Debian Bug report logs -
#685476
pcp: CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 CVE-2012-3421
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 21 Aug 2012 06:03:02 UTC
Severity: grave
Tags: security
Found in version pcp/3.2.0
Fixed in versions pcp/3.3.3-squeeze1, 3.6.5
Done: gregor herrmann <gregoa@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Nathan Scott <nathans@debian.org>:
Bug#685476; Package pcp.
(Tue, 21 Aug 2012 06:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Nathan Scott <nathans@debian.org>.
(Tue, 21 Aug 2012 06:03:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: pcp
Severity: grave
Tags: security
Justification: user security hole
Florian Weimer discovered several issues in pcp. Details and patches are
available in Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3418
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3419
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3420
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3421
Cheers,
Moritz
Reply sent
to gregor herrmann <gregoa@debian.org>:
You have taken responsibility.
(Fri, 02 Nov 2012 14:27:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Fri, 02 Nov 2012 14:27:06 GMT) (full text, mbox, link).
Message #10 received at 685476-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 3.6.5
Control: found -1 3.2.0
Control: notfound -1 3.3.3-squeeze1
On Tue, 21 Aug 2012 07:56:25 +0200, Moritz Muehlenhoff wrote:
> Package: pcp
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Florian Weimer discovered several issues in pcp. Details and patches are
> available in Red Hat Bugzilla:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3418
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3419
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3420
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3421
3.6.5 was uploaded to unstable on 2012-08-16, containing fixes for
thess 4 CVEs; same for 3.3.3-squeeze1 in squeeze-security.
Closing the bug with this version accordingly and setting some
found/notfound versions.
Cheers,
gregor
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
`- NP: Supertramp: Know Who You Are
[signature.asc (application/pgp-signature, inline)]
Marked as found in versions pcp/3.2.0.
Request was from gregor herrmann <gregoa@debian.org>
to control@bugs.debian.org.
(Fri, 02 Nov 2012 14:42:03 GMT) (full text, mbox, link).
Marked as fixed in versions pcp/3.3.3-squeeze1.
Request was from gregor herrmann <gregoa@debian.org>
to control@bugs.debian.org.
(Fri, 02 Nov 2012 15:00:03 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 28 Dec 2012 07:27:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:01:02 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon