Bug#776186: marked as done (busybox: CVE-2014-9645: modprobe wrongly accepts paths as module names)

To: Cyril Brulebois <kibi@debian.org>
Subject: Bug#776186: marked as done (busybox: CVE-2014-9645: modprobe wrongly accepts paths as module names)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 04 Mar 2015 17:36:12 +0000
Message-id: <[🔎] handler.776186.D776186.142549042723373.ackdone@bugs.debian.org>
References: <E1YTDB1-0001vd-VG@franck.debian.org> <20150125070417.17788.49948.reportbug@lorien.valinor.li>

Your message dated Wed, 04 Mar 2015 17:33:43 +0000
with message-id <E1YTDB1-0001vd-VG@franck.debian.org>
and subject line Bug#776186: fixed in busybox 1:1.22.0-15
has caused the Debian Bug report #776186,
regarding busybox: CVE-2014-9645: modprobe wrongly accepts paths as module names
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
776186: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776186
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: busybox: CVE-2014-9645: modprobe wrongly accepts paths as module names

From: Salvatore Bonaccorso <carnil@debian.org>

Date: Sun, 25 Jan 2015 08:04:17 +0100

Message-id: <20150125070417.17788.49948.reportbug@lorien.valinor.li>
Source: busybox
Version: 1:1.20.0-7
Severity: normal
Tags: security patch upstream fixed-upstream

Hi,

the following vulnerability was published for busybox.

CVE-2014-9645[0]:
modprobe wrongly accepts paths as module names

Upstream report is at [1] with fix at [2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-9645
[1] https://bugs.busybox.net/show_bug.cgi?id=7652
[2] http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b

Regards,
Salvatore
--- End Message ---

--- Begin Message ---

To: 776186-close@bugs.debian.org
Subject: Bug#776186: fixed in busybox 1:1.22.0-15
From: Cyril Brulebois <kibi@debian.org>
Date: Wed, 04 Mar 2015 17:33:43 +0000
Message-id: <E1YTDB1-0001vd-VG@franck.debian.org>

