Your message dated Sun, 03 May 2020 22:17:10 +0000 with message-id <e1jvmv8-0006qz...@fasolo.debian.org> and subject line Bug#950732: fixed in systemd 241-7~deb10u4 has caused the Debian Bug report #950732, regarding systemd: CVE-2020-1712 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 950732: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950732 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: systemd Version: 244.1-3 Severity: grave Tags: security upstream Control: found -1 244.1-1 Control: found -1 241-7~deb10u3 Control: found -1 241-7 Control: found -1 232-25+deb9u12 Control: found -1 232-25 Hi, The following vulnerability was published for systemd, filling bug to track the issue in BTS. Raised severity to RC, although the question on DSA/no-dsa can be handled ortogonal to it. CVE-2020-1712[0]: heap use-after-free vulnerability If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-1712 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1794578 [2] https://www.openwall.com/lists/oss-security/2020/02/05/1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: systemd Source-Version: 241-7~deb10u4 Done: Michael Biebl <bi...@debian.org> We believe that the bug you reported is fixed in the latest version of systemd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 950...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <bi...@debian.org> (supplier of updated systemd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 27 Apr 2020 19:02:57 +0200 Source: systemd Architecture: source Version: 241-7~deb10u4 Distribution: buster Urgency: medium Maintainer: Debian systemd Maintainers <pkg-systemd-maintain...@lists.alioth.debian.org> Changed-By: Michael Biebl <bi...@debian.org> Closes: 950732 958397 Changes: systemd (241-7~deb10u4) buster; urgency=medium . * polkit: when authorizing via PolicyKit re-resolve callback/userdata instead of caching it. This fixes a heap use-after-free vulnerability in systemd, when asynchronous PolicyKit queries are performed while handling DBus messages. CVE-2020-1712 (Closes: #950732) * Install 60-block.rules in udev-udeb and initramfs-tools. The block device rules were split out from 60-persistent-storage.rules into its own rules file in v220. Those rules ensure that change events are emitted and the udev db is updated after metadata changes. Thanks to Pascal Hambourg (Closes: #958397) Checksums-Sha1: 55c6d1efa1c356fd76c56693cc94e7cb8fcf83eb 4946 systemd_241-7~deb10u4.dsc d4edb2a41c3d9118f78f61ce952d2a596b6a5b65 178136 systemd_241-7~deb10u4.debian.tar.xz 9791b2f065b1fd237afd6ed09f82dd5678aee675 9604 systemd_241-7~deb10u4_source.buildinfo Checksums-Sha256: 52707608012c7b13d19ebbbfff704311e33f884f0f843811874e266dcf2faf71 4946 systemd_241-7~deb10u4.dsc ff8ed4b3d9c30e14659278f17ea4cfc63c4b1af199a98a861abc670dfdd991cb 178136 systemd_241-7~deb10u4.debian.tar.xz 9cd296783f54a53cd4d2dbf3b6c4162c6954dd285ae618c1d38e9068fd9c1641 9604 systemd_241-7~deb10u4_source.buildinfo Files: 61bf9451731e89f5d1f49e1dc21cc03a 4946 admin optional systemd_241-7~deb10u4.dsc ba10bef547696afbd8d74de6d6dba906 178136 admin optional systemd_241-7~deb10u4.debian.tar.xz adf71820386174321190eeacdfee0a3c 9604 admin optional systemd_241-7~deb10u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAl6spgsACgkQauHfDWCP ItwD9A/9H7VMFIg5ac+h+olTFIsC52rrWpHV1fjkaVt4NsEEw8Tpndq56SV3AJWU d5QtkNw9E3MotZvijEwBkVrrzoBuDXEPlYffrjMaIma0MA6jiHvfzCqpLTNSVFuL xcatsbsl59VR8FrBmv0IACNngGXQ4R3jvsPB1JLN1DZqsbanUhj8hYNfqJtK8eGY d+eCx1dNJpaX7E9i1zosyhHlrk/MPTzwTbYExQGsKPDRWuFn7IAIMupEZlPV2dFK 9wsJzCNL0m7X+TeA9gJ2VCjctE+nWgXDIHQTSwgjasNgAlFmuMp+gAMF1u6yY/jx LJB3/atcjyxXo/8I4OcRbsr3cydqJ8tEUkGhv6Z1NnZTFubJC917MS2uilbw2QLi cTmnQgJYT61bFfTJtr2XMj8rj6HlO18LR1ivIZ9m0s2+brErBQaYQoWXhLPnI6mu XKBswNmT6TnvL65e3veCHsanNSt0tjghLAvjf1yUNCNtp4jj+bVh4XYw++VEmpHR eNeW9AW1bcIrj85m49+SxtzUb2EgFR8KtxiMqa2Oc4cHWT6MOKVPlr72HHNUq4jg zSB5bmb/R+bh/5oqvNqiWqE/upeRqVVVGh1aDhZNSvPTcx+TIwSlBlviBtX+ApNn ZvAk8+tI95YPPCSXkTYswU16zWx1dRkT7qN28XZWMMsBADzhIlU= =8pf1 -----END PGP SIGNATURE-----
--- End Message ---
