Your message dated Tue, 02 Apr 2024 20:33:09 +0000
with message-id <e1rrkof-001dx2...@fasolo.debian.org>
and subject line Bug#1067849: fixed in util-linux 2.36.1-8+deb11u2
has caused the Debian Bug report #1067849,
regarding util-linux: CVE-2024-28085: wall: escape sequence injection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1067849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067849
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: util-linux
Version: 2.39.3-11
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 2.38.1-5
Control: found -1 2.36.1-8+deb11u1
Control: found -1 2.36.1-8
Control: found -1 2.33.1-0.1
Hi,
The following vulnerability was published for util-linux.
CVE-2024-28085[0]:
| escape sequence injection in wall
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-28085
https://www.cve.org/CVERecord?id=CVE-2024-28085
[1] https://www.openwall.com/lists/oss-security/2024/03/27/5
[2] https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
[3] https://github.com/skyler-ferrante/CVE-2024-28085
Regards,
Salvatore
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-18-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
--- End Message ---
--- Begin Message ---
Source: util-linux
Source-Version: 2.36.1-8+deb11u2
Done: Chris Hofstaedtler <z...@debian.org>
We believe that the bug you reported is fixed in the latest version of
util-linux, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <z...@debian.org> (supplier of updated util-linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 28 Mar 2024 11:09:40 +0100
Source: util-linux
Architecture: source
Version: 2.36.1-8+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: util-linux packagers <util-li...@packages.debian.org>
Changed-By: Chris Hofstaedtler <z...@debian.org>
Closes: 1067849
Changes:
util-linux (2.36.1-8+deb11u2) bullseye-security; urgency=high
.
* d/gbp.conf: update for stable release
* Add upstream patches to fix CVE-2024-28085 (Closes: #1067849)
* No longer install wall, write setgid tty to address CVE-2024-28085
Checksums-Sha1:
f810388ed84976999fabbf49173bbec13f151e66 4306 util-linux_2.36.1-8+deb11u2.dsc
472c45dcb65e1ddc4687e808e3ebe5a308f8fbae 106524
util-linux_2.36.1-8+deb11u2.debian.tar.xz
5fe5251010b33fa2b9216461a891ef47f7779e2f 18966
util-linux_2.36.1-8+deb11u2_arm64.buildinfo
Checksums-Sha256:
16cfb1bc4d0a52f5edf2c78b5e022bb1fc180f03b93a5094b5c420a0d8d4431a 4306
util-linux_2.36.1-8+deb11u2.dsc
0b07fbb79e1dab3be2568295664af950a7c3e589ce7821febf2ab0a3ccbe4862 106524
util-linux_2.36.1-8+deb11u2.debian.tar.xz
4f03b0edcb15aec39bca17f9fdd9a668af59bbf3b51d0a61d6f8f3b896c0de57 18966
util-linux_2.36.1-8+deb11u2_arm64.buildinfo
Files:
1e70bcd412d9ad7ff8bb1f2458782fec 4306 base required
util-linux_2.36.1-8+deb11u2.dsc
b88fa53fa6422a3a64743166a23384e5 106524 base required
util-linux_2.36.1-8+deb11u2.debian.tar.xz
47b9a361c456edbf3d95a6f5e395e5ed 18966 base required
util-linux_2.36.1-8+deb11u2_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmYFQ5YACgkQXBPW25MF
LgPaPA//TpX7f7WxWEGgyvWlBDt8KTuBM6uzvkOJ+od+1/tiAMSHM8f9kNmK8uA1
KLkmh1owP9j24wdfu9BMXwMF1jwQkbBh9WPaADRGvG6biIWR0O3VdMTlJZFNgzYI
0RwPvLw9D9L9urbqqoK2/kOarApjKb93+GhQiMfX/ejBcvQV9BObik+OvX2ONFkS
STW9bomWRq8UOsK97mdR/sdplgc6lSUzakd7WWhixjlMAG/uuX+5m/JAeDyNt28B
F2byGErcP+0BlqO9xD7NyOQmhcx7Alak8wMTsDTw4aBu2PSAdPZ/d4cJpQ7U80RN
zrEH1Lm2JDm3relIJxCQutY3cf+o94w73dE1JR9C2y2h9VMLF8v/gSG7hzIlyI46
oqhSrxCcQadn4wk+etYV1ho4fopPKcMZUuf7e5AENpAaCxYiVQvw4UIFrlm6d4WB
TvIf+Zwb+P2NumWB4nv+KH/hwZgfyfCw9OhSwleCKZY9X3Khm/Wm5YSV/m3vrHQ/
VItUVIpvhzO0fMmK+X7fu16DX4yJfHXVgoRIGRNf0gwnCa3HwAEZQMelRHwWFnj0
5tPD1R0uAD/WYSehLdOayK5PsT8yClj1Uj5g+cq8d9nopWPQYVCROKnJPGzVGD9N
9I/us6FoxVF8aRrn79gnqaKCk29T9VzUYMXULVkZ+bN6JiFcfJA=
=iZeC
-----END PGP SIGNATURE-----
pgppXs9a0bp7i.pgp
Description: PGP signature
--- End Message ---
