Your message dated Sun, 19 Aug 2018 21:49:17 +0000 with message-id <e1frvzv-00061q...@fasolo.debian.org> and subject line Bug#906308: fixed in libcgroup 0.41-8.1 has caused the Debian Bug report #906308, regarding CVE-2018-14348 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 906308: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906308 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libcgroup Severity: grave Tags: security This was assigned CVE-2018-14348: https://bugzilla.suse.com/show_bug.cgi?id=1100365 (cgred seems to be cgrulesengd in Debian) Patch: https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/ Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libcgroup Source-Version: 0.41-8.1 We believe that the bug you reported is fixed in the latest version of libcgroup, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 906...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated libcgroup package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 Aug 2018 23:10:45 +0200 Source: libcgroup Binary: cgroup-tools libcgroup1 libcgroup-dev libpam-cgroup cgroup-bin Architecture: source Version: 0.41-8.1 Distribution: unstable Urgency: high Maintainer: Christian Kastner <c...@debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: cgroup-bin - control and monitor control groups (transitional package) cgroup-tools - control and monitor control groups (tools) libcgroup-dev - control and monitor control groups (development) libcgroup1 - control and monitor control groups (library) libpam-cgroup - control and monitor control groups (PAM) Closes: 906308 Changes: libcgroup (0.41-8.1) unstable; urgency=high . * Non-maintainer upload. * Fix CVE-2018-14348: It was discovered that the cgrulesengd daemon would create a log file which would allow any user to write to it. (Closes: #906308) Checksums-Sha1: 10faeaf81643fe61e77d247d4732106730f99808 2307 libcgroup_0.41-8.1.dsc 938167fdf1c619461ec081457942bc2860845b7e 16624 libcgroup_0.41-8.1.debian.tar.xz f5a47776c7f2f722abcc79f83eba1b35b94971d8 7714 libcgroup_0.41-8.1_amd64.buildinfo Checksums-Sha256: 235b9d1af793999747107d57a4227542b3face7076e2b3d3802e3e0eb6c16073 2307 libcgroup_0.41-8.1.dsc 5d7cc170ab02692b94bb080428cf92d360187777614584e3786a2e83af4abe12 16624 libcgroup_0.41-8.1.debian.tar.xz 93663d2f144d32f447ef2eee0e67a55df67dabf5d8a684662c08876570d14668 7714 libcgroup_0.41-8.1_amd64.buildinfo Files: ea85b13472360ea0d44c4df58056692e 2307 libs optional libcgroup_0.41-8.1.dsc 49de12c66bdf1c8ecacd398f849e6e8d 16624 libs optional libcgroup_0.41-8.1.debian.tar.xz 07ff91267c9ec3abc0d1de3623ad1b17 7714 libs optional libcgroup_0.41-8.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlt54aVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkZwkQALRx+hrvRVe5aaRV7Pb+sjcmcB/1xdMHruio YkD6WQalwc/URUs83YOVg5nRz6lbW3Xvx61KujWG/swryWKEWcw8LBMWptS4rynC UbwzPTB0FKYMZlxZ06KXbijJD2a8KJlsi4GEfn4n3pkBggxGauerX/ROb5Yj579M SAWPSM7uiL3unyFxKNoDIt0thZHDRXzsw/p//Qfai3mWwUeSJoFI28LWskrtmED8 OZyNnZHmkVZOuJaiYcBTt/8nUA+iDemSGvFtaMFCI0P4/4OIfFOLM/XxKgWn1nS5 C6cZmETJZEg8KRyGIitrqj/jqvOyOclmXXESzTQh91eNvHF4yoN9V+PEUw/EuJhQ TSk6hTlJiCMdYAWY9q4kOYPIvGcW9h8h9yeMA2CL5a+PJes0Z+dzyOZmKUpOleSU nPdAJW46P7lTUtxPzCJBRq4M5bgpCRYjkg0+k75VLiBVzlPsbym2Jf8LU3YTZTqP JC30OYIqlfP2Rtle8r2UNFAuwUIkYxzlZSxdiLUWvvQMm5wbJ06YoBAPU2LAE6Wq W/qv7MnaC79NGpMC0ZRun8+mAHCVSQvGv2fGA41rYmZ4vIirqyJzUJFemTxBbOjT JkhBKnydQIipsY/rkF/SIcNkOv1eRUDyuLktS//xm4ffcjCvfA2xT+T8z/bZABbr +FH6v/aN =fSG+ -----END PGP SIGNATURE-----
--- End Message ---
