Bug#962221: marked as done (xawtv: CVE-2020-13696)
Your message dated Wed, 08 Jul 2020 10:51:31 +0000
with message-id <E1jt7fn-0007re-G7@fasolo.debian.org>
and subject line Bug#962221: fixed in xawtv 3.107-1
has caused the Debian Bug report #962221,
regarding xawtv: CVE-2020-13696
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
962221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962221
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: xawtv: CVE-2020-13696
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 04 Jun 2020 19:31:48 +0200
- Message-id: <159129190871.1446779.10956749972794260254.reportbug@eldamar.local>
Source: xawtv
Version: 3.106-1
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for xawtv.
CVE-2020-13696[0]:
| v4l-conf setuid-root program allows file existence tests and open(...,
| O_RDRW) on arbitrary files
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-13696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13696
[1] https://www.openwall.com/lists/oss-security/2020/06/04/6
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xawtv
Source-Version: 3.107-1
Done: Jeremy Sowden <jeremy@azazel.net>
We believe that the bug you reported is fixed in the latest version of
xawtv, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 962221@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Sowden <jeremy@azazel.net> (supplier of updated xawtv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 05 Jul 2020 17:42:23 +0100
Source: xawtv
Architecture: source
Version: 3.107-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Jeremy Sowden <jeremy@azazel.net>
Closes: 962221
Changes:
xawtv (3.107-1) unstable; urgency=medium
.
* Team upload.
.
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat
* Bump Standards-Version to 4.4.1
.
[ Jeremy Sowden ]
* d/gbp.conf: fix spelling of file-name.
* d/watch: get tar-balls from the main site: they don't appear to be
available from the gitweb interface.
* New upstream version 3.107:
- includes partial fix for CVE-2020-13696.
* d/control: bump Standards-Version to 4.5.0.
* d/patches: add patch which completes fix for CVE-2020-13696
(closes: #962221).
.
[ Vasyl Gello ]
* d/control:
+ Bump debhelper version to 13.
+ Add Homepage Field.
+ Set Rules-Requires-Root: binary-targets
* d/copyright: Rewrite using copyright-format 1.0.
* Drop all .menu files, since they are deprecated by TCTTE years ago.
* d/rules:
+ Drop now obsolete --dbgsym-migration.
+ Export DH_VERBOSE instead of verbose.
* Add lintian override for debian-watch-does-not-check-gpg-signature.
* Add upstream metadata file.
* In the maintainer scripts, use `set -e` instead of setting -e in the
shebangs.
Checksums-Sha1:
7594015f14ea4e3acbb5f492a5dcb186cf418493 3020 xawtv_3.107-1.dsc
1bfa90c7406272d14dd05288c268f765bd685b4f 513384 xawtv_3.107.orig.tar.bz2
3866be881dd1bba74ce01c40f5d7c9cb9b0a5e91 43092 xawtv_3.107-1.debian.tar.xz
de49f5f9cda19c71bc6fa85545b1cf452a843a03 18857 xawtv_3.107-1_amd64.buildinfo
Checksums-Sha256:
9d5ef91b61036ae4827cafd1a33a88f68e1dbe79f9d7ad5cb1fcd3d5be66d902 3020 xawtv_3.107-1.dsc
c53bea63c155e5bc52821e1772cdae2da06a948be45544c7015277a02207b714 513384 xawtv_3.107.orig.tar.bz2
a308c2349652d23cc52a07f1af0bcb884dc19bf739064e140010951cc30e3688 43092 xawtv_3.107-1.debian.tar.xz
77f3ef26ded4a0c80b4d558db120c919b5b7285c3e52080fa127f49e40e70e2d 18857 xawtv_3.107-1_amd64.buildinfo
Files:
4a296a3a3c0637059dbd74da9ed9f751 3020 video optional xawtv_3.107-1.dsc
3c9171aeeda7ca3eb2287f45ca7e86a9 513384 video optional xawtv_3.107.orig.tar.bz2
378d0ef4454afc62731c68f5cce687d0 43092 video optional xawtv_3.107-1.debian.tar.xz
d11beab8025dd61b41391fc2009445c3 18857 video optional xawtv_3.107-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAl8Fn6kACgkQCBa54Yx2
K61bkg//c1PjWVIL0GP+5190Gv1JuquYUhCwh2DQnfEhbJ1kXRq4zYYrhdc6S6Wx
tdXiinWVgeB2d88kjz7OFMo3Os1TbM8LijAh9+UnThJIsxmWd3uYS8JN6uyRwjrM
ti8uKUJ+tcZhjP8NyXPZMlnplufYfQ4Sj0pE8pcLLlVvWV2Pui9sDBGtKDLGPgGv
Gnd2I4yC6Y+moCaeOD7gnqASb+5tjxZI9jjv6AG4ha03vE5cqVpXewmTvOTEE8yH
QzhZQzHdd15XNGUUq3w1LK6fKEo2s5awPx9MkJW9efAK0+MMhzep8OqBF7+gDlHa
z2owxla7gCzBxipTcNoK1X22jeltdjYKp6BpCfG0HpGWzo/rdLuTxtTm10MTMBhG
Gfxrhzp+SUBzAjV6gphTf8Vc8X+vAg7fx3nRDuIU9R6gywwCAAlpqU3pWTL7STfZ
BfQMebArx4CTIvS+A/shiFSforugNneYXaKRSnqjL/+B+aPQsSIU8/PSoZttjelv
0g1zqPZgi8BsfBxjTGnOR809Zi9/5n4asd1M+rjDXJSFCTZs2WUneiQSp+0zpk4r
9mKU1ROJRIKxC2J6fL2kLVqOSjhbDOXcDt0yH3wnfmsTMXddtMYQkQlFf5pfrClm
szRC3IvmuAJ+Dr/Z6HIIDXpVdAU5uk/fU6A3vJeFnudMm5GAVfc=
=5W43
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: