Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

libjgroups-java: CVE-2013-4112

Related Vulnerabilities: CVE-2013-4112  

Source

Debian Bug report logs - #717031
libjgroups-java: CVE-2013-4112

version graph

Package: libjgroups-java; Maintainer for libjgroups-java is Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>; Source for libjgroups-java is src:libjgroups-java (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Tue, 16 Jul 2013 07:42:10 UTC

Severity: grave

Tags: security

Fixed in version libjgroups-java/2.12.2.Final-4

Done: Emmanuel Bourg <ebourg@apache.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#717031; Package libjgroups-java. (Tue, 16 Jul 2013 07:42:15 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Tue, 16 Jul 2013 07:42:15 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libjgroups-java: CVE-2013-4112
Date: Tue, 16 Jul 2013 09:38:06 +0200
Package: libjgroups-java
Severity: grave
Tags: security
Justification: user security hole

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4112

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#717031; Package libjgroups-java. (Tue, 16 Jul 2013 11:03:04 GMT) (full text, mbox, link).

Acknowledgement sent to Emmanuel Bourg <ebourg@apache.org>:
Extra info received and forwarded to list. Copy sent to Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Tue, 16 Jul 2013 11:03:04 GMT) (full text, mbox, link).

Message #10 received at 717031@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bourg <ebourg@apache.org>
To: 717031@bugs.debian.org, 717031-submitter@bugs.debian.org
Subject: Re: Bug#717031: libjgroups-java: CVE-2013-4112
Date: Tue, 16 Jul 2013 12:58:58 +0200
Debian has JGroups 2.12, this version doesn't use authentication. An
attacker can disrupt a node (stopping or slowing it down) but not
execute arbitrary code.

Diagnostics are enabled by default. We can simply disable them by default.

Emmanuel Bourg

Message sent on to Moritz Muehlenhoff <jmm@inutil.org>:
Bug#717031. (Tue, 16 Jul 2013 11:03:07 GMT) (full text, mbox, link).

Reply sent to Emmanuel Bourg <ebourg@apache.org>:
You have taken responsibility. (Tue, 16 Jul 2013 11:21:05 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Tue, 16 Jul 2013 11:21:05 GMT) (full text, mbox, link).

Message #18 received at 717031-close@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bourg <ebourg@apache.org>
To: 717031-close@bugs.debian.org
Subject: Bug#717031: fixed in libjgroups-java 2.12.2.Final-4
Date: Tue, 16 Jul 2013 11:18:52 +0000
Source: libjgroups-java
Source-Version: 2.12.2.Final-4

We believe that the bug you reported is fixed in the latest version of
libjgroups-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 717031@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg <ebourg@apache.org> (supplier of updated libjgroups-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 16 Jul 2013 12:18:18 +0200
Source: libjgroups-java
Binary: libjgroups-java
Architecture: source all
Version: 2.12.2.Final-4
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Description: 
 libjgroups-java - Toolkit for Reliable Multicast Communication
Closes: 717031
Changes: 
 libjgroups-java (2.12.2.Final-4) unstable; urgency=low
 .
   * Disable diagnostic probing by default (CVE-2013-4112) (Closes: #717031)
Checksums-Sha1: 
 b83315f28f9f556f45cc666788beb920ea5d739f 2355 libjgroups-java_2.12.2.Final-4.dsc
 84877929bc0fe81db109c67f3110e85ba61feda1 5067 libjgroups-java_2.12.2.Final-4.debian.tar.gz
 8b7decb8f73c8091b6bb88178a34484cb892b6cf 2040596 libjgroups-java_2.12.2.Final-4_all.deb
Checksums-Sha256: 
 b03d492da2236f450d5c678612d0aef01ecb9bedd338dd167c6a8117e9c62054 2355 libjgroups-java_2.12.2.Final-4.dsc
 0659cda744147205eacc50764017ff4a7acd380b0e0572984201859ca83e55ca 5067 libjgroups-java_2.12.2.Final-4.debian.tar.gz
 df5546dfda8a22955e3bcaf83b85d86dd17201856a048151de5d1dbff31e61bf 2040596 libjgroups-java_2.12.2.Final-4_all.deb
Files: 
 fe395146e575da98b2251920da133448 2355 java optional libjgroups-java_2.12.2.Final-4.dsc
 abdb5958ca21f222f1cbaf3a7ecb9c21 5067 java optional libjgroups-java_2.12.2.Final-4.debian.tar.gz
 5b21a6ee375b8402837b982e4fa796d8 2040596 java optional libjgroups-java_2.12.2.Final-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJR5SgEAAoJEPUTxBnkudCsZ58QAKYKbGkewKlj5ihGC9zI2t+a
UbQ3sw1e/NvGVib3YQ+/LlhfbIcA2n3kkL5JNYVxviyfmzL0HXp7uyxMyL//Tzfj
yMMZU6LIhYnxyJVNV+gXgD/Py1bO4CGo1Qn9hOSRwZQcLzAYQZXfNIcUOFe5sd9f
DLOggHBuvWBvustd4kTZ1GTzEk6GO+sde/QuBDCvMEDb0HDsEyHeG+LdVUNBQle8
aSq01Ni0lZEfoM0R/86neiJVnX+RjCzdmRJXd8PJybPdxztsShsLE/WOvxgfO4m8
ar/JOMb5HecdK74b/l7aL4wPjajmYycqXGejkXGzgIN9ko3l5e6cjYEBqNboooO/
O5bjV0eB6Ii49mDGWST0Vq8WlBna6A4ZEDVTLYdwra4UPqUOvpllC01QBUT18+O0
i2duLXeNu4exK/lE9kXBeCGNtvZWL57V2a7k8fNdfucf+A8h81WVN3MYQwIXYxRi
uH5Vz/O1vJCUXZUSwBeqDmFA+7NpVQMcB+Fk+xKRL3GJI+a49s4PfKTW6+JJTPut
519RSroVYzYt3I2kUu6ZxLu3QHAyLX/NxQeXVeYco46iqvTNA8mYQwZEA6Xn6ipo
4VJMLmTauGc9d6+uMTasI6ttODkVEUZhjHAbFEXdH8iofq/RD9EYSJ7/S05YYdPe
sD3r66ZmPsoti3n30tD4
=W7aA
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 May 2015 07:42:31 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:16:32 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started