gnustep-base: CVE-2014-2980

Debian Bug report logs - #745470
gnustep-base: CVE-2014-2980

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: gnustep-base: CVE-2014-2980

Date: Tue, 22 Apr 2014 06:48:22 +0200

Package: gnustep-base
Severity: important
Tags: security
Justification: user security hole

This was assigned CVE-2014-2980:
https://savannah.gnu.org/bugs/?41751

Cheers,
        Moritz

Message #12 received at 745470-close@bugs.debian.org (full text, mbox, reply):

From: Yavor Doganov <yavor@gnu.org>

To: 745470-close@bugs.debian.org

Subject: Bug#745470: fixed in gnustep-base 1.24.6-1

Date: Sun, 06 Jul 2014 09:35:51 +0000

Source: gnustep-base
Source-Version: 1.24.6-1

We believe that the bug you reported is fixed in the latest version of
gnustep-base, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 745470@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yavor Doganov <yavor@gnu.org> (supplier of updated gnustep-base package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 05 Jul 2014 10:45:07 +0300
Source: gnustep-base
Binary: gnustep-base-common gnustep-base-runtime libgnustep-base1.24 libgnustep-base-dev libgnustep-base1.24-dbg gnustep-base-examples gnustep-base-doc
Architecture: source all amd64
Version: 1.24.6-1
Distribution: experimental
Urgency: low
Maintainer: Debian GNUstep maintainers <pkg-gnustep-maintainers@lists.alioth.debian.org>
Changed-By: Yavor Doganov <yavor@gnu.org>
Description:
 gnustep-base-common - GNUstep Base library - common files
 gnustep-base-doc - Documentation for the GNUstep Base Library
 gnustep-base-examples - Examples using the GNUstep Base Library
 gnustep-base-runtime - GNUstep Base library - daemons and tools
 libgnustep-base-dev - GNUstep Base header files and development libraries
 libgnustep-base1.24 - GNUstep Base library
 libgnustep-base1.24-dbg - GNUstep Base library - debugging symbols
Closes: 637093 697628 717773 720190 729588 736587 738347 745470 749196 753603
Changes:
 gnustep-base (1.24.6-1) experimental; urgency=low
 .
   * New upstream release:
     - Fixes FTBFS with recent libxml2 (Closes: #738347).
     - GNUSTEP_USER_DIRECTORY is no longer created unconditionally (Closes:
       #720190).
     - Fixes regression in performSelector: with message forwarding
       (Closes: #753603).
   * Ack NMUs; thanks Matthias Klose, gregor herrmann and Pino Toscano.
   * debian/patches/libobjc4.patch:
   * debian/patches/recent-libxml2-fix.patch: Remove; fixed upstream.
   * debian/patches/kfreebsd-fake-main.patch:
   * debian/patches/avoid-nsl-linkage.patch:
   * debian/patches/maxsymlinks.diff: Refresh.
   * debian/patches/autoreconf.patch: Regenerate.
   * debian/patches/texinfo5.diff: Add description.
   * debian/patches/hurd-ignore-NSURL-test.diff: Disable for now.
   * debian/patches/manpage-fixes.patch: Fix two more issues reported by
     lintian.
   * debian/patches/info-direntry.patch: Fix few texinfo warnings.
   * debian/patches/CVE-2014-2980.patch: New patch from upstream, fixes
     gdomap user security hole (Closes: #745470).
   * debian/patches/use-local-DTDs.patch: New; use local DTDs to avoid
     annoying warnings from autogsdoc when built in a chroot.  Thanks
     Svante Signell (Closes: #736587).
   * debian/patches/hide-SYSTEM_CONFIG-vars.patch: New; fix for upstream
     bug #42423.
   * debian/patches/doc-links.patch: New; fix some broken links to manuals
     in the various -doc packages, thanks js (Closes: #749196).
   * debian/patches/series: Update.
   * debian/rules (build-arch): Remove dependency on patch.
     (binary-indep): Invoke dh_installxmlcatalogs with -n since only DTDs
     are being installed, not catalogs (Closes: #637093).
     (install-doc): Don't create Developer symlink; useless.  Delete all
     gsdoc files.  Install manually the HTML manuals.
     (install-common): Use the system's ca-certificates.crt.
     (v_make): Bump to 2.6.6-2, for texi2html related changes and a
     gnustep-make bug exposed when linking static libraries.
   * debian/gdomap.default:
   * debian/gnustep-base-runtime.gdomap.in: Disable the gdomap daemon by
     default (Closes: #717773).  Provide "fancy" output; thanks Dirk
     Sandbrink (Closes: #729588).  Remove set -e/-u because of the lsb
     logging.
   * debian/control.m4 (libgnustep-base`'SOV_BASE-dbg) <Description>: Typo
     fix; thanks Pascal De Vuyst (Closes: #697628).
