Bug#631345: marked as done (opie: missing setuid() retval check in opielogin)

Fri, 22 Jul 2011 13:00:25 -0700 

Your message dated Fri, 22 Jul 2011 19:56:49 +0000
with message-id <e1qklq5-00070m...@franck.debian.org>
and subject line Bug#631345: fixed in opie 2.32.dfsg.1-0.2+squeeze1
has caused the Debian Bug report #631345,
regarding opie: missing setuid() retval check in opielogin
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
631345: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: opie
Severity: serious
Tags: important

Hi,
  A security bug has been reported in opielogin[1]. A patch by Novell is can be 
found here: https://bugzillafiles.novell.org/attachment.cgi?id=435901

Please, considerer port this patch to stable and oldstable.

Thanks a lot for all your help,

luciano

[1] http://www.openwall.com/lists/oss-security/2011/06/22/6

--- End Message ---
--- Begin Message --- 
Source: opie
Source-Version: 2.32.dfsg.1-0.2+squeeze1

We believe that the bug you reported is fixed in the latest version of
opie, which is due to be installed in the Debian FTP archive:

libopie-dev_2.32.dfsg.1-0.2+squeeze1_amd64.deb
  to main/o/opie/libopie-dev_2.32.dfsg.1-0.2+squeeze1_amd64.deb
opie-client_2.32.dfsg.1-0.2+squeeze1_amd64.deb
  to main/o/opie/opie-client_2.32.dfsg.1-0.2+squeeze1_amd64.deb
opie-server_2.32.dfsg.1-0.2+squeeze1_amd64.deb
  to main/o/opie/opie-server_2.32.dfsg.1-0.2+squeeze1_amd64.deb
opie_2.32.dfsg.1-0.2+squeeze1.diff.gz
  to main/o/opie/opie_2.32.dfsg.1-0.2+squeeze1.diff.gz
opie_2.32.dfsg.1-0.2+squeeze1.dsc
  to main/o/opie/opie_2.32.dfsg.1-0.2+squeeze1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 631...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated opie package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 19 Jul 2011 22:21:04 +1000
Source: opie
Binary: opie-client opie-server libopie-dev
Architecture: source amd64
Version: 2.32.dfsg.1-0.2+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Michael Stone <mst...@debian.org>
Changed-By: Steffen Joeris <wh...@debian.org>
Description: 
 libopie-dev - OPIE library development files.
 opie-client - OPIE programs for generating OTPs on client machines
 opie-server - OPIE programs for maintaining an OTP key file
Closes: 631344 631345
Changes: 
 opie (2.32.dfsg.1-0.2+squeeze1) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix off-by-one and privilege escalation via missing check for
     setuid() (Closes: #631344, #631345)
     Fixes: CVE-2011-2489 CVE-2011-2490
Checksums-Sha1: 
 536316d93cd23eb3b508b11aeaeb689fe7cfe834 1060 opie_2.32.dfsg.1-0.2+squeeze1.dsc
 111e543d61c94c005b41283adbf3789053d98fce 158349 opie_2.32.dfsg.1.orig.tar.gz
 675cded4faa1136ec8ae6a1a9e7906d47de11cf3 14774 
opie_2.32.dfsg.1-0.2+squeeze1.diff.gz
 6234370a18d1c6835b1de560cf423a14e7494dbe 43824 
opie-client_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 83a2bdd11c2cabaab59d618e2af6b3cb9f3c4137 46838 
opie-server_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 eea9aba861766325a2dfec78fc149218daf95782 31972 
libopie-dev_2.32.dfsg.1-0.2+squeeze1_amd64.deb
Checksums-Sha256: 
 b8e48e63704c2e640748739373ed26365c5f727ffc23b82d5db3c9821bd9e93c 1060 
opie_2.32.dfsg.1-0.2+squeeze1.dsc
 6472b5214a031330b933a2b2ffbdab08054093eb4ca283f97284b04319d1060b 158349 
opie_2.32.dfsg.1.orig.tar.gz
 cd2816e294c666ea51f3b2a914916164c50cbaf4e4ec33c4c5aae1326f919e07 14774 
opie_2.32.dfsg.1-0.2+squeeze1.diff.gz
 07f2f03cde1c8fe10f9a567c4a540d5cf81205b47a1b2beb02745437dcc5f59e 43824 
opie-client_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 acf66e0402b4fac480ead3fc02660881b548e392fde01c50d3f8703b2a576d53 46838 
opie-server_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 5143e7ea7550d2931d4827f4b9bff4e0b67141856b717bba301362534c2f9c7a 31972 
libopie-dev_2.32.dfsg.1-0.2+squeeze1_amd64.deb
Files: 
 654a8c11fecc0bacbf75305b51acf5c2 1060 admin optional 
opie_2.32.dfsg.1-0.2+squeeze1.dsc
 fc269281acbb567839589aa46bce3335 158349 admin optional 
opie_2.32.dfsg.1.orig.tar.gz
 fcb7224dc128e1e08073e19d12f878b2 14774 admin optional 
opie_2.32.dfsg.1-0.2+squeeze1.diff.gz
 3378dd8a9ebfeedf5884bf0ecb337013 43824 admin optional 
opie-client_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 240843f4be99218e6b19c7061c60430c 46838 admin optional 
opie-server_2.32.dfsg.1-0.2+squeeze1_amd64.deb
 a970f8fa69eab2ea6501c82b7348d52f 31972 devel optional 
libopie-dev_2.32.dfsg.1-0.2+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4lfcQACgkQ62zWxYk/rQeifwCgrLlsUfl/r6LrEF1s4tdraBsY
InUAn3ET73PP5G9XZJ56Y21lSY5SHZ0q
=wFUc
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to