Source: busybox
Source-Version: 1:1.22.0-15

We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 776186@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cyril Brulebois <kibi@debian.org> (supplier of updated busybox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 04 Mar 2015 17:46:34 +0100
Source: busybox
Binary: busybox busybox-static busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source amd64 all
Version: 1:1.22.0-15
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Cyril Brulebois <kibi@debian.org>
Description:
 busybox    - Tiny utilities for small and embedded systems
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Closes: 776186
Changes:
 busybox (1:1.22.0-15) unstable; urgency=medium
 .
   [ Michael Gilbert ]
   * Fix CVE-2014-9645: modprobe accepts paths as modules (closes: #776186).
Checksums-Sha1:
 476e15966fe4480bb8507f93a76408eaca540f4f 2269 busybox_1.22.0-15.dsc
 d880ef7426cc2532724afaef51f177cedec962c6 54840 busybox_1.22.0-15.debian.tar.xz
 809222ba11fa504e328555bb8ec97f83ad2b3426 392008 busybox_1.22.0-15_amd64.deb
 cd618d63bcbdaf4139e63f39a49a5e259026ea27 841108 busybox-static_1.22.0-15_amd64.deb
 afbb4a59f1d4420cb44cf5575753010259409f81 175156 busybox-udeb_1.22.0-15_amd64.udeb
 b5a7c9a542beb20aae6bd8c02eec7fbc370212f0 23886 busybox-syslogd_1.22.0-15_all.deb
 042926601d28c14bf86fa34ec818ff55b86c7be5 22034 udhcpc_1.22.0-15_amd64.deb
 cd34db7a870ed959f9acb5ade3875d5774347bab 24768 udhcpd_1.22.0-15_amd64.deb
Checksums-Sha256:
 78b9442cd75b2cd6e063a34c5fd460e3219b1e4453f802f4d3f97122312f7886 2269 busybox_1.22.0-15.dsc
 bb4bddb5560f336c18871b44c6a325282e30ebf11416b79aa692e16a0a7f6574 54840 busybox_1.22.0-15.debian.tar.xz
 dbf5678f363a1b622b4c24fa20cc64854c6f80b2c02ba6c584f822405ca280b1 392008 busybox_1.22.0-15_amd64.deb
 22fda404294a8988ca7c1ad7330e8a1246c19f7393d3c5072c7e8b78eb4c9321 841108 busybox-static_1.22.0-15_amd64.deb
 ce5eb35b3a08592c7b5097bafb66690aa8fb11986941e83b4391ff1597991abc 175156 busybox-udeb_1.22.0-15_amd64.udeb
 d86f531955c8a2faede6c1a0280f8e4faa532c00abbe63812a2e6a5fd3dde55f 23886 busybox-syslogd_1.22.0-15_all.deb
 3622bd8b03fe5019d371a67eb24bff232d526e1136cf83a5b57917f883ce1ad2 22034 udhcpc_1.22.0-15_amd64.deb
 1713105f6db33b019077b095e883477ae8207a6dcfbb01767444e0478643cfab 24768 udhcpd_1.22.0-15_amd64.deb
Files:
 f041e9d25455417ffc64b1f0f11da84f 2269 utils optional busybox_1.22.0-15.dsc
 2a47c430b62ddbbd37a9a76abe455cda 54840 utils optional busybox_1.22.0-15.debian.tar.xz
 874ee77d5f9ae29d974f8af73dbda193 392008 utils optional busybox_1.22.0-15_amd64.deb
 762946ce727d0a1e537298a70d29736c 841108 shells extra busybox-static_1.22.0-15_amd64.deb
 9a34ab474279aad48e7d7883491194c2 175156 debian-installer extra busybox-udeb_1.22.0-15_amd64.udeb
 43ac9a8513d71b0677ed4cdc026cec67 23886 utils optional busybox-syslogd_1.22.0-15_all.deb
 5754e07a50ab4dd67a1cfc226623ad5e 22034 net optional udhcpc_1.22.0-15_amd64.deb
 7f68d7f497d05dfcd73afab9f838953e 24768 net optional udhcpd_1.22.0-15_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJU90CbAAoJEP+RSvDCs1UgENUP/32KGkNTGD5fNy0PKppbZocw
Mql14o2dfmGMnwQYpggeon4GKVaCZcniu/w66u76/SadZzbbivD5/04hZ2Cv3IIE
O5sI4JbZbityMiUn3aT1h6Jd4Ts3XnEfFcjvPcsxd0Pu3o06FWu+9EaicuuBxxMC
qVYyY4fau25UEbjbnIgF9we1rV772jJ2C0rK1XrubMo3SO3Le8Nb9kdibmn69RSZ
ZLkw/Z3JUeF1Uj+v5QNY+XMG3CyOb+nwpG488pprrM4B3Kh/0IIy8cW5KEZY5TiK
v7OEHzNKrTNkCeK1cxaOEEIiq1znJ/t1ReuLXSlsgbOpLLiqdjyoaa61ZyY5XRkK
L9EpbumdzbYEabeuh4HNs3kzRt++p+TKTYuM/17+C0uPP1XMZusTVWzp6UDuYPW8
C7cqyvUNlq45alxj6+QedSDKLyC4s0mrpkLDNxtj3HkGR0WwpdR3HdcQnIOKb+Uc
OCW7Y0jJhzEcR6DLHnJK0/DKshKlbqzDoAPIMt35ZpyWhJA0Fzc4lEDN0Hb8u11/
qMJqDSMA814e6xpsBax9nVAnY16en4SQSFyHr0uWGu93gQjQS3lw85StnFtxCw/B
RtA5L0DkO2obmJ9KdyPjBEK7swsQVD2Y5JDpBjYxtN3oR3jhu8f2RM+woOIIkrJj
E1BdoYuo/lc+fD3y/pMb
=pt6u
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#771623: marked as done (installation-reports: expert installer 'targeted' initrd does not contain modules for USB keyboard on intended system)
Next by Date: Processing of busybox_1.22.0-15_amd64.changes
Previous by thread: Bug#771623: marked as done (installation-reports: expert installer 'targeted' initrd does not contain modules for USB keyboard on intended system)
Next by thread: Processing of busybox_1.22.0-15_amd64.changes
Index(es):
- Date
- Thread