Your message dated Wed, 28 Dec 2011 12:03:07 +0000
with message-id <e1rfsdr-0004kj...@franck.debian.org>
and subject line Bug#651917: fixed in ipmitool 1.8.11-5
has caused the Debian Bug report #651917,
regarding ipmitool: insecure file permission when creating PID files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
651917: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651917
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ipmitool
Severity: grave
Tags: security
Justification: user security hole
Hi,
an insecure file permission flaw was found in the way ipmitool handled
the PID files creation.
There's more info in the Red Hat bug, along with a patch, see
https://bugzilla.redhat.com/show_bug.cgi?id=742837
This has been assigned CVE-2011-4339, when you update a fix, could
you add it to the changelog entry?
Could you prepare updated packages for Squeeze and Lenny too?
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: ipmitool
Source-Version: 1.8.11-5
We believe that the bug you reported is fixed in the latest version of
ipmitool, which is due to be installed in the Debian FTP archive:
ipmitool_1.8.11-5.diff.gz
to main/i/ipmitool/ipmitool_1.8.11-5.diff.gz
ipmitool_1.8.11-5.dsc
to main/i/ipmitool/ipmitool_1.8.11-5.dsc
ipmitool_1.8.11-5_i386.deb
to main/i/ipmitool/ipmitool_1.8.11-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 651...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <l...@debian.org> (supplier of updated ipmitool package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 28 Dec 2011 12:34:15 +0100
Source: ipmitool
Binary: ipmitool
Architecture: source i386
Version: 1.8.11-5
Distribution: unstable
Urgency: high
Maintainer: Matthew Johnson <mj...@debian.org>
Changed-By: Luk Claes <l...@debian.org>
Description:
ipmitool - utility for IPMI control with kernel driver or LAN interface
Closes: 651917
Changes:
ipmitool (1.8.11-5) unstable; urgency=high
.
* debian/control: Add libncurses-dev build dependency
* Don't set umask to fix CVE-2011-4339 (Closes: #651917).
Checksums-Sha1:
47edc0057398230b178fb37bb5881bb7d1bf5801 1250 ipmitool_1.8.11-5.dsc
e6503444f077a783818cf90ee152afdf36e666e6 8550 ipmitool_1.8.11-5.diff.gz
956b5e5581c985df78721021b6fa71932bf8e3e6 395866 ipmitool_1.8.11-5_i386.deb
Checksums-Sha256:
c403067c3cc36dde220a2809cca17e175bc13a06f8c282674b187c9e4a28a400 1250
ipmitool_1.8.11-5.dsc
4630fcb0172ef6360b52a2ca251eaaeb8a6dcc639d99be6ba389f42e99b74113 8550
ipmitool_1.8.11-5.diff.gz
12f797e2bddb76a265152f373ec91df3cbcc164a8a0e7ae804d97c0b7b3ebef0 395866
ipmitool_1.8.11-5_i386.deb
Files:
a2c39309c43dd13da1c5a8a49bec5d83 1250 utils optional ipmitool_1.8.11-5.dsc
c2bd010583980f6c7ac8f3d7e2365fec 8550 utils optional ipmitool_1.8.11-5.diff.gz
ab74c5fc1c6f96d8b19624c0aa9e317c 395866 utils optional
ipmitool_1.8.11-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk77ASQACgkQ5UTeB5t8Mo1duwCfRkEe/k+iEE6wWZFuRea8g/De
WX8An0k34vjgtH3zWGxO6rHIoK9/NOKp
=9L4f
-----END PGP SIGNATURE-----
--- End Message ---
