Your message dated Sat, 31 Dec 2011 19:55:23 +0000
with message-id <e1rh51x-00080m...@franck.debian.org>
and subject line Bug#651917: fixed in ipmitool 1.8.9-2+squeeze1
has caused the Debian Bug report #651917,
regarding ipmitool: insecure file permission when creating PID files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
651917: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651917
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ipmitool
Severity: grave
Tags: security
Justification: user security hole
Hi,
an insecure file permission flaw was found in the way ipmitool handled
the PID files creation.
There's more info in the Red Hat bug, along with a patch, see
https://bugzilla.redhat.com/show_bug.cgi?id=742837
This has been assigned CVE-2011-4339, when you update a fix, could
you add it to the changelog entry?
Could you prepare updated packages for Squeeze and Lenny too?
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: ipmitool
Source-Version: 1.8.9-2+squeeze1
We believe that the bug you reported is fixed in the latest version of
ipmitool, which is due to be installed in the Debian FTP archive:
ipmitool_1.8.9-2+squeeze1.diff.gz
to main/i/ipmitool/ipmitool_1.8.9-2+squeeze1.diff.gz
ipmitool_1.8.9-2+squeeze1.dsc
to main/i/ipmitool/ipmitool_1.8.9-2+squeeze1.dsc
ipmitool_1.8.9-2+squeeze1_i386.deb
to main/i/ipmitool/ipmitool_1.8.9-2+squeeze1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 651...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <l...@debian.org> (supplier of updated ipmitool package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 30 Dec 2011 09:12:15 +0100
Source: ipmitool
Binary: ipmitool
Architecture: source i386
Version: 1.8.9-2+squeeze1
Distribution: oldstable-security
Urgency: high
Maintainer: Matthew Johnson <mj...@debian.org>
Changed-By: Luk Claes <l...@debian.org>
Description:
ipmitool - utility for IPMI control with kernel driver or LAN interface
Closes: 651917
Changes:
ipmitool (1.8.9-2+squeeze1) oldstable-security; urgency=high
.
* Don't set umask to fix CVE-2011-4339 (Closes: #651917).
Checksums-Sha1:
f32c6eefade1544339e9cf88ff3d5948f63b8023 1070 ipmitool_1.8.9-2+squeeze1.dsc
fc53d9347a83893296b38480fcfa46799189b95c 682029 ipmitool_1.8.9.orig.tar.gz
0fc2424b1a7d0c051fd8b5ab079baad83eeb68b5 21121
ipmitool_1.8.9-2+squeeze1.diff.gz
a6282a022c3c04329cdfe7ec75aeb74f3d10b30f 308496
ipmitool_1.8.9-2+squeeze1_i386.deb
Checksums-Sha256:
ed04aa62f2ab881b6c9b804f71566810f5432e08082c55aab561578e523894aa 1070
ipmitool_1.8.9-2+squeeze1.dsc
1d6bf2595d1fd0dbef206c300cc666d3d079548ba97f727077d61c4736a7e63a 682029
ipmitool_1.8.9.orig.tar.gz
c63d3472204f28e77abd3935f16b149ac6431dab42fc9ad7f88fae17e55ddd2a 21121
ipmitool_1.8.9-2+squeeze1.diff.gz
c3af6c3105ab45dbfd022ece1604d5c0198410845c822846b8edcdd6bbbabd95 308496
ipmitool_1.8.9-2+squeeze1_i386.deb
Files:
df83a54c1212b1ffedf5aeff0ac48910 1070 utils optional
ipmitool_1.8.9-2+squeeze1.dsc
f122ea1171f8950306b49ddeb4d12f7e 682029 utils optional
ipmitool_1.8.9.orig.tar.gz
8b3ff9bd2e5dcfbc9150bc0545cf0ea8 21121 utils optional
ipmitool_1.8.9-2+squeeze1.diff.gz
8957c335ac68328c775b8ace02044062 308496 utils optional
ipmitool_1.8.9-2+squeeze1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk79fF8ACgkQ5UTeB5t8Mo0gvQCfW4ysyz8VlbPRx2J5wh7ME2ER
Lh8AnR866zsIQkA0rML5TW+aKTw9TGV3
=4YyM
-----END PGP SIGNATURE-----
--- End Message ---
