Bug#559814: marked as done (CVE-2009-3736 local privilege escalation)
Your message dated Sat, 04 Dec 2010 01:56:00 +0000
with message-id <E1POhM0-0007BO-Mq@franck.debian.org>
and subject line Bug#559814: fixed in hamlib 1.2.7.1-1+lenny1
has caused the Debian Bug report #559814,
regarding CVE-2009-3736 local privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
559814: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559814
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: hamlib
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for libtool. I have determined that this package embeds a
vulnerable copy of the libtool source code. However, since this is a
mass bug filing (due to so many packages embedding libtool), I have not
had time to determine whether the vulnerable code is actually present
in any of the binary packages. Please determine whether this is the
case. If the package is not affected, please feel free to close the bug
with a message containing the details of what you did to check.
CVE-2009-3736[0]:
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
| attempts to open a .la file in the current working directory, which
| allows local users to gain privileges via a Trojan horse file.
Note that this problem also affects etch and lenny, so if your package
is affected, please coordinate with the security team to release the
DSA for the affected packages.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
http://security-tracker.debian.org/tracker/CVE-2009-3736
--- End Message ---
--- Begin Message ---
Source: hamlib
Source-Version: 1.2.7.1-1+lenny1
We believe that the bug you reported is fixed in the latest version of
hamlib, which is due to be installed in the Debian FTP archive:
hamlib_1.2.7.1-1+lenny1.diff.gz
to main/h/hamlib/hamlib_1.2.7.1-1+lenny1.diff.gz
hamlib_1.2.7.1-1+lenny1.dsc
to main/h/hamlib/hamlib_1.2.7.1-1+lenny1.dsc
libhamlib++-dev_1.2.7.1-1+lenny1_amd64.deb
to main/h/hamlib/libhamlib++-dev_1.2.7.1-1+lenny1_amd64.deb
libhamlib-dev_1.2.7.1-1+lenny1_amd64.deb
to main/h/hamlib/libhamlib-dev_1.2.7.1-1+lenny1_amd64.deb
libhamlib-doc_1.2.7.1-1+lenny1_all.deb
to main/h/hamlib/libhamlib-doc_1.2.7.1-1+lenny1_all.deb
libhamlib-utils_1.2.7.1-1+lenny1_amd64.deb
to main/h/hamlib/libhamlib-utils_1.2.7.1-1+lenny1_amd64.deb
libhamlib2++c2_1.2.7.1-1+lenny1_amd64.deb
to main/h/hamlib/libhamlib2++c2_1.2.7.1-1+lenny1_amd64.deb
libhamlib2-perl_1.2.7.1-1+lenny1_amd64.deb
to main/h/hamlib/libhamlib2-perl_1.2.7.1-1+lenny1_amd64.deb
libhamlib2-tcl_1.2.7.1-1+lenny1_amd64.deb
to main/h/hamlib/libhamlib2-tcl_1.2.7.1-1+lenny1_amd64.deb
libhamlib2_1.2.7.1-1+lenny1_amd64.deb
to main/h/hamlib/libhamlib2_1.2.7.1-1+lenny1_amd64.deb
python-libhamlib2_1.2.7.1-1+lenny1_amd64.deb
to main/h/hamlib/python-libhamlib2_1.2.7.1-1+lenny1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 559814@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kamal Mostafa <kamal@whence.com> (supplier of updated hamlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 15 Nov 2010 10:54:26 -0800
Source: hamlib
Binary: libhamlib2 libhamlib2++c2 libhamlib-dev libhamlib++-dev libhamlib2-perl libhamlib2-tcl python-libhamlib2 libhamlib-utils libhamlib-doc
Architecture: source amd64 all
Version: 1.2.7.1-1+lenny1
Distribution: stable
Urgency: high
Maintainer: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
Changed-By: Kamal Mostafa <kamal@whence.com>
Description:
libhamlib++-dev - Development library to control radio transceivers and receivers
libhamlib-dev - Development library to control radio transceivers and receivers
libhamlib-doc - Documentation for the hamlib radio control library
libhamlib-utils - Utilities to support the hamlib radio control library
libhamlib2 - Run-time library to control radio transceivers and receivers
libhamlib2++c2 - Run-time library to control radio transceivers and receivers
libhamlib2-perl - Run-time library to control radio transceivers and receivers
libhamlib2-tcl - Run-time library to control radio transceivers and receivers
python-libhamlib2 - Run-time library to control radio transceivers and receivers
Closes: 556098 559814
Changes:
hamlib (1.2.7.1-1+lenny1) stable; urgency=high
.
