Your message dated Wed, 31 May 2017 01:02:13 +0000 with message-id <e1dfs1d-000cmr...@fasolo.debian.org> and subject line Bug#862806: fixed in shadow 1:4.2-3+deb8u4 has caused the Debian Bug report #862806, regarding /bin/su: Regression from CVE-2017-2616 fix: killing su does not kill subprocess to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862806: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862806 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: login Version: 1:4.4-4 Severity: serious File: /bin/su Tags: patch upstream security Justification: regression Forwarded: https://github.com/shadow-maint/shadow/pull/72 Hi Filling this as severity serious (and thus RC) since a repvious targetted fix for CVE-2017-2616 causes the regression. Details: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1690820 Upstream pull-request: https://github.com/shadow-maint/shadow/pull/72 Upstream fix: https://github.com/shadow-maint/shadow/pull/72/commits/7d82f203eeec881c584b2fa06539b39e82985d97 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: shadow Source-Version: 1:4.2-3+deb8u4 We believe that the bug you reported is fixed in the latest version of shadow, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 862...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated shadow package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 17 May 2017 12:58:54 +0200 Source: shadow Binary: passwd login uidmap Architecture: source Version: 1:4.2-3+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Shadow package maintainers <pkg-shadow-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 862806 Description: login - system login tools passwd - change and administer password and group data uidmap - programs to help use subuids Changes: shadow (1:4.2-3+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Reset pid_child only if waitpid was successful. This is a regression fix for CVE-2017-2616. If su receives a signal like SIGTERM, it is not propagated to the child. (Closes: #862806) Checksums-Sha1: f2f508a18aedff0751d6b73c35ae29488a7f1b07 2492 shadow_4.2-3+deb8u4.dsc cd8629482cd38f0e6e558d8aaa9fc0e610c6e824 498804 shadow_4.2-3+deb8u4.debian.tar.xz Checksums-Sha256: 5f5c2c412e567a6f7b49141f11927202b52a8941befec39f6841b3e20a0ccea4 2492 shadow_4.2-3+deb8u4.dsc b694aea58176f3a2703cd6461401951e52d78ad80626c39a04c0b88368957106 498804 shadow_4.2-3+deb8u4.debian.tar.xz Files: 50c24ba7d0538d1a980914d2d0e49435 2492 admin required shadow_4.2-3+deb8u4.dsc 0e060775c4b387b97ea17da63cbf77ea 498804 admin required shadow_4.2-3+deb8u4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkcLjJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EMroP/R6Gb4bd7GimIkVlXmGDA8GwZHzUFD4y 52SzmEt9BghsqL3L/gqYBs/8Bqkpq31Mbm69NJYtwrLJ+Xm+FB+HGmDkf54gyn3f lNb676uBhPscLcgKLcR5nSl/9BFVJpuM1x5gtM1sf/fTFwRZyRUNm7y3zDT/XGRI WHZtAOa6BuoLd7As+8Xq/sXcfobThFH2xV/LpPPBwsOHlXUumedUUT3mrifxorSW NqJBiQheBeOto/bKZWHPZTKYjnxmvRQLtrKGLetqRzMWPyM+m64nssnwRNxstsOs c4VhWBDZUqM/G7B3V/3xSSTjCYvlS7rMiz0JA3xKJi70LxWYBGIXzsIHMZdEx6dv ws7miJMmgBIT95MEiOz1t+Cb205NPIuL6EbGX0gey76Ivpwj8FD5WmGE+OKt+8ji qEdVMaM8u3mnKFTbOJs2dECNAQIO3lG659VnEyb3ei4RTopE/JYrcL9hqm37Vr0S josEimwP4Br2xAOQ4d5/bbQhngZHGrD7VhxmnP3ftUPYAh/gbB0+d+omFqmGAVC6 znWGU4FgkbASHtQVezKHVRNQuFxHbj50SoheOmmnzI+bT9lrY+SAtbdddUjQV8yC H5bpsoI7uQEn5KYSaTXtKrTOBnwh7qBA8dLZ94LAGn8MIDSc3cbFjTLIEcfrMXi8 M6LabC9hDuVu =rFgz -----END PGP SIGNATURE-----
--- End Message ---