     <Conflicts>: Remove libgnustep-base1.20-dbg.
     (gnustep-base-doc) <Depends>: Remove dpkg (>= 1.15.4) | install-info.
     <Description>: Edit to reflect reality.
     (gnustep-base-common) <Depends>: Add ca-certificates, needed for the
     GnuTLS support.
     (Build-Depends-Indep): Remove texi2html.  Remove texlive-base (pulled
     in); add texlive-fonts-recommended, needed for the manual.
     (Vcs-Git, Vcs-Browser): Use the canonical URIs.
     (Standards-Version): Claim compliance with 3.9.5 as of this release.
   * debian/control: Regenerate.
   * debian/gnustep-base-runtime.postinst.in: Remove obsolete stuff.
   * debian/gnustep-base-runtime.prerm.in: Delete; obsolete.
   * debian/gnustep-base-runtime.NEWS: New; document that the gdomap daemon
     is not started by default.
   * debian/copyright: Update copyright years, add more copyright holders
     and ISC/Apache 2.0 blurbs.  Typo fixes.
   * debian/gnustep-base-doc.doc-base.manual:
   * debian/gnustep-base-doc.doc-base.standards: Remove Info, add HTML
     format.
Checksums-Sha1:
 6a208347a787205373d9495239efe9c030ce2a45 2353 gnustep-base_1.24.6-1.dsc
 c17b9e2d56d151579a602d9e5377df8febcec376 3502981 gnustep-base_1.24.6.orig.tar.gz
 c995ed9b24884d55e94f89705bec5a68d80c6779 30720 gnustep-base_1.24.6-1.debian.tar.xz
 1ca2d10574b35dce89b100e2063b1a4df2d4d4ae 236314 gnustep-base-common_1.24.6-1_all.deb
 f1d8467dcdc87362a1b106c359255f82d119810d 15184 gnustep-base-examples_1.24.6-1_all.deb
 a16db8d799e83d4234513d794720506ee02afb70 1312486 gnustep-base-doc_1.24.6-1_all.deb
 9b7dce7f5f40af70d6868aa4197aca64dae3af71 186186 gnustep-base-runtime_1.24.6-1_amd64.deb
 6a02afd3588c0f7196b2bf64a0d860b4bea4b0af 1239380 libgnustep-base1.24_1.24.6-1_amd64.deb
 f464ace53e93f7704db5e44071dabb1778840633 1620952 libgnustep-base-dev_1.24.6-1_amd64.deb
 0d065c7892634b1c71c726adae83c7b353c4f930 2360638 libgnustep-base1.24-dbg_1.24.6-1_amd64.deb
Checksums-Sha256:
 c2e800e8b9475c0833c8beae7e4295e86f3996a08e4e87173ebf02f25d2da158 2353 gnustep-base_1.24.6-1.dsc
 b6d7bed40c52330928a1e27f8c7b5f8fcf24ede2113542546dcf157a9366d72a 3502981 gnustep-base_1.24.6.orig.tar.gz
 0ea4ec3541f181ebb3e9075b0791cdc95f046e6007191dbf7a820d5db2fcce03 30720 gnustep-base_1.24.6-1.debian.tar.xz
 5dd7d061ab2024091ffcf9ae58e5a9016a5b784c25b91a0b22733539dff1a3b8 236314 gnustep-base-common_1.24.6-1_all.deb
 162a108ef397e13c336c5cc8bb239b6263845f3fb3f423c44d0290696e79d814 15184 gnustep-base-examples_1.24.6-1_all.deb
 56356a67ff6dc910f5a639332dc1d2728dc83addf9af15f49c00e2ed7df433b4 1312486 gnustep-base-doc_1.24.6-1_all.deb
 52ec4624902b5ec70790bf42376baf84b6775a601abb6e1867c80e03cdb5acbf 186186 gnustep-base-runtime_1.24.6-1_amd64.deb
 54ebb851fc815709c45b98315a1ecc9921355830b6a4f09a5cfc79f2f6e5cae3 1239380 libgnustep-base1.24_1.24.6-1_amd64.deb
 6e717ea97ec665838b1025846e15e882e92ae847551f4972336790ef51a939d1 1620952 libgnustep-base-dev_1.24.6-1_amd64.deb
 12e832f4f76b5781e31caddea20fda5947ca2b5d049f6ae3e79f63daa5137ea8 2360638 libgnustep-base1.24-dbg_1.24.6-1_amd64.deb
Files:
 44b3fa3d7ab00194633b662c8e228245 236314 gnustep optional gnustep-base-common_1.24.6-1_all.deb
 0bae7baa1edf2cd06dd8877e6d09a2c7 15184 gnustep optional gnustep-base-examples_1.24.6-1_all.deb
 bcab75c86eb2589af179370dc7da996e 1312486 doc optional gnustep-base-doc_1.24.6-1_all.deb
 e7c6d815ca973a974e090ec79ae37071 186186 gnustep optional gnustep-base-runtime_1.24.6-1_amd64.deb
 a1d757ad7f528e2573145ba1790cc303 1239380 libs optional libgnustep-base1.24_1.24.6-1_amd64.deb
 73015f4a0a9f032ed79007440972e947 1620952 libdevel optional libgnustep-base-dev_1.24.6-1_amd64.deb
 6af4337c4d2bae4f01c4ed7286ad0146 2360638 debug extra libgnustep-base1.24-dbg_1.24.6-1_amd64.deb
 40c6590b99a4786989e56959fed27fda 2353 gnustep optional gnustep-base_1.24.6-1.dsc
 02e45ae9a7e5e75bf32cc1a6e8381bc1 3502981 gnustep optional gnustep-base_1.24.6.orig.tar.gz
 e51a369686ab640106636d9ebc5bf78c 30720 gnustep optional gnustep-base_1.24.6-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJTuRS7AAoJEGa1A/2e4BN52kAIAIICOesUrbDVsdb3e2P7t9O8
xGycvPbstEdUZVgkjB+eSFwKcNz7iJu39Ua1f9YxpOGzDBo7UXZd72qF3LaqAykF
Ad0v6K1IN0LVZQbM3xDjsIC8H8y/l5aVqRfUyt0Lu8y/do54ycpK0WpKtfIJM2J/
ppaxYv67BFnBs9eMvIwL0ODxQm7LDv7BLUs6z7h4zzcFwCozpMQCVT7x/BK2dPmF
WR36yfSdsalmjpTpimRhmoAA0pbUixRiixQbHvt0lDkwY4AHJjUff/DFcL658xiM
CX2L0n8Oqwytk3ZGnldT7WD7Lw2A1Du1aQgXrEED2bCpHuzbhSBW/5Qflw3iK+8=
=50e2
-----END PGP SIGNATURE-----

