Bug#572937: marked as done (Multiple security issues)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 03 Apr 2010 17:45:49 +0000
with message-id <E1Ny7Pp-0006fN-5i@ries.debian.org>
and subject line Bug#572937: fixed in ncpfs 2.2.6-7
has caused the Debian Bug report #572937,
regarding Multiple security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
572937: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572937
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: Multiple security issues
• From: Moritz Muehlenhoff <jmm@debian.org>
• Date: Sun, 07 Mar 2010 19:45:22 +0100
• Message-id: <20100307184522.21870.21196.reportbug@localhost.localdomain>

Package: ncpfs
Severity: grave
Tags: security

Please see http://seclists.org/fulldisclosure/2010/Mar/122 for details
and a patch.

I don't know why the ncp mount needs to be setuid root in the first,
dropping the setuidness seems like an equally adequate fix to me.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages ncpfs depends on:
ii  libc6                         2.10.2-6   Embedded GNU C Library: Shared lib
ii  libncp                        2.2.6-6    shared library used by programs th
ii  libpam-ncp                    2.2.6-6    PAM module allowing authentication

ncpfs recommends no packages.

Versions of packages ncpfs suggests:
pn  ipx                           <none>     (no description available)

--- End Message ---

--- Begin Message ---

• To: 572937-close@bugs.debian.org
• Subject: Bug#572937: fixed in ncpfs 2.2.6-7
• From: Anibal Monsalve Salazar <anibal@debian.org>
• Date: Sat, 03 Apr 2010 17:45:49 +0000
• Message-id: <E1Ny7Pp-0006fN-5i@ries.debian.org>

Source: ncpfs
Source-Version: 2.2.6-7

We believe that the bug you reported is fixed in the latest version of
ncpfs, which is due to be installed in the Debian FTP archive:

