Bug#576086: marked as done (iscsitarget: Format string vulnerability)

To: Frederik Schüler <fs@debian.org>
Subject: Bug#576086: marked as done (iscsitarget: Format string vulnerability)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 13 Apr 2010 09:39:09 +0000
Message-id: <handler.576086.D576086.127115140914927.ackdone@bugs.debian.org>
References: <E1O1cY0-0006IU-2g@ries.debian.org> <20100322095805.11504.41020.reportbug@kwain.cpc.wmin.ac.uk>

Your message dated Tue, 13 Apr 2010 09:36:44 +0000
with message-id <E1O1cY0-0006IU-2g@ries.debian.org>
and subject line Bug#576086: fixed in tgt 1:1.0.3-2
has caused the Debian Bug report #576086,
regarding iscsitarget: Format string vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
576086: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576086
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: iscsitarget: Format string vulnerability
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Mon, 22 Mar 2010 09:58:05 +0000
Message-id: <20100322095805.11504.41020.reportbug@kwain.cpc.wmin.ac.uk>

Package: iscsitarget
Version: 0.4.16+svn162-3
Severity: critical
Tags: security
Justification: root security hole


There is at least two remotely exploitable format string vulnerabilities in the debian stable package... which have been fixed upstream.

isns.c:302
isns.c:690

The default init script encourage users to run ietd as root (see the following bugs)

#545536 iscsitarget: allow running as non-root
#566509 New upstream version

Please fix it.

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages iscsitarget depends on:
ii  libc6                   2.7-18lenny2     GNU C Library: Shared libraries
ii  libssl0.9.8             0.9.8g-15+lenny6 SSL shared libraries

Versions of packages iscsitarget recommends:
pn  iscsitarget-module            <none>     (no description available)

Versions of packages iscsitarget suggests:
pn  iscsitarget-source            <none>     (no description available)

-- no debconf information

--- End Message ---

--- Begin Message ---

To: 576086-close@bugs.debian.org
Subject: Bug#576086: fixed in tgt 1:1.0.3-2
From: Frederik Schüler <fs@debian.org>
Date: Tue, 13 Apr 2010 09:36:44 +0000
Message-id: <E1O1cY0-0006IU-2g@ries.debian.org>

Source: tgt
Source-Version: 1:1.0.3-2

We believe that the bug you reported is fixed in the latest version of
tgt, which is due to be installed in the Debian FTP archive:

tgt_1.0.3-2.debian.tar.gz
  to main/t/tgt/tgt_1.0.3-2.debian.tar.gz
tgt_1.0.3-2.dsc
  to main/t/tgt/tgt_1.0.3-2.dsc
tgt_1.0.3-2_amd64.deb
  to main/t/tgt/tgt_1.0.3-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 576086@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Frederik Schüler <fs@debian.org> (supplier of updated tgt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 13 Apr 2010 10:54:19 +0200
Source: tgt
Binary: tgt
Architecture: source amd64
Version: 1:1.0.3-2
Distribution: unstable
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Frederik Schüler <fs@debian.org>
Description: 
 tgt        - Linux SCSI target user-space tools
Closes: 576086
Changes: 
 tgt (1:1.0.3-2) unstable; urgency=low
 .
   * Fix Format string vulnerability CVE-2010-0743.
     (Closes: #576086)
Checksums-Sha1: 
 5bab50cd3c7973ace2e1eabe858c9fde96ee1bb5 1103 tgt_1.0.3-2.dsc
 d3617aeff695d0bdd3514c79765137f4a26fdb99 3741 tgt_1.0.3-2.debian.tar.gz
 629d0464aff87d42249ab207f5b1f5ff498fc960 194892 tgt_1.0.3-2_amd64.deb
Checksums-Sha256: 
 c93821d4a147679c9f6197c6a4deeaa110465c537e5e5d12c58f750a45a162c7 1103 tgt_1.0.3-2.dsc
 0eb5c83a80cb171dc5e59203a8fc17267505f17f4a23a80bd3c6cb719f45abac 3741 tgt_1.0.3-2.debian.tar.gz
 eb79c6bc5f00970594e0b82ec683ce0d9b2d435b4990eb24174169989a0d0bc2 194892 tgt_1.0.3-2_amd64.deb
Files: 
 07939edbf62f6ce321cdc9e0b7a1720c 1103 net optional tgt_1.0.3-2.dsc
 93a5ce412ef405604d881bfe8c03c1b1 3741 net optional tgt_1.0.3-2.debian.tar.gz
 ff75035d054718d42a6f5f1790b31de8 194892 net optional tgt_1.0.3-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvENw8ACgkQ6n7So0GVSSDiPgCeIVeF8mCpi7BmFcGBTksMIeq6
OGAAnjT5DcNv5hq3y693XDzdSgYqwLVg
=shSk
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: tgt_1.0.3-2_amd64.changes ACCEPTED
Next by Date: Bug#562847: closed by maximilian attems <maks@debian.org> (Bug#519800: fixed in initramfs-tools 0.94)
Previous by thread: tgt_1.0.3-2_amd64.changes ACCEPTED
Next by thread: Bug#577640: linux-image-2.6.33-2-amd64: Kernel warnings in netns thread
Index(es):
- Date
- Thread