarding oar: CVE-2016-1235: vulnerability in the oarsh command
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
819952: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: oar
Version: 2.5.2-3
Severity: normal

  This bug is fixed upstream but it will help to track affected versions in 
Debian

  Vincent

-- System Information:
Debian Release: stretch/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'squeeze-lts'), (500, 
'oldstable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 
'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel, mipsel

Kernel: Linux 4.5.0-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---

--- Begin Message ---

Source: oar
Source-Version: 2.5.4-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
oar, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 819...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vincent Danjean <vdanj...@debian.org> (supplier of updated oar package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 04 Apr 2016 10:49:52 +0200
Source: oar
Binary: liboar-perl oar-common oar-server oar-server-mysql oar-server-pgsql 
oar-node oar-user oar-user-mysql oar-user-pgsql oar-web-status oar-doc 
oar-restful-api oar-api
Architecture: source amd64 all
Version: 2.5.4-2+deb8u1
Distribution: stable
Urgency: high
Maintainer: Pierre Neyron <pierre.ney...@free.fr>
Changed-By: Vincent Danjean <vdanj...@debian.org>
Description:
 liboar-perl - OAR batch scheduler common library package
 oar-api    - transitional dummy package
 oar-common - OAR batch scheduler common package
 oar-doc    - OAR batch scheduler documentation package
 oar-node   - OAR batch scheduler node package
 oar-restful-api - OAR web services
 oar-server - OAR batch scheduler server package
 oar-server-mysql - OAR batch scheduler MySQL server backend package
 oar-server-pgsql - OAR batch scheduler PostgreSQL server backend package
 oar-user   - OAR batch scheduler user package
 oar-user-mysql - OAR batch scheduler MySQL user backend package
 oar-user-pgsql - OAR batch scheduler PostgreSQL user backend package
 oar-web-status - OAR batch scheduler visualization tool package
Closes: 819952
Changes:
 oar (2.5.4-2+deb8u1) jessie-security; urgency=high
 .
   [ Pierre Neyron ]
   * Add patch: fix a vulnerability in the oarsh command
     (CVE-2016-1235; Closes: #819952)
Checksums-Sha1:
 91877597acadd7fad2deb9d14faafb6798b62153 2511 oar_2.5.4-2+deb8u1.dsc
 c7418643121da9852fad26a1071c50bd02d9d958 5066627 oar_2.5.4.orig.tar.gz
 cf30b0fef5afa2fd38bf3f1b63c30de0d2f60ba0 15240 oar_2.5.4-2+deb8u1.debian.tar.xz