ipx_2.2.6-7_amd64.deb
  to main/n/ncpfs/ipx_2.2.6-7_amd64.deb
libncp-dev_2.2.6-7_amd64.deb
  to main/n/ncpfs/libncp-dev_2.2.6-7_amd64.deb
libncp_2.2.6-7_amd64.deb
  to main/n/ncpfs/libncp_2.2.6-7_amd64.deb
libpam-ncp_2.2.6-7_amd64.deb
  to main/n/ncpfs/libpam-ncp_2.2.6-7_amd64.deb
ncpfs_2.2.6-7.debian.tar.bz2
  to main/n/ncpfs/ncpfs_2.2.6-7.debian.tar.bz2
ncpfs_2.2.6-7.dsc
  to main/n/ncpfs/ncpfs_2.2.6-7.dsc
ncpfs_2.2.6-7_amd64.deb
  to main/n/ncpfs/ncpfs_2.2.6-7_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 572937@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated ncpfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 27 Mar 2010 15:21:50 +1100
Source: ncpfs
Binary: ncpfs ipx libncp libncp-dev libpam-ncp
Architecture: source amd64
Version: 2.2.6-7
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description: 
 ipx        - utilities to configure the kernel ipx interface
 libncp     - shared library used by programs that use NetWare Core Protocol
 libncp-dev - libncp: development libraries and header files
 libpam-ncp - PAM module allowing authentication from a NetWare server
 ncpfs      - utilities to use resources from NetWare servers
Closes: 572937
Changes: 
 ncpfs (2.2.6-7) unstable; urgency=low
 .
   * QA upload
   * Merge 2.2.6-6ubuntu2
   * Fix Multiple security issues
     CVE-2010-0788, CVE-2010-0790, and CVE-2010-0791
     http://seclists.org/fulldisclosure/2010/Mar/122
     Add 12-572937-multiple-security-issues.patch
     Closes: 572937
   * Debian source format is 3.0 (quilt)
     Add 01-legacy.patch
   * DH compat level is 7
   * Fix out-of-date-standards-version
   * Fix maintainer-script-ignores-errors
   * Fix copyright-refers-to-versionless-license-file
   * Fix dh_undocumented-is-obsolete
   * Fix dh-clean-k-is-deprecated
Checksums-Sha1: 
 1e547c73aacc344338a7b09b99e0b43b24d5aa91 1733 ncpfs_2.2.6-7.dsc
 d60c68ff6adf83dcc211b9a1707b022e5fa717e4 25519 ncpfs_2.2.6-7.debian.tar.bz2
 1871d3b23bc9f232eeeea8a718ddfb2040795d3a 789364 ncpfs_2.2.6-7_amd64.deb
 cf60a39b1b547e0d50d23dbb17a78b0d8c3c7d97 40446 ipx_2.2.6-7_amd64.deb
 8e20e34913bc64a6de670f35629690f6c4df89fe 181646 libncp_2.2.6-7_amd64.deb
 e7225f2e4c32b8e311b1d339d981130f4ac47ab7 265112 libncp-dev_2.2.6-7_amd64.deb
 91fc6a0fd87e6f9c14bbd75b679229fce266c4ef 52206 libpam-ncp_2.2.6-7_amd64.deb
Checksums-Sha256: 
 39114e546b071a6b800996c2a50a6b5e7b07a8188a2763afefddd43395fd5ce4 1733 ncpfs_2.2.6-7.dsc
 bc4d249c0ee6a8a9e91b8fedb5b40cb601edf324137f7e9a4f4438f521fcdff7 25519 ncpfs_2.2.6-7.debian.tar.bz2
 f5c6206ae7570c6ec279d9c96d65f2b74cfb8e64de80b016cb978dd8cb590d91 789364 ncpfs_2.2.6-7_amd64.deb
 c43583ca150c0acf692e7258a4ee3c2f8f66783699716a3608fffacb5de5120b 40446 ipx_2.2.6-7_amd64.deb
 2c088e8538674a7f9facf197b56552e724c93426604ed5f79df0f0b7d497070f 181646 libncp_2.2.6-7_amd64.deb
 ef0dad2f352d4f3bf068cbc9f8244822a637f707b088afb7afbb7f902ec2ea96 265112 libncp-dev_2.2.6-7_amd64.deb
 fe20a2add47f9f8c11dc044918bbc62d4f40052daeb0e7735728323d065be854 52206 libpam-ncp_2.2.6-7_amd64.deb
Files: 
 26050cbdb147d582de237be74a2fe711 1733 net extra ncpfs_2.2.6-7.dsc
 0dc89ac640e450a99fd345ac765a5074 25519 net extra ncpfs_2.2.6-7.debian.tar.bz2
 ddbda37deb495a208265d8b023726205 789364 net extra ncpfs_2.2.6-7_amd64.deb
 dc21af2756d66b41504ada4f29dc8ebb 40446 net optional ipx_2.2.6-7_amd64.deb
 a489b4346146ca7ec332c2319e87c19e 181646 libs extra libncp_2.2.6-7_amd64.deb
 9e128c33375167b981558df9770467bd 265112 libdevel extra libncp-dev_2.2.6-7_amd64.deb
 d86c0b1d530971f46aa597e9c5b740ba 52206 admin extra libpam-ncp_2.2.6-7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJLrZ4/AAoJEHxWrP6UeJfYAwwQALnRl0kF04w7iVaxwz7+19Bj
9aH/SPdDZFAXDLnGcyqrxcI2HBdlC5MlnQ8q/M9U99a9B446Mk4cajZ1mUsOixZT
AmR6C8XelTiJ/C+PiTyDOYvqaotLKNFsi9ZZXvNtVt3NYVTlpHgIHXGYBh1JWL6f
UGi2Y/wtnaHm7Wqx4lY4M5QyZ97H1DPor1KLOkGQlXuHlEkqRTdpnxPAydy2SyEW
eiRAUhEGimeMDXudBfWOPH6TgLLtpJJ+oAOgx1NBUcOKI2vT0D1xHwmR9lQwklT+
XnZJVhBMvyMnkbRWg7OpPuyg/wRkR9vY2QY6tWBAj9UhnRgDYwisPeAUL13NcCfo
gakrT+u+TmMH9QaN24s3C8RPb/Insk5U06dfL2GUbAvxP74uTOaa2dans7crtEKe
jtfFTi9uP9k5NjAvjJgZOnIT4TsKhqZXgF4sgKevTb77TExPQ+nb/SopQ74nTEeo
f0YXOzUVB2g8QxG+FtNacxTiVgomwjknYu88CAocis6EQxkoGy6x86nCnZatTFXQ
Spo/BRyVZJKQ25X2Mok1dxJq1iPTiRhGrKQHJQ+Qd5KwM1CW3Bu4L/78ehhOdpGG
jjtuBnshHUggSWyTBoeyWzKVAwSBX5Cl8lgikCEy+zlYa+QFDD3Bd6ohsfVBOwng
xh0PgB6xcsQSljS6m4wV
=eVBn
-----END PGP SIGNATURE-----

--- End Message ---