Your message dated Sun, 06 Jun 2021 19:33:28 +0000 with message-id <e1lpyww-0007tt...@fasolo.debian.org> and subject line Bug#987149: fixed in xscreensaver 5.45+dfsg1-2 has caused the Debian Bug report #987149, regarding xscreensaver: CVE-2021-31523: allows starting external programs with cap_net_raw to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 987149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987149 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: xscreensaver Version: 5.45+dfsg1-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi Filling for tracking in the BTS as well. For full public reference see: https://www.openwall.com/lists/oss-security/2021/04/17/1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: xscreensaver Source-Version: 5.45+dfsg1-2 Done: Tormod Volden <debian.tor...@gmail.com> We believe that the bug you reported is fixed in the latest version of xscreensaver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 987...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tormod Volden <debian.tor...@gmail.com> (supplier of updated xscreensaver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 06 Jun 2021 12:25:19 +0200 Source: xscreensaver Architecture: source Version: 5.45+dfsg1-2 Distribution: unstable Urgency: medium Maintainer: Tormod Volden <debian.tor...@gmail.com> Changed-By: Tormod Volden <debian.tor...@gmail.com> Closes: 978086 978589 979562 987149 988158 989508 Changes: xscreensaver (5.45+dfsg1-2) unstable; urgency=medium . * Do not assign raw net capability to "sonar" hack due to a security vulnerability in mesa (Closes: #987149) * Make sure is systemd unit is disabled if upgrading from previous two releases (Closes: #978589) * Do not enable screensaver on login screen (Closes: #979562, #988158) * Recommend needed font for unlock dialog (Closes: #978086) * Apply fix for crash on video output disconnection (Closes: #989508) Checksums-Sha1: 712747a19622291c84d779bb8d7ba9318390a048 2426 xscreensaver_5.45+dfsg1-2.dsc ec88d7ecc18d3c5ae3e51081f11203700bb365e2 77792 xscreensaver_5.45+dfsg1-2.debian.tar.xz Checksums-Sha256: f70adafc75842a80caf19d7fbec1c805069a3ab6df2613d975a9d93865ca76d9 2426 xscreensaver_5.45+dfsg1-2.dsc ecd4ac58f5f0dacb677d9fd74e591b38ada0180bf62fae7b65c36c33107655f4 77792 xscreensaver_5.45+dfsg1-2.debian.tar.xz Files: c97882e1f460f7f0f6a08d6d736a72eb 2426 x11 optional xscreensaver_5.45+dfsg1-2.dsc 89812a87b18b82251f31a8ffe97d41d4 77792 x11 optional xscreensaver_5.45+dfsg1-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCYL0h/AAKCRDoRGtKyMdy YW0pAQCRC5OGzAa890TyDMFDXSEdaPEKRul8jdEGHOEnQvRYuAEAtErKSiab9QwY DcVLkiPvRkZOBMXZQfURjp6yUPYbbAA= =qSal -----END PGP SIGNATURE-----
--- End Message ---