 44d0d89594685f53a741c774584f0e25c086e996 73560 
liboar-perl_2.5.4-2+deb8u1_amd64.deb
 ee8609632d4c99d2e8c839ea2b4e39edcc4021ff 64314 
oar-common_2.5.4-2+deb8u1_amd64.deb
 e280ae9b2a0b541e3acbbddfdac07f49cca3fc23 147532 
oar-server_2.5.4-2+deb8u1_amd64.deb
 1756189f2fb04a7411dfdf0b6ab932ee60b74676 19846 
oar-server-mysql_2.5.4-2+deb8u1_amd64.deb
 285d4c7f09e4d59e275bf607e1177773d079fc5d 19842 
oar-server-pgsql_2.5.4-2+deb8u1_amd64.deb
 343380dcd57c9581a97375b1a4189776f889ba1f 31798 
oar-node_2.5.4-2+deb8u1_amd64.deb
 bb721d267db35d17ea1763aad64a26ff735297a9 66728 
oar-user_2.5.4-2+deb8u1_amd64.deb
 de0536afc8d97fa3fafe5b367f7dfe999d6ee5d4 19816 
oar-user-mysql_2.5.4-2+deb8u1_amd64.deb
 c1e4613f1ad30f2a672473a29163b705d78716db 19822 
oar-user-pgsql_2.5.4-2+deb8u1_amd64.deb
 a1b0633546be68e23aa88c663db7ee102a4300ad 48532 
oar-web-status_2.5.4-2+deb8u1_all.deb
 e90944adf7fe78bdd0e47aaefb710bf8b57df60c 1188308 oar-doc_2.5.4-2+deb8u1_all.deb
 a33db428087ad6853a38e80453380e35297ffd4f 51680 
oar-restful-api_2.5.4-2+deb8u1_amd64.deb
 6ecf297faab9f6b8a60024d3a183e6d5138ecdb8 19688 oar-api_2.5.4-2+deb8u1_all.deb
Checksums-Sha256:
 4dccd0cfd492bc21ac43fc94a26a07c317fcc0cc2a173b3ea6e5ce61ff0dcf73 2511 
oar_2.5.4-2+deb8u1.dsc
 08348357b9b424fa8bcc4e2b75a54b92d8dd4b09b328d675531a4ee4abc6de18 5066627 
oar_2.5.4.orig.tar.gz
 f08bf55326a3ee04fd4fbfde09c7803b872155cb02a103ff65b6009b4efcc3cd 15240 
oar_2.5.4-2+deb8u1.debian.tar.xz
 b39daa99f61a68f28e627bdf0a8ef4b06f58bb4d677430177288cbeaf3f68ae0 73560 
liboar-perl_2.5.4-2+deb8u1_amd64.deb
 acfa3134583fd9854309492e5c78b736961493626e32af21396f54b9e4bce2a7 64314 
oar-common_2.5.4-2+deb8u1_amd64.deb
 1de50d345a8a788721544544c209e6732a52cf4ef61fa6ba0953eac2d7b23686 147532 
oar-server_2.5.4-2+deb8u1_amd64.deb
 4ff8bce42bfcd9db569bdba8c4ba2167d60fefccee11cfa627db64fb493464a2 19846 
oar-server-mysql_2.5.4-2+deb8u1_amd64.deb
 09b4b044ad575f1364bdc4524475270b43db65a5c62b67810e625f800f488090 19842 
oar-server-pgsql_2.5.4-2+deb8u1_amd64.deb
 0271a4a4541fdcd5dd8f55f3801cca6b19768dd8ccdcb67b117c24306b0021e2 31798 
oar-node_2.5.4-2+deb8u1_amd64.deb
 16f30c5e1545a560b9cc1410c95bcb88085151fa482e10337f2f96c3d64e0ea8 66728 
oar-user_2.5.4-2+deb8u1_amd64.deb
 ff965944573159f949437eb311e6134819e0aa5811d1039bef50c305b3e081bb 19816 
oar-user-mysql_2.5.4-2+deb8u1_amd64.deb
 3b4bba9b5185336c7ee64f966f7a4fef13445e984fb5791043a0fde6bd406982 19822 
oar-user-pgsql_2.5.4-2+deb8u1_amd64.deb
 d296414bc2858066618e6a1cde680856ea52a6445f6356ab1feb0cf645bd415b 48532 
oar-web-status_2.5.4-2+deb8u1_all.deb
