Your message dated Sun, 02 Sep 2018 20:47:11 +0000 with message-id <e1fwzh5-0009kz...@fasolo.debian.org> and subject line Bug#906308: fixed in libcgroup 0.41-8+deb9u1 has caused the Debian Bug report #906308, regarding CVE-2018-14348 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 906308: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906308 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libcgroup Severity: grave Tags: security This was assigned CVE-2018-14348: https://bugzilla.suse.com/show_bug.cgi?id=1100365 (cgred seems to be cgrulesengd in Debian) Patch: https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/ Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libcgroup Source-Version: 0.41-8+deb9u1 We believe that the bug you reported is fixed in the latest version of libcgroup, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 906...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated libcgroup package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 Aug 2018 23:10:45 +0200 Source: libcgroup Binary: cgroup-tools libcgroup1 libcgroup-dev libpam-cgroup cgroup-bin Architecture: source all amd64 Version: 0.41-8+deb9u1 Distribution: stretch Urgency: high Maintainer: Christian Kastner <c...@debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: cgroup-bin - control and monitor control groups (transitional package) cgroup-tools - control and monitor control groups (tools) libcgroup-dev - control and monitor control groups (development) libcgroup1 - control and monitor control groups (library) libpam-cgroup - control and monitor control groups (PAM) Closes: 906308 Changes: libcgroup (0.41-8+deb9u1) stretch; urgency=high . * Non-maintainer upload. * Fix CVE-2018-14348: The cgrulesengd daemon in libcgroup creates log files with world readable and writable permissions due to a reset of the file mode creation mask (umask(0)). (Closes: #906308) Checksums-Sha1: 14b2867b089e4fce9d3b6daaf87b238101ba15cd 2327 libcgroup_0.41-8+deb9u1.dsc 20161d5e0c4b83dbf0e9768f67f8be4395ed47dd 16672 libcgroup_0.41-8+deb9u1.debian.tar.xz 97574b51adfa64545033f9d5ea07d3c1d9ed36ec 6838 cgroup-bin_0.41-8+deb9u1_all.deb 83f4eece8c32b018f5f706d9ae91495a80247107 150892 cgroup-tools-dbgsym_0.41-8+deb9u1_amd64.deb 52ee10bb4daf36c698b3feae014a7764ca0fe1a5 68916 cgroup-tools_0.41-8+deb9u1_amd64.deb aaafd1c522d7fd463b20899adc3a71bf000457e1 20186 libcgroup-dev_0.41-8+deb9u1_amd64.deb e40ef9754cce7b4b6e27be7bd0543ecd8129ca6e 91470 libcgroup1-dbgsym_0.41-8+deb9u1_amd64.deb 5bdd25ab9bf2d53389a9925a2e6cf28089807ec1 44784 libcgroup1_0.41-8+deb9u1_amd64.deb 39758bb1ba12995a955a9983c7c3849c8e684ae2 8034 libcgroup_0.41-8+deb9u1_amd64.buildinfo 5e969153c33edf83723338838d933184ee82280e 4936 libpam-cgroup-dbgsym_0.41-8+deb9u1_amd64.deb 28237c56292c47042512b88b908cba90b571d6ce 9150 libpam-cgroup_0.41-8+deb9u1_amd64.deb Checksums-Sha256: b4796e907c4fa5b4b64f700cc6ad1875bd600227ec95f37cfb8c55d69ee17377 2327 libcgroup_0.41-8+deb9u1.dsc