Your message dated Wed, 13 Feb 2019 20:54:09 +0000 with message-id <e1gu1xl-0006t6...@fasolo.debian.org> and subject line Bug#852094: fixed in hesiod 3.2.1-3.1 has caused the Debian Bug report #852094, regarding hesiod: CVE-2016-10151: Weak SUID check allowing privilege elevation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 852094: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852094 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: hesiod Version: 3.2.1-3 Severity: important Tags: upstream security Forwarded: https://github.com/achernya/hesiod/pull/9 Hi, the following vulnerability was published for hesiod. CVE-2016-10151[0]: Weak SUID check allowing privilege elevation If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10151 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10151 [1] https://github.com/achernya/hesiod/pull/9 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1332508 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: hesiod Source-Version: 3.2.1-3.1 We believe that the bug you reported is fixed in the latest version of hesiod, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 852...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dr. Tobias Quathamer <to...@debian.org> (supplier of updated hesiod package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 13 Feb 2019 21:31:25 +0100 Source: hesiod Architecture: source Version: 3.2.1-3.1 Distribution: unstable Urgency: medium Maintainer: Karl Ramm <k...@debian.org> Changed-By: Dr. Tobias Quathamer <to...@debian.org> Closes: 852093 852094 Changes: hesiod (3.2.1-3.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2016-10151: Use secure_getenv() when it's available. Factor out logic that attempts to only consult the environment when it's safe to do so into its own function, and use secure_getenv() instead of getenv() if it's available. Closes: #852094 * CVE-2016-10152: Remove hard-coded defaults for LHS and RHS. Don't fall back to using a default LHS or RHS when the configuration file can't be read. Instead, return an error. Closes: #852093 Checksums-Sha1: 0f598e7bd596ba276ca12f5aa11f50e83a89524e 1985 hesiod_3.2.1-3.1.dsc ceb5e394a13fb4f9f3b5cfee390795b3ea2f22f3 20076 hesiod_3.2.1-3.1.debian.tar.xz 916ac3f5a8053247713dd0b0011d6cd3d4d282cc 6537 hesiod_3.2.1-3.1_amd64.buildinfo Checksums-Sha256: e0d6561b6a9e0e75e27bb2e9ab8c7efaa29b3cba86026d83e719df35950dfa6a 1985 hesiod_3.2.1-3.1.dsc 7f5a1722b8c1b7e8a0b5c26931e63587d4bd7d58fe9a22f8215ee70f3fdcbcb9 20076 hesiod_3.2.1-3.1.debian.tar.xz 9e92f99cc51809c055582403516241ffcfa90d21d1785623d0cfcae33ecac660 6537 hesiod_3.2.1-3.1_amd64.buildinfo Files: 1c113321f84eb70389e4fcf11f29a33e 1985 libs extra hesiod_3.2.1-3.1.dsc c52eb1e1aa35db82553847cfa141d7d2 20076 libs extra hesiod_3.2.1-3.1.debian.tar.xz c3049e055481e5b0af01f36c2b7fa178 6537 libs extra hesiod_3.2.1-3.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAlxkf/wACgkQEwLx8Dbr 6xk9MA/7BBhzIZHtgCmSWfNSF0MSXisY8uvcaMyZQDwgr+ibvWxVWolvBVGRf7iu ntQgna+4CeX04svQ258ktgFWmpyRS1mmrrdQ4rRaPYJs3Qvt5DTy4cKu39hqKfyW 8QliFrE1g5ioMv9J4SUG3php8IssYAXKon74f+QiK6NhZXVPo/93A1ACxQCGuMl2 Mc6fRDUztJou5UyxKsphzgiRNwLkvJaU8yc6cnetqkTn6j8GdivhwFlECfqJnmsb FokFtIzNUOLqxpiQvbc61k7RkhrxhFUHyx2rvCBkp8vgkGjrWmzdaZ9fBippx9wE lAEo5FPXAVjjot0y6voQRdIa8etoHWG7GVWafWJB85Kzl18o/c6uHpvEDgAwmQlr FIycuJiHFhALCZcxpo2DlwBfzv4cZUKPl/h5ExbCkOcq0qNaaWSWYeiH+I3yDbtb NLg3wlTswgBQK52uTYmoAqNkuCHVqZIIv51S68H+JsIrxW+i3bjPBlJ8cQxxoofx aJbN+vt6sHfXdoKBl01ycca+1L5ly7Gnyr0uX042c7xYhIbSHQ5r5jYUEfGGNfeC V0XfybSQmOslM412OnQqzhDGsbw0ARVPvmIeM6Zb0aH1yyG1pYom5DLGGJyxu8qI KXeANh7oouGLvb18+R3MnYJq5AuFYZQGizRm3YcqrRJLU5Z+Lw8= =SRe0 -----END PGP SIGNATURE-----
--- End Message ---
