Debian Bug report logs -
#751083
lynis: CVE-2014-3986
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 10 Jun 2014 07:09:01 UTC
Severity: grave
Tags: security
Found in version lynis/1.2.9-2
Fixed in version lynis/1.5.5-1
Done: Francisco Manuel Garcia Claramonte <francisco@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Francisco Manuel Garcia Claramonte <francisco@debian.org>:
Bug#751083; Package lynis.
(Tue, 10 Jun 2014 07:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Francisco Manuel Garcia Claramonte <francisco@debian.org>.
(Tue, 10 Jun 2014 07:09:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: lynis
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see http://linux-audit.com/lynis-security-notice-154-and-older/
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#751083; Package lynis.
(Tue, 10 Jun 2014 16:27:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Francisco Manuel Garcia Claramonte <francisco@debian.org>:
Extra info received and forwarded to list.
(Tue, 10 Jun 2014 16:27:09 GMT) (full text, mbox, link).
Message #10 received at 751083@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
El mar, 10-06-2014 a las 08:53 +0200, Moritz Muehlenhoff escribió:
> Package: lynis
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
> please see http://linux-audit.com/lynis-security-notice-154-and-older/
>
Hi Moritz,
Thank you for your report.
I am working on it. In a few minutes I'll upload the fixed version.
Regards,
Francisco
> Cheers,
> Moritz
--
Francisco M. García Claramonte
Debian GNU/Linux Developer <francisco@debian.org>
GPG: public key ID 556ABA51
http://people.debian.org/~francisco/
--
Francisco M. García Claramonte
Debian GNU/Linux Developer <francisco@debian.org>
GPG: public key ID 556ABA51
http://people.debian.org/~francisco/
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Francisco Manuel Garcia Claramonte <francisco@debian.org>:
You have taken responsibility.
(Tue, 10 Jun 2014 19:06:12 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Tue, 10 Jun 2014 19:06:12 GMT) (full text, mbox, link).
Message #15 received at 751083-close@bugs.debian.org (full text, mbox, reply):
Source: lynis
Source-Version: 1.5.5-1
We believe that the bug you reported is fixed in the latest version of
lynis, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 751083@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Francisco Manuel Garcia Claramonte <francisco@debian.org> (supplier of updated lynis package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 10 Jun 2014 17:20:30 +0200
Source: lynis
Binary: lynis
Architecture: source all
Version: 1.5.5-1
Distribution: unstable
Urgency: low
Maintainer: Francisco Manuel Garcia Claramonte <francisco@debian.org>
Changed-By: Francisco Manuel Garcia Claramonte <francisco@debian.org>
Description:
lynis - security auditing tool for Unix based systems
Closes: 751083
Changes:
lynis (1.5.5-1) unstable; urgency=low
.
* New upstream release. (Closes: #751083)
Checksums-Sha1:
e53cb568a41acd9fcedd362f3ac1dd1203bd7176 994 lynis_1.5.5-1.dsc
ea53e3c9657512e96faa055122c9c0887a6a148e 149757 lynis_1.5.5.orig.tar.gz
7744b097034d5cb7463fe229164a57da843568d6 6851 lynis_1.5.5-1.debian.tar.gz
fb8f5c4c797f0a5011c9406468c93c017fabc5b1 143916 lynis_1.5.5-1_all.deb
Checksums-Sha256:
21a2165a04f7e3e82425d4dbb27c5b1199b4b97ce8e0d7cd115c7d2767f4ba0e 994 lynis_1.5.5-1.dsc
655415e14fb9b55f2b914706b20a8a300c05903abdf21c7c98c567be78b4cf2a 149757 lynis_1.5.5.orig.tar.gz
720966faac12f42e247b552185dd0d6de61eaf2326e43be7cccc5fbd544ac7fa 6851 lynis_1.5.5-1.debian.tar.gz
8395e97befb3f43b853664843113971c75e3806d0a111145a4b259bee7c0cdf2 143916 lynis_1.5.5-1_all.deb
Files:
7495851a6f6c1be4afe2571ce91b835a 994 utils optional lynis_1.5.5-1.dsc
993a65b20b5e595c20383285d38bd30d 149757 utils optional lynis_1.5.5.orig.tar.gz
2c52c7ad0872c28eef25f846301a0a02 6851 utils optional lynis_1.5.5-1.debian.tar.gz
374f7443293008572c271af44b461619 143916 utils optional lynis_1.5.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlOXKM4ACgkQmpU8glVqulGkJwCgyP3crLw1Nv2PKl8RMiJuwt+H
21cAoIjyD1qTbOynQCuHjiUFVTsh6zpz
=dlF9
-----END PGP SIGNATURE-----
Marked as found in versions lynis/1.2.9-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 24 Jul 2014 18:09:13 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 26 Apr 2015 07:55:20 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:53:19 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon