Debian Bug report logs -
#695832
apt: CVE-2012-0961
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 13 Dec 2012 07:54:01 UTC
Severity: grave
Tags: security
Found in version apt/0.9.7.6
Fixed in version apt/0.9.7.7
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, APT Development Team <deity@lists.debian.org>
:
Bug#695832
; Package apt
.
(Thu, 13 Dec 2012 07:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, APT Development Team <deity@lists.debian.org>
.
(Thu, 13 Dec 2012 07:54:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: apt
Severity: grave
Tags: security
Justification: user security hole
This was assigned CVE-2012-0961:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/975199
Stable is not affected, the logging as done as 0600 there.
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>
:
Bug#695832
; Package apt
.
(Thu, 13 Dec 2012 10:36:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Vogt <mvo@debian.org>
:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>
.
(Thu, 13 Dec 2012 10:36:05 GMT) (full text, mbox, link).
Message #10 received at 695832@bugs.debian.org (full text, mbox, reply):
On Thu, Dec 13, 2012 at 08:49:42AM +0100, Moritz Muehlenhoff wrote:
> Package: apt
> Severity: grave
> Tags: security
> Justification: user security hole
>
> This was assigned CVE-2012-0961:
> https://bugs.launchpad.net/ubuntu/+source/apt/+bug/975199
>
> Stable is not affected, the logging as done as 0600 there.
Thanks for your bugreport. I uploaded a fix to unstable as
0.9.7.7 and send a unblock request as bug #695841.
Cheers,
Michael
> Cheers,
> Moritz
>
>
> --
> To UNSUBSCRIBE, email to deity-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20121213074942.25033.89000.reportbug@m25s06.vlinux.de
>
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>
:
You have taken responsibility.
(Thu, 13 Dec 2012 15:51:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(Thu, 13 Dec 2012 15:51:05 GMT) (full text, mbox, link).
Message #15 received at 695832-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: apt
Source-Version: 0.9.7.7
Hi Michael
On Thu, Dec 13, 2012 at 11:33:42AM +0100, Michael Vogt wrote:
> On Thu, Dec 13, 2012 at 08:49:42AM +0100, Moritz Muehlenhoff wrote:
> > Package: apt
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > This was assigned CVE-2012-0961:
> > https://bugs.launchpad.net/ubuntu/+source/apt/+bug/975199
> >
> > Stable is not affected, the logging as done as 0600 there.
>
> Thanks for your bugreport. I uploaded a fix to unstable as
> 0.9.7.7 and send a unblock request as bug #695841.
Noticed this bug. Closing with the version accordingly.
Regards,
Salvatore
[signature.asc (application/pgp-signature, inline)]
Marked as found in versions apt/0.9.7.6.
Request was from Paul Wise <pabs@debian.org>
to control@bugs.debian.org
.
(Thu, 13 Dec 2012 15:57:03 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 21 Jan 2013 07:26:17 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:15:48 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.