* Fix CVE-2009-3736 local privilege escalation (Closes: #559814):
- Use system libltdl not old internal copy
- Build-depend on libltdl3-dev
- configure, Makefile.am: skip internal libltdl build
* New maintainer: Kamal Mostafa <kamal@whence.com> (Closes: #556098).
Checksums-Sha1:
369d36064ff1f1cfa771d82d2d387e06b25b71e8 2088 hamlib_1.2.7.1-1+lenny1.dsc
fb71ff4a416d1283d9731b56e54ee16cb1348c73 114869 hamlib_1.2.7.1-1+lenny1.diff.gz
cd33b900914cc1da485bb8d29a4865322ac8b8d4 353016 libhamlib2_1.2.7.1-1+lenny1_amd64.deb
07bb40103070e5525442613b4c023515154a6546 21486 libhamlib2++c2_1.2.7.1-1+lenny1_amd64.deb
4a288e5333df03e521507e26e00fb55d3866f205 727048 libhamlib-dev_1.2.7.1-1+lenny1_amd64.deb
87c7de3b7097c5022f49bbeff278fc9c06978dec 23886 libhamlib++-dev_1.2.7.1-1+lenny1_amd64.deb
eef566a76c9875d4dfc1ea6eb3512323ce99acab 283488 libhamlib2-perl_1.2.7.1-1+lenny1_amd64.deb
fed472c74e3bfbdc219275857bc0bc5611b05a1c 157716 libhamlib2-tcl_1.2.7.1-1+lenny1_amd64.deb
55d4d4a5bf6381520c706bf592312b98419608c7 286936 python-libhamlib2_1.2.7.1-1+lenny1_amd64.deb
f4c40b11be894c9ab95000a8c32043e43d1ae4cb 117018 libhamlib-utils_1.2.7.1-1+lenny1_amd64.deb
1f889fb5a8216300c4ec01c869fd32087bc36c49 411492 libhamlib-doc_1.2.7.1-1+lenny1_all.deb
Checksums-Sha256:
9a3bc175f37e95bb30b0345b8c4001ceedbde922a22daeb38bfc3db913df92fc 2088 hamlib_1.2.7.1-1+lenny1.dsc
377b0a99497964d6d42a346484b7687de26f60b7320041f3f909adb8dc02762e 114869 hamlib_1.2.7.1-1+lenny1.diff.gz
54e2b0827b0162cfdbd6e6c89f0a178d4ab822b4ebbb4ba530968750a6b9b07a 353016 libhamlib2_1.2.7.1-1+lenny1_amd64.deb
72b89fa8055e3de1ae7a967371a2d1762933a6ad90455127555a953441cebb9c 21486 libhamlib2++c2_1.2.7.1-1+lenny1_amd64.deb
56f89218931c3912d4398fec6bd08393b6e5f1d0d877406825eea992e5dbc6be 727048 libhamlib-dev_1.2.7.1-1+lenny1_amd64.deb
9d307c1659502f1599e726f3b24d21dc78b0a5fefbc7c052f303cffe66f46809 23886 libhamlib++-dev_1.2.7.1-1+lenny1_amd64.deb
77fc84f10172703145d2cc5b352cb6ff4e2038b62fd917950cc02dcee5419931 283488 libhamlib2-perl_1.2.7.1-1+lenny1_amd64.deb
699846b7a7ff7f9f5085881d04f1cc00b324c20494add887c58b7a0d9a7a82c5 157716 libhamlib2-tcl_1.2.7.1-1+lenny1_amd64.deb
