Your message dated Fri, 03 Mar 2023 17:02:40 +0000 with message-id <e1py8no-009sny...@fasolo.debian.org> and subject line Bug#1022742: fixed in multipath-tools 0.8.5-2+deb11u1 has caused the Debian Bug report #1022742, regarding multipath-tools: CVE-2022-41973 CVE-2022-41974 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1022742: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022742 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: multipath-tools Version: 0.9.0-4 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.7.9-3 Hi, The following vulnerabilities were published for multipath-tools. CVE-2022-41973[0]: | Symlink attack CVE-2022-41974[1]: | Authorization bypass If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-41973 https://www.cve.org/CVERecord?id=CVE-2022-41973 [1] https://security-tracker.debian.org/tracker/CVE-2022-41974 https://www.cve.org/CVERecord?id=CVE-2022-41974 [2] https://www.openwall.com/lists/oss-security/2022/10/24/2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: multipath-tools Source-Version: 0.8.5-2+deb11u1 Done: Tobias Frost <t...@debian.org> We believe that the bug you reported is fixed in the latest version of multipath-tools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1022...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost <t...@debian.org> (supplier of updated multipath-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 28 Feb 2023 14:59:15 +0100 Source: multipath-tools Architecture: source Version: 0.8.5-2+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian DM Multipath Team <team+linux-blo...@tracker.debian.org> Changed-By: Tobias Frost <t...@debian.org> Closes: 1022742 Changes: multipath-tools (0.8.5-2+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Backport patch for CVE-2022-41974 and CVE-2022-41973. (Closes: #1022742) - multipath.rules is now rebuilt from multipath.rules.in, superceding 0010-multipath.rules-do-not-assume-usrmerged-paths.patch. - to rebuild multipath.rules reliably: - Reorder d/rules so it is built the file is copied - Remove the generated multipath.rules in d/clean - Remove also the patch that would have patched the output file Checksums-Sha1: 55fa8aeccf7cb740e4ea8d174c63fec0cbc25684 2619 multipath-tools_0.8.5-2+deb11u1.dsc 58886428511e57390cc7b2d71aac3920e2dd0461 494654 multipath-tools_0.8.5.orig.tar.gz 64ec5631d4147090a50b06fe1c0ae5b812679f5d 43920 multipath-tools_0.8.5-2+deb11u1.debian.tar.xz f59a5c719231119b4848b937071f108ad8d16cef 9169 multipath-tools_0.8.5-2+deb11u1_amd64.buildinfo Checksums-Sha256: 5d35c55e64514eddc0bd76781101b191e450adf6c29af164ed3c6eda3d74f4bf 2619 multipath-tools_0.8.5-2+deb11u1.dsc 0549ebe39fd3950ec49c16304da408c2bfe1b18d386d8e6647b5bcb60363c8aa 494654 multipath-tools_0.8.5.orig.tar.gz 0a6895e1e24e86f9a0e4865c3d70589a16ac654e68fa65d0c86447a47e2293e1 43920 multipath-tools_0.8.5-2+deb11u1.debian.tar.xz 719fd4dd19a265e1acfa0dd57731682b2c823c7fb22686950e727ba9fb39a8a6 9169 multipath-tools_0.8.5-2+deb11u1_amd64.buildinfo Files: 14567d27fd7e348e7194ca23f2e5e289 2619 admin optional multipath-tools_0.8.5-2+deb11u1.dsc 353e8ff3211d368c17c9b465a468c7ed 494654 admin optional multipath-tools_0.8.5.orig.tar.gz 6cea518f56a77fdab875fe102061f3a8 43920 admin optional multipath-tools_0.8.5-2+deb11u1.debian.tar.xz d94cf13796963aa4658b3840b096bccf 9169 admin optional multipath-tools_0.8.5-2+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmP+bDQACgkQkWT6HRe9 XTaCAw/9HncYSdC7smsRwGJrwPUAJfYsqtU4qRxvo3LtuyI2obtSrel4AuVjm8v8 EWNi20CukCnd4qBWtsX9hVMD4u9dAPaAeqbZKO0m78PgGC8OsejSUFC2GbrvzkY2 o3XMGtHBonWlEpcXylFi+ofCGJd7s/23rlky49I8RQDkT0vk9G86JR0mmJCjKg2L uU5+k3WIIb3xL8HR/L00fyFzpFqAQ+IMbLSpmnrPutLUJwGFBs9FzkwNJSMIt4aT XiwjgY/3al9WFV2Hzaw9S4I5hpz3U6U+CgyWNceQFAnHtDv+97RkeucInf6ndkc9 dR5uG1Qd6Gms5iOql1W0t7OhvT+1WdEX/9tU7GppPFtEzkrZzCue57y+covMKczk X5K5Nu0thEGuBK1TIHOW5m7Qk4Mao5viIjecwp4WKc8vnFekijKjZo2mxv9BvJvz 9k1ACPadHwwXYyKKEisdDaKgZb1qaSWW4XRzpfB/zWqu76yT8uZ/nhsqLDSxN/hb EJBsrLXvdZ6uET/pD4FBsB0fzuoULj+jqS5yYOX9NrTb+FngPkca7Z6hGq1YH/ly j2CreaW2c7GzK+0CXJogUyzwdnWKRqYvbkZOt4yA5hFow+N2tCtuuw3NPzQUAcne p8MgmRg81cPp30ha3NcV//JcgFdygGdIKU721WpTPf3RJ6Jclgg= =gHNO -----END PGP SIGNATURE-----
--- End Message ---
