Bug#1101498: marked as done (condor: CVE-2025-30093)

To: Tim Theisen <tim@cs.wisc.edu>
Subject: Bug#1101498: marked as done (condor: CVE-2025-30093)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 04 Apr 2025 22:24:02 +0000
Message-id: <[🔎] handler.1101498.D1101498.1743805214660348.ackdone@bugs.debian.org>
Reply-to: 1101498@bugs.debian.org
References: <E1u0pOU-004u16-J6@fasolo.debian.org> <Z-awvIeS0KrFqRvs@pisco.westfalen.local>

Your message dated Fri, 04 Apr 2025 22:20:10 +0000
with message-id <E1u0pOU-004u16-J6@fasolo.debian.org>
and subject line Bug#1101498: fixed in condor 23.9.6+dfsg-2
has caused the Debian Bug report #1101498,
regarding condor: CVE-2025-30093
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1101498: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101498
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: condor: CVE-2025-30093
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Fri, 28 Mar 2025 15:22:52 +0100
Message-id: <Z-awvIeS0KrFqRvs@pisco.westfalen.local>

Source: condor
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for condor.

CVE-2025-30093[0]:
| HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x
| before 24.0.6, and 24.6.x before 24.6.1 allows authenticated
| attackers to bypass authorization restrictions.

https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0001.html


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-30093
    https://www.cve.org/CVERecord?id=CVE-2025-30093

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

To: 1101498-close@bugs.debian.org
Subject: Bug#1101498: fixed in condor 23.9.6+dfsg-2
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 04 Apr 2025 22:20:10 +0000
Message-id: <E1u0pOU-004u16-J6@fasolo.debian.org>
Reply-to: Tim Theisen <tim@cs.wisc.edu>

Source: condor
Source-Version: 23.9.6+dfsg-2
Done: Tim Theisen <tim@cs.wisc.edu>

We believe that the bug you reported is fixed in the latest version of
condor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1101498@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tim Theisen <tim@cs.wisc.edu> (supplier of updated condor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 02 Apr 2025 16:50:00 -0500
Source: condor
Architecture: source
Version: 23.9.6+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian HPC Team <debian-hpc@lists.debian.org>
Changed-By: Tim Theisen <tim@cs.wisc.edu>
Closes: 1101498
Changes:
 condor (23.9.6+dfsg-2) unstable; urgency=medium
 .
   * Address security issue CVE-2025-30093 (Closes: #1101498)
Checksums-Sha1:
 2e482c60c3aaae6ac80d2a28cb90fddedc6f1f6d 3445 condor_23.9.6+dfsg-2.dsc
 73075b99f38daa34f2f5d6272dbb28023b26648e 29688 condor_23.9.6+dfsg-2.debian.tar.xz
 2af5f53fc056b977e53a304064eeee38dafaf3e2 22973 condor_23.9.6+dfsg-2_amd64.buildinfo
Checksums-Sha256:
 4c84ed974f54b19bf0d832dddc0745f6343b361e4a5e524b242818f18cd6f6c4 3445 condor_23.9.6+dfsg-2.dsc
 2986a41decadccafc688fd0b74a106200fc55fc4e685061bba425e8507ee8b10 29688 condor_23.9.6+dfsg-2.debian.tar.xz
 5909819cd4a01263cf0556a13f574fd671fca077cbed31433a88731d9d272c0a 22973 condor_23.9.6+dfsg-2_amd64.buildinfo
Files:
 28c6890bf7513c24e98f2b2ce1935a19 3445 science optional condor_23.9.6+dfsg-2.dsc
 f1a0c21f5b2161c6a0306db4be89196a 29688 science optional condor_23.9.6+dfsg-2.debian.tar.xz
 dd50c8a317e0d90476af3115f149ae61 22973 science optional condor_23.9.6+dfsg-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEav49zFEyf1DZRLAL/HDSa5XNMy4FAmfwU7oACgkQ/HDSa5XN
My6ZKQ//dwq2olvUyx33meMDEs5PIdkAE8lKf1HRRHKsSWWtijVT4gexkteM2/FA
qmK1GCe63vfPKTIooNMxWMWghu9ffNKi0d4ORoswoXTqd2sQSeHu49rxkOqOn55b
S5fh1Ab8Q6FHk78VqncnVnVdKJ9p+R2fuaSndTw7IYpcynrw5nQYyUt48ralFndJ
p4vv81HAaNJ/UEK57HfO1iOtzBZ2QgzoN8l7UjAFwnyAadZA7MrgRy2pmtTId7Fq
5o60iH5xnLi6zk6ifpG4DASgDBi9H/uOWNmaMDv08vlv7S93ZUusH6pSx1lIV5nj
FuFLhqjKl9zsTp5S0Y7VIkJzBp6a/Ij8Ig9dDj4dDbvnGWC4MeKdyB3EqqTE7Srr
YvR9Jdynl73/XHiUsH46rqk2qJheUdktyNswgQ/CFDPbzOrqRN1169UpWGxYc0LJ
3lhtAJBhyY3BmVb1NInLMn4pOFGYcC1rRWoR84EUpb4unMMTXk1CblhpnfbdSWv9
xekvSuAvT2Md42DOuZFRNIc8WnJ1irWDhnGVatpH8bnuGeCsKr/vq+M49hmr0Yw+
fQcwc7ttBBPX7porkN/o0tQZlISqvIXOUMEEPZiJnra9bR0gGENguTSScDugCLV2
WLZdrwirrXazLMvEtRLG8J8NM1n1EVVG2GCnnSLTh1eQCsSC6DA=
=/dfm
-----END PGP SIGNATURE-----

Attachment: pgpWw9ILVSD4f.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: condor_23.9.6+dfsg-2_amd64.changes ACCEPTED into unstable
Next by Date: Processed: Re: Bug#1071316: infinipath-psm: FTBFS: ips_proto_dump.c:142:15: error: static declaration of ‘strlcat’ follows non-static declaration
Previous by thread: condor_23.9.6+dfsg-2_amd64.changes ACCEPTED into unstable
Next by thread: Bug#1071316: infinipath-psm: FTBFS: ips_proto_dump.c:142:15: error: static declaration of ‘strlcat’ follows non-static declaration
Index(es):
- Date
- Thread