Bug#298166: marked as done (kernel-patch-grsecurity2: Security bug found in grsecurity (probably locally exploitable))

Sat, 05 Mar 2005 07:54:55 -0800 

Your message dated Sat, 05 Mar 2005 10:32:15 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#298166: fixed in kernel-patch-grsecurity2 2.1.2-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Mar 2005 09:50:11 +0000
>From [EMAIL PROTECTED] Sat Mar 05 01:50:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from openbsd.xs4all.nl (router.cacholong.nl) [80.126.240.96] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1D7VvH-0006b9-00; Sat, 05 Mar 2005 01:50:11 -0800
Received: from localhost (localhost [127.0.0.1])
        by router.cacholong.nl (Postfix) with ESMTP id D2BFF7F38
        for <[EMAIL PROTECTED]>; Sat,  5 Mar 2005 10:50:08 +0100 (CET)
Received: from router.cacholong.nl ([127.0.0.1])
        by localhost (jgc.homeip.net [127.0.0.1]) (amavisd-new, port 10024)
        with LMTP id 20717-07; Sat, 5 Mar 2005 10:50:00 +0100 (CET)
Received: from router.cacholong.nl (localhost [127.0.0.1])
        by router.cacholong.nl (Postfix) with ESMTP id 7FCF0858;
        Sat,  5 Mar 2005 10:50:00 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Matthijs Mohlmann <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: kernel-patch-grsecurity2: Security bug found in grsecurity (probably 
locally
 exploitable)
X-Mailer: reportbug 3.8
Date: Sat, 05 Mar 2005 10:49:59 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at jgc.homeip.net
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kernel-patch-grsecurity2
Severity: critical
Tags: security
Justification: root security hole

Hi,

There is a bug found in the grsecurity kernel patch. There is a new
upstream version available what fixes this problem.

Please see:
http://grsecurity.net/pipermail/grsecurity/2005-March/000272.html

Regards,

Matthijs Mohlmann

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

---------------------------------------
Received: (at 298166-close) by bugs.debian.org; 5 Mar 2005 15:38:05 +0000
>From [EMAIL PROTECTED] Sat Mar 05 07:38:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1D7bLx-0001Ig-00; Sat, 05 Mar 2005 07:38:05 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1D7bGJ-0004iN-00; Sat, 05 Mar 2005 10:32:15 -0500
From: Laszlo Boszormenyi (GCS) <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#298166: fixed in kernel-patch-grsecurity2 2.1.2-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 05 Mar 2005 10:32:15 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: kernel-patch-grsecurity2
Source-Version: 2.1.2-1

We believe that the bug you reported is fixed in the latest version of
kernel-patch-grsecurity2, which is due to be installed in the Debian FTP 
archive:

kernel-patch-grsecurity2_2.1.2-1.diff.gz
  to 
pool/main/k/kernel-patch-grsecurity2/kernel-patch-grsecurity2_2.1.2-1.diff.gz
kernel-patch-grsecurity2_2.1.2-1.dsc
  to pool/main/k/kernel-patch-grsecurity2/kernel-patch-grsecurity2_2.1.2-1.dsc
kernel-patch-grsecurity2_2.1.2-1_all.deb
  to 
pool/main/k/kernel-patch-grsecurity2/kernel-patch-grsecurity2_2.1.2-1_all.deb
kernel-patch-grsecurity2_2.1.2.orig.tar.gz
  to 
pool/main/k/kernel-patch-grsecurity2/kernel-patch-grsecurity2_2.1.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[EMAIL PROTECTED]> (supplier of updated 
kernel-patch-grsecurity2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  5 Mar 2005 11:18:14 +0100
Source: kernel-patch-grsecurity2
Binary: kernel-patch-grsecurity2
Architecture: source all
Version: 2.1.2-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[EMAIL PROTECTED]>
Changed-By: Laszlo Boszormenyi (GCS) <[EMAIL PROTECTED]>
Description: 
 kernel-patch-grsecurity2 - grsecurity kernel patch - new major upstream version
Closes: 298166
Changes: 
 kernel-patch-grsecurity2 (2.1.2-1) unstable; urgency=high
 .
   * SECURITY upstream release, because the included PaX patch contains
      a local (and maybe remote) root exploit possibility (closes: #298166).
      Also upstream decided to stop developing PaX from April 1st.
Files: 
 2e2f9970cd47474df25182ab44787ded 656 devel extra 
kernel-patch-grsecurity2_2.1.2-1.dsc
 fd7617ac15986d5a18d0e6e3f33ab570 1735980 devel extra 
kernel-patch-grsecurity2_2.1.2.orig.tar.gz
 9a9ceea125f9d7c1701e06a21f0539e3 8930 devel extra 
kernel-patch-grsecurity2_2.1.2-1.diff.gz
 bc3714f212a14cbb23db8b554c8a6f24 1695884 devel extra 
kernel-patch-grsecurity2_2.1.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCKc1RMDatjqUaT90RAhlOAJ0UkXTFvzO3bRMkVpJVuAoNLflcPgCfcFhp
HXpLu7C8qaLasidK/EOVvKg=
=PwhM
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to