Your message dated Wed, 23 Feb 2022 09:06:32 +0000 with message-id <e1nmnbu-0001q4...@fasolo.debian.org> and subject line Bug#1006308: fixed in seatd 0.6.4-1 has caused the Debian Bug report #1006308, regarding seatd-launch: CVE-2022-25643 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1006308: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006308 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: seatd Version: 0.6.3-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for seatd. CVE-2022-25643[0]: | seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with | escalated privileges when installed setuid root. The attack vector is | a user-supplied socket pathname. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-25643 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25643 [1] https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: seatd Source-Version: 0.6.4-1 Done: Mark Hindley <lee...@debian.org> We believe that the bug you reported is fixed in the latest version of seatd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1006...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mark Hindley <lee...@debian.org> (supplier of updated seatd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 23 Feb 2022 08:09:56 +0000 Source: seatd Architecture: source Version: 0.6.4-1 Distribution: unstable Urgency: high Maintainer: Mark Hindley <lee...@debian.org> Changed-By: Mark Hindley <lee...@debian.org> Closes: 1006308 Changes: seatd (0.6.4-1) unstable; urgency=high . * New upstream version 0.6.4. - includes fix for CVE-2022-2564: file removal with escalated privileges via seatd-launch socket pathname (Closes: #1006308). * Patch to workaround spurious x32 compilation error by casting. * Improve autopkgtest output formatting. Checksums-Sha1: 60c66887a790b34f215cdb226f3df5ce52e65637 1982 seatd_0.6.4-1.dsc 9d45ab784e95043aaa671ad6cebda0d1d6654a64 38393 seatd_0.6.4.orig.tar.gz 9d76e0428c3994b967b8a628bdd2ce1219627245 7064 seatd_0.6.4-1.debian.tar.xz fb0933bc04de22d274e907d2ac3f4d773b3692fc 7930 seatd_0.6.4-1_amd64.buildinfo Checksums-Sha256: 8fac01371e23549c21acf08a1801761ec40209ad8d37c30cca3a7ef59df3eb81 1982 seatd_0.6.4-1.dsc 3d4ac288114219ba7721239cafee7bfbeb7cf8e1e7fd653602a369e4ad050bd8 38393 seatd_0.6.4.orig.tar.gz 90da3e315bde34f3472eda40cfbc1ca167bb13a7acfe0954b8e4e4d8854f5561 7064 seatd_0.6.4-1.debian.tar.xz 6fcae440ccce6dd6a31f47f47be81b06709cbcaea37c1df6a14c62cd7d371992 7930 seatd_0.6.4-1_amd64.buildinfo Files: ed0e8a6e538319bd57dae4cc4e93c676 1982 admin optional seatd_0.6.4-1.dsc 114604a0b346a40157839d5c8c8b2ce2 38393 admin optional seatd_0.6.4.orig.tar.gz 5e371a26f9326764e20fe2d3820b3293 7064 admin optional seatd_0.6.4-1.debian.tar.xz 9e87a219caeaa2df44bffa71c673ad7e 7930 admin optional seatd_0.6.4-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEUGwVpCsK9aCoVCPu0opFvzKH1kkFAmIV9BEACgkQ0opFvzKH 1km5mhAAoVBjXRjSdwq3ihOzh5NeGSk8k8PKsNo2nwixyRSHgxzxdROT1rJUId45 efxpfgEJH6vb6lMpFIQ6SUYIFI5AAf1WvqM41ONjSly6uaArOvioORVYTtccnD3p D+XRlLlGeXhO/hNheFEY6jwj6DoPSVUswio6CRRRMLSBdBJm2R7I/kDfbFo50Hfp 6MZRriCfQELJJJCCqv9RS4Wtx72MKE6rYK+VNh5T0m4q1z9UPirGEbVE+L29Xzc0 5ZnwChiI7c4OXe8fCC4XCw+P0uLdcOBQ2HpJe7FauYxN8AIgWHUjCMWDxOm9Cijm mvNhPyENGf1x0VX7q56Zq6JWpB4dpMqWVAoSj1SIT00bEymtDI4hF9gRI807+S7W u4EyaBvgyc2NgNSYY9RaR37kwkPtZOt4lhDQ9GkwkEI3KayU7JIrFO6RhexEfrvQ AA2dckUCabELDpG1HY0abpiwsjVqQKKp3nSxe0cbpwE5NVRalKBuynU+cQXjXJyI UD5kANxhekZoNGBCew63dZGMFHuchPheydo3rgsv3ZCYtbWoNI/3ak4lGvIdFZUa LyO872rb2S+23y3zFPiunJIWcKjJXzr7+bTXpFqcnHm/0uSxibAVOIeZdnRpHM17 3CGerxccve0chYp+2UUTgG11wgrzoywQA/RWDaR06elTKvoAOKw= =ejo4 -----END PGP SIGNATURE-----
--- End Message ---