bbfd1884034903cbf7b390a48c8b0b305eaf680ded1e2b0b82af656f08139e32 286936 python-libhamlib2_1.2.7.1-1+lenny1_amd64.deb
a612f9fc0421490c5706650df0d28852874d9d7ae205ed0ce95b90dcd638af33 117018 libhamlib-utils_1.2.7.1-1+lenny1_amd64.deb
5cf9af528c51c412fc2febd8243b00d18038989b20ccc70918d0c2719d63e9bd 411492 libhamlib-doc_1.2.7.1-1+lenny1_all.deb
Files:
edc4325efa3f304562339a8a1aa24b78 2088 hamradio optional hamlib_1.2.7.1-1+lenny1.dsc
5ec4adbb89ac4c7ad9e9588d0d16e95f 114869 hamradio optional hamlib_1.2.7.1-1+lenny1.diff.gz
dbf093d3da1f846357f728fb93e87332 353016 libs optional libhamlib2_1.2.7.1-1+lenny1_amd64.deb
e2080ddeb51a37c5e65af5eb8889d599 21486 libs optional libhamlib2++c2_1.2.7.1-1+lenny1_amd64.deb
aeedb1796a52af0f2cebea74a9b34388 727048 libdevel optional libhamlib-dev_1.2.7.1-1+lenny1_amd64.deb
7a0f20aae2227b2357d4d752cb8a3b8c 23886 libdevel optional libhamlib++-dev_1.2.7.1-1+lenny1_amd64.deb
856c726abcc89aec014a6eea18283718 283488 perl optional libhamlib2-perl_1.2.7.1-1+lenny1_amd64.deb
7f5e7f42d33af511b3a8c727a814da7f 157716 interpreters optional libhamlib2-tcl_1.2.7.1-1+lenny1_amd64.deb
7f3d7636b3b1c422bd0174506fe5cf46 286936 python optional python-libhamlib2_1.2.7.1-1+lenny1_amd64.deb
4eb5e8344e202249d149a25551993371 117018 hamradio optional libhamlib-utils_1.2.7.1-1+lenny1_amd64.deb
1b5fef5ddf03b51b7ceda374643ec8d5 411492 doc optional libhamlib-doc_1.2.7.1-1+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJM+UkmAAoJEGc6A+TB25IfJxcP/jZUOuyCzp7fP/DtO6ZzR5rS
5uAlphN/mIkx8yClIjJKVnotwGYpr736M8W9eF1aMQh3TTnQ1Wt7v/WvPy5ORja5
gqvBK/T7hO9eluy4HPt0Fas+iYoHR7DVoHkpH1TTHvHUow4+Q+ar0niTvwrIlz/y
EAPbNOMI1g4ng1BSJez+zwQWDWVhaFi8jcen0yDdmOmxNHyBgx9cDNq6oUB30lBg
yUccz6/nBNL81MtKXj9eqo5kbgdH7+9OtUz8C7lBRvtTSQ5lcf+kSNvgR0LS5p8S
MepcxzcPCGxDX57hC9PKkxnBCxOuHMJ0RlZyesFdwqAmmbIbs31uFa6/4nZvl/RK
j+EeAaG1xS501fYCH1yWkjSUtJE/W3GALmHEDO4kmlBDHJRj3FfYHMAfNHCPtCnC
a2+9Id+5zaPe5BNhZvU9iHeD7VXkG0nUe4kibwosjfGxK0sBpystMHK4t5+23Qhx
sv552pETG8Kclz9T93T3JOD9clh9GNIDF/b2GXvG7SDCs9LZUeKpIHRDSUw8pKEo
r99jW48WDnHrtS8cuT4/fcMomUGx+bygPrqn1LwTsV5U4vNF61rfeUJ8/9I1cVPA
R5yrCWG0t4NdEBVZ2pwt0ZvXxSo/c+pIpdnDloHPbsy67M6fmyaSwdB7ErxUlndV
9BtFxlqHhB2LDKQ07ii1
=XsMI
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: