Your message dated Tue, 11 Mar 2025 10:50:19 +0000
with message-id <[email protected]>
and subject line Bug#1060747: fixed in rear 2.7+dfsg-1.2
has caused the Debian Bug report #1060747,
regarding rear: CVE-2024-23301
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1060747: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060747
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rear
Version: 2.7+dfsg-1.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/rear/rear/issues/3122
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.7+dfsg-1
Hi,
The following vulnerability was published for rear.
CVE-2024-23301[0]:
| Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable
| initrd when using GRUB_RESCUE=y. This allows local attackers to gain
| access to system secrets otherwise only readable by root.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-23301
https://www.cve.org/CVERecord?id=CVE-2024-23301
[1] https://github.com/rear/rear/issues/3122
[2] https://github.com/rear/rear/pull/3123
[3] https://github.com/rear/rear/commit/89b61793d80bc2cb2abe47a7d0549466fb087d16
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rear
Source-Version: 2.7+dfsg-1.2
Done: Chris Hofstaedtler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rear, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <[email protected]> (supplier of updated rear package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 06 Mar 2025 11:03:33 +0100
Source: rear
Architecture: source
Version: 2.7+dfsg-1.2
Distribution: unstable
Urgency: medium
Maintainer: Frédéric Bonnard <[email protected]>
Changed-By: Chris Hofstaedtler <[email protected]>
Closes: 1060747
Changes:
rear (2.7+dfsg-1.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply upstream PR 3123 to fix CVE-2024-23301 (Closes: #1060747)
Checksums-Sha1:
f97f7720c484122fe239555403d350eec1430e66 2074 rear_2.7+dfsg-1.2.dsc
13f1ff34689bf9cb3ad5a5374851320001640624 5832 rear_2.7+dfsg-1.2.debian.tar.xz
Checksums-Sha256:
ec68a9b53a6f7942a9398a7adb2783d7343bcd21b701e245ff8fedcc477f78a8 2074
rear_2.7+dfsg-1.2.dsc
4830d9334d7530df888ee00e40411f63d6cc67f1d615dcd06be67e7abd79b8a4 5832
rear_2.7+dfsg-1.2.debian.tar.xz
Files:
2dd903560c99f4d07714aa7ec6f87f42 2074 admin optional rear_2.7+dfsg-1.2.dsc
08b6649b1ce886c10868f07c2e981057 5832 admin optional
rear_2.7+dfsg-1.2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmfJc2gACgkQXBPW25MF
LgNJzA/+MXwDiRDNgu5DrylxvhFsOQCIPLP6o7qXIRO6fOm1wJn8+Lb8eKWJcnJx
PsAl7AvDgscUH/ByI3hEZNUEjmI7yYdQ9oMmMmfJzU59jAzleWDEunN+SzCZMoWW
wJeH1BfcJj6F6BQLZ7aiJetCUu5U7F5zQnvExYxxT+pU4Afen6+8IBhmDVI+z4sC
SrMfxynNX49ipdDfsXx0ci/+6ePr/cYi7iP28ddaigC8Q9ila2HokVVsFsIu3p+X
zJGGxk1tDjRqjKOYg5jCgX5A0yffaKWG6/ccH19VKQnBzV6NTxIWbD9+zb8ze55K
/zR85jQWFI2RJuKSAnHUcFhVC8i8KLrN7CsGSFCnYsmtArihEXN4Mn9k69w600fA
LS7+1q2IesDbpvwlOa65+IqG1sRW46Ex6iL1gkEBn/QZpWMP8/KqBxrAlo7ek2r8
Wi/NhjuwmQGgMUESWS/8YMeKF8lTdgRmHwP14R4Q8T5q51+YfxA3Q3dG2t+K0mix
ZhHAjWkWnKWPxJ5JY66GunpS+eMM1cOdPCvmlSJIyywQ4OY37WVnT2wdwLd7KJ8B
hwNsNaQQSbsOOs2MyQvRVilnwsdeOiGpLmhuDLnqxbDSn5hP3m0tMbE7oJyJs3p8
CxLUECx/0IAMev8G7exBCC5BM5WEHaKhoIcnHZaBeMzSu7WZH1o=
=LQ2N
-----END PGP SIGNATURE-----
pgpmhvX7hGUNC.pgp
Description: PGP signature
--- End Message ---
