Your message dated Sat, 12 Jul 2014 21:36:14 +0000
with message-id <[email protected]>
and subject line Bug#708293: fixed in hawtjni 1.10-1
has caused the Debian Bug report #708293,
regarding libhawtjni-runtime-java: /tmp race condition with arbitrary code
execution (CVE-2013-2035)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
708293: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708293
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libhawtjni-runtime-java
Version: 1.0~+git0c502e20c4-3
Tags: security
Severity: important
A /tmp race condition which can be abused by local users to execute
arbitrary code with the privileges of a process using hawtjni has been
fixed:
<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2035>
<https://github.com/fusesource/hawtjni/commit/92c266170ce98edc200c656bd034a237098b8aa5>
I'm not sure how widely hawtjni is used. This might be a candidate
for a DSA. Please prepare an update for stable/wheezy, and we can
then decide whether to fix this through stable-proposed-updates or the
security archive.
--- End Message ---
--- Begin Message ---
Source: hawtjni
Source-Version: 1.10-1
We believe that the bug you reported is fixed in the latest version of
hawtjni, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated hawtjni package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 10 Jul 2014 14:04:47 +0200
Source: hawtjni
Binary: libhawtjni-runtime-java
Architecture: source all
Version: 1.10-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Markus Koschany <[email protected]>
Description:
libhawtjni-runtime-java - Java library that provide JNI code generation
Closes: 708293
Changes:
hawtjni (1.10-1) unstable; urgency=medium
.
* Team upload.
* Imported Upstream version 1.10.
- Fixes /tmp race condition with arbitrary code execution.
(Closes: #708293)
* Use compat level 9 and require debhelper >= 9.
* wrap-and-sort -sa
* Remove obsolete "DM-Upload-Allowed" field.
* Declare compliance with Debian Policy 3.9.5.
* Use canonical Vcs-URI.
* Update get-orig-source target and add versioned dpkg-dev
build-dependency to debian/control. Drop orig-tar.sh.
* Update debian/copyright to copyright format 1.0.
* Update maintainer email address.
Checksums-Sha1:
0fd0700dec33999bdf9d141697887ea3269ce904 2010 hawtjni_1.10-1.dsc
164a3ac1d6ce6352e7543f26a3a2d658015541d5 1439532 hawtjni_1.10.orig.tar.xz
1c1d0967b73b58aa88773f3df71866a55d593e15 6844 hawtjni_1.10-1.debian.tar.xz
fa5d1a2a40a11adcb2626397aeb5f9bb104272ed 55242
libhawtjni-runtime-java_1.10-1_all.deb
Checksums-Sha256:
3323dd1e00b2f982ecd3d278e28763a1e571fbe65abdd1117c2c022add068d2e 2010
hawtjni_1.10-1.dsc
56f33428a6dae4abbeb4d4a6f7f52e3e916873ac3ea36130dc1e45203e1e7cc1 1439532
hawtjni_1.10.orig.tar.xz
67e8688c56f45a131d75d5a0793522bd778cb5d97b06395de98f50813d6783d1 6844
hawtjni_1.10-1.debian.tar.xz
9b0a4485ac6569efa212e50ba8589a32a960a55fec97c149fc6970fdf9ae8fa3 55242
libhawtjni-runtime-java_1.10-1_all.deb
Files:
afdd31b2a9df8f8896a619d798a4c0bf 55242 java optional
libhawtjni-runtime-java_1.10-1_all.deb
4303787fb0227d725e383b00443df0ae 2010 java optional hawtjni_1.10-1.dsc
005fd649217566aff7286e0dc2978cfe 1439532 java optional hawtjni_1.10.orig.tar.xz
94bd26453a6ccf564eda1d4e1d06fea3 6844 java optional
hawtjni_1.10-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJTwZmSAAoJEGIODQuJV82l5foP/RLoCkjRAIUWlN9wzj+TDBoK
1NgfX5FbAc+sSr+x9/rXy5cjUiQVjY3/Bb307hrZR2kLCBjvvmfrrTI80g1MWxeW
dHk0eY3MwJdfrjEMvAVxAUa98aF5RSlU4mdZhzZtZ3ybWAGZevEyUXO8ZyIQuzK1
MISZimpeUXZ7yg0yrLHyJIy6lH7WvaNxN61xY6PB53jFWhMmRKzz/8gg3xRgIbeT
x941WYEVQU2ARKrDjr9ovzpeQIjTeWBPt5IWwTrvySYLV/eG1g1vHjWgwaGNDwsD
L3jXSbXOsiTPXn61ITFoGz1LwPj1FSIYCTOFCOQ8qVZ42J6iCnHTxjVvVDp7W2lv
UXUqWFYBNOXDV1N1KbAQ67I6/0P/qd3D9RFkID/wNfzZN1SaSsmLvGVE4a7d7fCb
IjSYbA/uKZ6a5dx/znr9RrWWYNJwJacW1jsTMX1D08v1iEeO0F/n5wPoQeJFsFb0
gZ63Iml9YqZU5xSYM/yJrJAR0LAo1ibY3T0P58zTezCgIwidvC0oEt9lu1hViMdz
5BMKqSc+56xO5BnamZnWHZlMmoOsTfOoUV5AMlYBNkgIrXuIGIZ/qU4SKbahyEEP
h7piIVwuBiHbAXa+TisFN18QZGfxv4QN1hRd7AzGoZ0+5796BbGi0q/2MjAc5w1K
A1wJzjZtEGL+jiG30ggc
=HpSE
-----END PGP SIGNATURE-----
--- End Message ---
