Your message dated Wed, 04 Sep 2019 19:07:08 +0000
with message-id <[email protected]>
and subject line Bug#939353: fixed in systemd 242-7
has caused the Debian Bug report #939353,
regarding systemd: CVE-2019-15718: Missing access controls on
systemd-resolved's D-Bus interface
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
939353: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939353
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: systemd
Version: 242-6
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for systemd.
CVE-2019-15718[0]:
Missing access controls on systemd-resolved's D-Bus interface
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-15718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718
[1] https://www.openwall.com/lists/oss-security/2019/09/03/1
[2] https://github.com/systemd/systemd/pull/13457
[3]
https://github.com/systemd/systemd/pull/13457/commits/35e528018f315798d3bffcb592b32a0d8f5162bd
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: systemd
Source-Version: 242-7
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 Sep 2019 19:34:17 +0200
Source: systemd
Architecture: source
Version: 242-7
Distribution: unstable
Urgency: medium
Maintainer: Debian systemd Maintainers
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 939353 939408
Changes:
systemd (242-7) unstable; urgency=medium
.
* sleep: properly pass verb to sleep script
* core: factor root_directory application out of apply_working_directory.
Fixes RootDirectory not working when used in combination with User.
(Closes: #939408)
* shared/bus-util: drop trusted annotation from
bus_open_system_watch_bind_with_description().
This ensures that access controls on systemd-resolved's D-Bus interface
are enforced properly.
(CVE-2019-15718, Closes: #939353)
Checksums-Sha1:
39de95c516eb3e666859a40f47d5a0f82d08eb29 4973 systemd_242-7.dsc
3beafc49752ac37e845ba3afa9ccbb16b6b08a2f 159704 systemd_242-7.debian.tar.xz
3e7f8fa2d11a2408f46e1205d571a535d79791cf 9416 systemd_242-7_source.buildinfo
Checksums-Sha256:
54fc1409b26dfbe49e56f763a45d763b93f910156a898d30029182eedbe657d0 4973
systemd_242-7.dsc
a742a675c9fad620f6592437ecb4ad7101d36b4e624d4fcae51c50683fabca2e 159704
systemd_242-7.debian.tar.xz
70ebdddb885bbc50662293024e8ee037a33a3c4cc5965fbc20e5d23a2d88a72e 9416
systemd_242-7_source.buildinfo
Files:
3a6a730c607d9da6a11d11e15544a895 4973 admin optional systemd_242-7.dsc
c0f065ee0b4055a1f4fd86fa292b7efa 159704 admin optional
systemd_242-7.debian.tar.xz
71e704fe6b2215d1cb88c937cbf21d5a 9416 admin optional
systemd_242-7_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAl1v/yUACgkQauHfDWCP
ItzhAg//S6xEmo1JaIzSTTR6YlaZNZ7cWksABvOLIaKQE8olH8XYjji3SAPQSQ6o
JPYJ6GXbXzBejwfMf777eSmzKiag9ErTMrjOSFc973Qefzn40CGngdRUwy4bsL5V
8CfTldcuaEphKyMagzfwDzyUR9CyAgbf6gPOqFmHfPLGH3L9SBmHGc3tfaDWaVFo
i83DBs3cdqqxNmxQrzN6+x3snPvPgHhY0xCebMdGbSOM710wCsuOX/L5kEh3BqHc
INGbm0PjKecKEW8LonKdtol8Rt/1M6P3z3BMR7HqIjWNhigIqI6QPT4sKGers5FN
t6smxe0QU2wZsCb272GJ4nZSWZ+SfC9Djtar1BfJ3qXSV22SJKjZDPb+GleuF3ks
wrADajrrZXRxDTRIV2vD+6rKFszYvlLBfU763kls+trLy1vyFksYz20nBL18bUKY
RWu5tdpHvvET+bL3sjTUd+9m+XzLbPqb2kfPL4CEXUIVMLttL9SUhTpXlU40ZY0H
zTy+xBat9AWOhrx0O7JZHU0LJrJho7h3ystCc/n11Hc+VM34oKzkhDtGlHx5iUpM
YzK+P09nUlnC/Peo3DdNS39IJBpAUBWFOR8QJGa/vmGDzNlmnsdcnbDPiTDaRdvk
BfRaJGi5qo3K2bdddyX56KASW7kSlTrJZW8jwr5Id6be8GDhAl8=
=sA2K
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-systemd-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