c426122003b2e492e30a2f4dd6df6f81aa718f326b4a0866de9af272fc2822b1 16672 libcgroup_0.41-8+deb9u1.debian.tar.xz 2c1a4fea0563e20d532ffa0c73bfb42e0924c5feb01616b7da59a5ab8f97da92 6838 cgroup-bin_0.41-8+deb9u1_all.deb 4a4d92c1d0f48b3d3ec2094fb3a3ba1709c9aa379bf9f40bda8cdae5fffad74c 150892 cgroup-tools-dbgsym_0.41-8+deb9u1_amd64.deb 3ec68d335d5dea2044ef063478cac6f588f1b4bfe9ce760b696245d621d41748 68916 cgroup-tools_0.41-8+deb9u1_amd64.deb 98129fc899974999c3d64b1a1cee2e7b0206f68cd372611b4c2c8be34102e710 20186 libcgroup-dev_0.41-8+deb9u1_amd64.deb 0388031b60dbd2333bc2ef6c0acad1b1977211ef53877a3ed9b24f70b8474ac5 91470 libcgroup1-dbgsym_0.41-8+deb9u1_amd64.deb 9ebf7a353a27f3f865f8baf2eafc27c2ceb7dd704f9cfa59e202a57f168362b8 44784 libcgroup1_0.41-8+deb9u1_amd64.deb adf6ebfa1e156143e6b77f9e5651924cc3c3bf1c83d5c78997f281bd65fb91cb 8034 libcgroup_0.41-8+deb9u1_amd64.buildinfo 807690bcf816e79d0e83126ecba51d93ede33eb0fbb4af5ce5b42065e714f88c 4936 libpam-cgroup-dbgsym_0.41-8+deb9u1_amd64.deb 8d703b81de31095017570047e2f5b098c1c6aec9bb2084f267df62dd80d1c327 9150 libpam-cgroup_0.41-8+deb9u1_amd64.deb Files: d425ea8010b647c953ee012723b80877 2327 libs optional libcgroup_0.41-8+deb9u1.dsc 1bad78ce99cd596d6acf1ba4a798983d 16672 libs optional libcgroup_0.41-8+deb9u1.debian.tar.xz 624064093539e943e608f10fb5687cf8 6838 oldlibs extra cgroup-bin_0.41-8+deb9u1_all.deb 068b5cc76b302c903ed12efb519a9155 150892 debug extra cgroup-tools-dbgsym_0.41-8+deb9u1_amd64.deb c25c42f6b80d756f0cf00503f78a8db3 68916 admin optional cgroup-tools_0.41-8+deb9u1_amd64.deb 463bba42d9a7a1728da883f9c6a79b3a 20186 libdevel optional libcgroup-dev_0.41-8+deb9u1_amd64.deb b86a69b2a0eb3c24897ff8b1882e7add 91470 debug extra libcgroup1-dbgsym_0.41-8+deb9u1_amd64.deb 2270bb0e9aa360f09a91e287b88d6b18 44784 libs optional libcgroup1_0.41-8+deb9u1_amd64.deb a544293e63ffc96ca7c24c31138b68e7 8034 libs optional libcgroup_0.41-8+deb9u1_amd64.buildinfo b4ab5f36ebfeacb7f2c104e1144e86f5 4936 debug extra libpam-cgroup-dbgsym_0.41-8+deb9u1_amd64.deb 7c703c0cd7bea3ef11c5ccfa1a192e22 9150 admin optional libpam-cgroup_0.41-8+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluD0SlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkTXIQAKfMPyKeLdmWOwBrzWzAxCAn54CPgcySVFy3 Dn0EFcyW21eIrRpbaoCOrZ5j/A+Y6A0kFKbm/ZJs2AbYob546Dj9HUHZTW1zTt2F ZzXikPS6MQ+j7YWyzJcz30BoGbPnOBj27DvG4APWUGb+/UxIPlaxYo0OTa5OEEH7 wlVS5dhpf2GouDkbCC5G6mO8WxvT2RbB7gL+HFFLCP6I3jLRRN6BKmHoe/z+xrfC PpkBtxj4rZvwGj75Sru5FTDtLJo/toYoSk1oX/VHnAyoJsF+u/E8epAozUmVy/fG Gsd84Cb+FFFWRiCVcXizM7MvZZcAimRO4aP/BubX5MIUhJX4LQBLHB2/Z9CY/Fu6 FEmlUd3FxbjBGIjKoqxRvO1CXZ28y/9beDa5b6+lJ+I8QsFfVqSOfcd3OU8zXMiN sRzIb5QHft1OVL9A7DDzo3sgAKmp/MJ31sorSnAjkEmULEHWodyY5j3y7RyeWi7G atZuQg2IAtj01Hy/VVyQAiY931UE2ZDJO7+HIKvw41QxeIm13JcBARtd6zssO0Gv 1g1jiaUtFT4BtRHKfoRUf/IU/Jjk6bSA+pVtA8w8d7EjqCrbCvdmCO/A3M9TAtAW Q7yhfXJAV3+HSHMS2KPHTWq3xAoqxfj6kZUzJv20tt36FkReQkcl1zqVNwOSTDbU SHpzi7WX =f1Hf -----END PGP SIGNATURE-----
--- End Message ---