 16464a2bcb3876b5805c16e2a11cc5a448d696772135fb1bb8d7e8392a8c215d 1188308 
oar-doc_2.5.4-2+deb8u1_all.deb
 75612cd10a3dafd525ebbeafb9194413512a6bf3944e78490764ddd2d2e545e2 51680 
oar-restful-api_2.5.4-2+deb8u1_amd64.deb
 bf42ec381a13fbcccc2e3dc1d684659f22fcdb9e3944cd6f550121ce5a4f1cee 19688 
oar-api_2.5.4-2+deb8u1_all.deb
Files:
 124cd81bd35342abaf6c9e845ea9fd1e 2511 science extra oar_2.5.4-2+deb8u1.dsc
 2b7eec29da348c0332bf17fd74b92d0c 5066627 science extra oar_2.5.4.orig.tar.gz
 d258f76698d76bbf312b5a013fbbe811 15240 science extra 
oar_2.5.4-2+deb8u1.debian.tar.xz
 9dd3e21971b61c880776ea42c14ef999 73560 perl extra 
liboar-perl_2.5.4-2+deb8u1_amd64.deb
 71a77abff3f9f7549bcf662940c500b4 64314 science extra 
oar-common_2.5.4-2+deb8u1_amd64.deb
 73d0107bbad654df36dcd096881dd320 147532 science extra 
oar-server_2.5.4-2+deb8u1_amd64.deb
 d1b84ff6c4b49fd719024b78731d5bae 19846 science extra 
oar-server-mysql_2.5.4-2+deb8u1_amd64.deb
 20152ac40a27e97f1ef0e98a9d5524f2 19842 science extra 
oar-server-pgsql_2.5.4-2+deb8u1_amd64.deb
 bbff8cf0b6c5e6dd20e6dd508b6edc6e 31798 science extra 
oar-node_2.5.4-2+deb8u1_amd64.deb
 e0040fc8ff9cd2937209c3d550ced974 66728 science extra 
oar-user_2.5.4-2+deb8u1_amd64.deb
 10e5f75b2147652458339d168a0d8dd9 19816 science extra 
oar-user-mysql_2.5.4-2+deb8u1_amd64.deb
 5c4b0fd688fb641fb6d86df2ae080551 19822 science extra 
oar-user-pgsql_2.5.4-2+deb8u1_amd64.deb
 7276803f9da77aa5a46aecf13498713a 48532 science extra 
oar-web-status_2.5.4-2+deb8u1_all.deb
 e695199981b4f3c071def84fe50594ea 1188308 doc extra 
oar-doc_2.5.4-2+deb8u1_all.deb
 be7545ed9cec5c082514e157c970c1f4 51680 science extra 
oar-restful-api_2.5.4-2+deb8u1_amd64.deb
 73a7d58c177a28a19a256122f101c460 19688 science extra 
oar-api_2.5.4-2+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVwIr7JZH3mN+x7dRAQjkGg//TrvkWAf677hHWfkktI8Y1DCn7HeK2L2j
7u8GF/l5Nl36Gk7NcxNr64mWno4Cdo7YVeeZyW9a9MhRf5fuskui1J/Yemt/yO2E
4dXeLeMK3KZJployhJxP3MxHjG7iUzzM3go2cZmJX2LwjMj6sYjLewrCRCDQ+92i
SnUlAe8j5rg9rBTstG0l0+wm5DZcYUq6QkPS/iQkP+zCk75laRVR4JyUy9nbgOfi
jmAkc6JBCvmqFLYUVtZbvUayJzYN53Kz8WUOOrgm1d2VrqF2uM3ljBYmYyG3z0ab
kJnt1uEw86EX+Nrd4JH3eYhESC33DCyJRtjL34ZMxS02Jg42tIoiL/xtigTZ8RFd
O9At/ivyx4/4gBW651oWhMtnJrUETKg6VYuivpRkvYXyqCzbQeLMqed1gnhuUXjw
//G1ImFbucDX3L4e/3yGRlGmf2mYisVDGLWazUa7PSy0c3IUJX3QPUHfz7r30C+x
cyIibU+PMych+Ur9Scll0JvRXj5k9tR3ElGlmcp7SHBxnqNf8BEXQjN5Rz7dOg5o
gOlrZfFG6sQ+p4qHCexLGHJBc/q4UDbu7Plyt/5l7Buok/Ob9BRNmebyuXj67VKg
Lk3RNI+LYFgTASZJNMxQ2Giv0qwkIMAa9zpAxlHX8rRI+CFmd8EPeRmq8OtMTrwD
JzxemmXSRtw=
=5Ast
-----END PGP SIGNATURE-----

--- End Message ---