Your message dated Sun, 27 Apr 2008 14:02:10 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#478133: fixed in linux-patch-grsecurity2
2.1.11+2.6.24.5+200804211829-1
has caused the Debian Bug report #478133,
regarding linux-patch-grsecurity2: CVE-2008-1940 security restriction bypass
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
478133: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478133
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: linux-patch-grsecurity2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for linux-patch-grsecurity2.
CVE-2008-1940[0]:
| The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and
| 2.1.11-2.4.36.2 does not enforce user_transition_deny and
| user_transition_allow rules for the (1) sys_setfsuid and (2)
| sys_setfsgid calls, which allows local users to bypass restrictions
| for those calls.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1940
http://security-tracker.debian.net/tracker/CVE-2008-1940
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpiajlJGVlEV.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: linux-patch-grsecurity2
Source-Version: 2.1.11+2.6.24.5+200804211829-1
We believe that the bug you reported is fixed in the latest version of
linux-patch-grsecurity2, which is due to be installed in the Debian FTP archive:
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.diff.gz
to
pool/main/l/linux-patch-grsecurity2/linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.diff.gz
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.dsc
to
pool/main/l/linux-patch-grsecurity2/linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.dsc
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1_all.deb
to
pool/main/l/linux-patch-grsecurity2/linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1_all.deb
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829.orig.tar.gz
to
pool/main/l/linux-patch-grsecurity2/linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[EMAIL PROTECTED]> (supplier of updated
linux-patch-grsecurity2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 27 Apr 2008 15:39:50 +0200
Source: linux-patch-grsecurity2
Binary: linux-patch-grsecurity2
Architecture: source all
Version: 2.1.11+2.6.24.5+200804211829-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[EMAIL PROTECTED]>
Changed-By: Laszlo Boszormenyi (GCS) <[EMAIL PROTECTED]>
Description:
linux-patch-grsecurity2 - grsecurity kernel patch - new major upstream version
Closes: 478133
Changes:
linux-patch-grsecurity2 (2.1.11+2.6.24.5+200804211829-1) unstable; urgency=high
.
* New upstream release, fixing CVE-2008-1940 (closes: #478133).
Checksums-Sha1:
7e58d2b85ba29871eb949a0176b36d78adc5a726 1314
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.dsc
b18cddacf77c7f817b82ec86a367fb4da3142ebd 603693
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829.orig.tar.gz
4cfbf0aa9edb309f0b4577cc04661f5c582c7434 18551
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.diff.gz
cf5385d437ab8ad2a66df5e491f263a9344f40a3 281216
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1_all.deb
Checksums-Sha256:
f0be2b171643869c7003c7ddea45bb602585ae15f14150dd15a0415a8b54b52f 1314
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.dsc
20ddc9ff41a269b60e075d761da722c3198644b5befef197b947b2b1a2571964 603693
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829.orig.tar.gz
f85a5f7308edfb4839b3af7205e535502863268623c232ca07d74fd4daeb5291 18551
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.diff.gz
8dc4875222b5c71a6a6e94e3939d6237b534d5554ac8b1df2f4fe805201e9723 281216
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1_all.deb
Files:
37f7aeb519527f5483e664e3a31b124f 1314 devel extra
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.dsc
b768d37f7cf2be5a6e34de4e9496b5b9 603693 devel extra
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829.orig.tar.gz
917e105ccc4c9d76b9b15dbdbabf157b 18551 devel extra
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.diff.gz
5943f0e42161d54d5a322e4b48700b38 281216 devel extra
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkgUhFoACgkQMDatjqUaT90/TgCgrsfq1ADdYB3DO9WaxkTahFoo
XmsAnA0Ooigb5vVE+3k91uqRS81C3nrS
=fS4Z
-----END PGP SIGNATURE-----
--- End Message ---
