Bug#567633: marked as done (race condition in fusermount)

Wed, 17 Feb 2010 23:55:56 -0800 

Your message dated Thu, 18 Feb 2010 07:53:24 +0000
with message-id <e1ni1co-0004vf...@ries.debian.org>
and subject line Bug#567633: fixed in fuse 2.5.3-4.4+etch1
has caused the Debian Bug report #567633,
regarding race condition in fusermount
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
567633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567633
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: fuse-utils
Severity: grave
Tags: security

fuse 2.8.2 fixes a race condition if two fusermount -u instances
are run in paralell, which allows local privilege escalation.

This issue was discovered by Dan Rosenberg.

Cheers,
        Moritz


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages fuse-utils depends on:
ii  adduser                       3.112      add and remove users and groups
ii  libc6                         2.10.2-5   Embedded GNU C Library: Shared lib
pn  libfuse2                      <none>     (no description available)
ii  makedev                       2.3.1-89   creates device files in /dev
ii  sed                           4.2.1-6    The GNU sed stream editor
ii  udev                          150-2      /dev/ and hotplug management daemo

fuse-utils recommends no packages.

fuse-utils suggests no packages.

--- End Message ---
--- Begin Message --- 
Source: fuse
Source-Version: 2.5.3-4.4+etch1

We believe that the bug you reported is fixed in the latest version of
fuse, which is due to be installed in the Debian FTP archive:

fuse-utils_2.5.3-4.4+etch1_i386.deb
  to main/f/fuse/fuse-utils_2.5.3-4.4+etch1_i386.deb
fuse_2.5.3-4.4+etch1.diff.gz
  to main/f/fuse/fuse_2.5.3-4.4+etch1.diff.gz
fuse_2.5.3-4.4+etch1.dsc
  to main/f/fuse/fuse_2.5.3-4.4+etch1.dsc
libfuse-dev_2.5.3-4.4+etch1_i386.deb
  to main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_i386.deb
libfuse2_2.5.3-4.4+etch1_i386.deb
  to main/f/fuse/libfuse2_2.5.3-4.4+etch1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 567...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated fuse package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 01 Feb 2010 22:49:29 +0100
Source: fuse
Binary: libfuse2 libfuse-dev fuse-utils
Architecture: source i386
Version: 2.5.3-4.4+etch1
Distribution: oldstable-security
Urgency: high
Maintainer: Bartosz Fenski <fe...@debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description: 
 fuse-utils - Filesystem in USErspace (utilities)
 libfuse-dev - Filesystem in USErspace (development files)
 libfuse2   - Filesystem in USErspace library
Closes: 567633
Changes: 
 fuse (2.5.3-4.4+etch1) oldstable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backported upstream patch to fix CVE-2009-3297 (Closes: #567633)
Files: 
 5886da280cc253c8ec2c04f5423238ee 627 libs optional fuse_2.5.3-4.4+etch1.dsc
 9c7e8b6606b9f158ae20b8521ba2867c 409443 libs optional fuse_2.5.3.orig.tar.gz
 884b1f0d8646b121d133bb62a42e23c3 11785 libs optional 
fuse_2.5.3-4.4+etch1.diff.gz
 cfd1cee4477d2636b8b522a25310c984 58368 utils optional 
fuse-utils_2.5.3-4.4+etch1_i386.deb
 c692a6cb705c58ff1cea736f51bec18c 94356 libdevel optional 
libfuse-dev_2.5.3-4.4+etch1_i386.deb
 55537e1c0561f86fff06f0a1319098de 50812 libs optional 
libfuse2_2.5.3-4.4+etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktnTw8ACgkQNxpp46476apHQwCeIB3KsUlRTh5BG155GGGl+B06
/joAoIfylsmlXn4SZhxY15zaGtCP8F8k
=GczE
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to