Your message dated Mon, 22 May 2017 12:50:04 +0000 with message-id <e1dcmmi-000evr...@fasolo.debian.org> and subject line Bug#862806: fixed in shadow 1:4.4-4.1 has caused the Debian Bug report #862806, regarding /bin/su: Regression from CVE-2017-2616 fix: killing su does not kill subprocess to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862806: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862806 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: login Version: 1:4.4-4 Severity: serious File: /bin/su Tags: patch upstream security Justification: regression Forwarded: https://github.com/shadow-maint/shadow/pull/72 Hi Filling this as severity serious (and thus RC) since a repvious targetted fix for CVE-2017-2616 causes the regression. Details: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1690820 Upstream pull-request: https://github.com/shadow-maint/shadow/pull/72 Upstream fix: https://github.com/shadow-maint/shadow/pull/72/commits/7d82f203eeec881c584b2fa06539b39e82985d97 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: shadow Source-Version: 1:4.4-4.1 We believe that the bug you reported is fixed in the latest version of shadow, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 862...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated shadow package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 17 May 2017 13:59:59 +0200 Source: shadow Binary: passwd login uidmap Architecture: source Version: 1:4.4-4.1 Distribution: unstable Urgency: high Maintainer: Shadow package maintainers <pkg-shadow-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 862806 Description: login - system login tools passwd - change and administer password and group data uidmap - programs to help use subuids Changes: shadow (1:4.4-4.1) unstable; urgency=high . * Non-maintainer upload. * Reset pid_child only if waitpid was successful. This is a regression fix for CVE-2017-2616. If su receives a signal like SIGTERM, it is not propagated to the child. (Closes: #862806) Checksums-Sha1: d8e8b989edb415a9f3798c399d586418ada58b6d 2453 shadow_4.4-4.1.dsc 09135bf632baef6dee8136c4f0abcee7bed91cbb 600560 shadow_4.4-4.1.debian.tar.xz Checksums-Sha256: 6760f8ee90562ed02cb3902b81167e6153923a979c61dc06671426321e575f74 2453 shadow_4.4-4.1.dsc 42610e666c762b88b9e60ea878b522b0639240dc9a74fe627b1ac497dd3d7424 600560 shadow_4.4-4.1.debian.tar.xz Files: 4920efbb4413fa54b987ae695ecbea38 2453 admin required shadow_4.4-4.1.dsc 323cd4a9e84ee523db9cf6885899cc47 600560 admin required shadow_4.4-4.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkcPKNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EHYwP/jYPuW2yAsHLRhaPj9joXDTAbRrxPQQo T/kDH9T2vVZNFILPUH8YoXLNOMEAtPMaeshLJycGqPoXSn7BKIraOONYXhdM1t2n U0Pp0m2YiMLaPS167bV1pw0XPvjtyS5XFbrRl2wUxEMsFGmL/1gGfubQKzzHLddE 7DR+zlpi5UFMJAx6a2nTHaIRRcvHU7+xbYy9Hagjw5XnBosI4ZJ16jHs6bQjL9zf h/MAZZtaFH7AcTHkq0+Sd8dMgJSR741OXr4BJx5hkfnZ/vbNJ6pBPM7/NTPgZvS2 Ix+7tkvZ2AhdFo7B32kUxDBYpgXJgM/xU+V+iASd2zLVnKr1RqzGhZHlhNmHfEpJ CifaZFC0hFro+6oVupUy20ol6eBnb1FgZ1yzz9njKQr56/IIRAfAhqGmKHyE7uQm WwF2lhe+QA4E2M2D0yC5qjbLCFfnddTZ6F9wsWPAwVzg4rXKgoOlZ2+Y3EygwSZ7 +zUBWEgRNOkLP8PRKH4SmuiYa3JmNQfWuRCWfZmdN0qIC6uqmRA4k/A5MujI0wb+ MxpfiWUegVW8mBlABAooKcRFbjDxvU84uwWBw4wNKlHNa93NtXXA//TTStZcg7cb /xwEc7OvOL/IESjkb0WyKzv3XJFpT+8vkFRR542h+04MdV++MUiQIydPkbni6+fY 2qxaZTRIv/VF =c7BG -----END PGP SIGNATURE-----
--- End Message ---