Message #23 received at 745470-close@bugs.debian.org (full text, mbox, reply):

From: Yavor Doganov <yavor@gnu.org>

To: 745470-close@bugs.debian.org

Subject: Bug#745470: fixed in gnustep-base 1.22.1-4+deb7u1

Date: Tue, 25 Nov 2014 21:47:19 +0000

Source: gnustep-base
Source-Version: 1.22.1-4+deb7u1

We believe that the bug you reported is fixed in the latest version of
gnustep-base, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 745470@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yavor Doganov <yavor@gnu.org> (supplier of updated gnustep-base package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 19 Nov 2014 19:25:07 +0200
Source: gnustep-base
Binary: gnustep-base-common gnustep-base-runtime libgnustep-base1.22 libgnustep-base-dev libgnustep-base1.22-dbg gnustep-base-examples gnustep-base-doc
Architecture: source all amd64
Version: 1.22.1-4+deb7u1
Distribution: wheezy
Urgency: medium
Maintainer: Debian GNUstep maintainers <pkg-gnustep-maintainers@lists.alioth.debian.org>
Changed-By: Yavor Doganov <yavor@gnu.org>
Description: 
 gnustep-base-common - GNUstep Base library - common files
 gnustep-base-doc - Documentation for the GNUstep Base Library
 gnustep-base-examples - Examples using the GNUstep Base Library
 gnustep-base-runtime - GNUstep Base library - daemons and tools
 libgnustep-base-dev - GNUstep Base header files and development libraries
 libgnustep-base1.22 - GNUstep Base library
 libgnustep-base1.22-dbg - GNUstep Base library - debugging symbols
Closes: 745470 753603
Changes: 
 gnustep-base (1.22.1-4+deb7u1) wheezy; urgency=medium
 .
   * debian/patches/CVE-2014-2980.patch: New; fixes user security hole in
     gdomap (Closes: #745470).
   * debian/patches/performSelector-forwarding.patch: New; fixes regression
     in -performSelector: with message forwarding (Closes: #753603).
   * debian/patches/series: Update.
Checksums-Sha1: 
 5fbb9fffd8beb97908cb604b4dd3be29fd2eb8c1 2289 gnustep-base_1.22.1-4+deb7u1.dsc
 f43998bb14431e0b134e92f9552de9f7f7183475 143032 gnustep-base_1.22.1-4+deb7u1.diff.gz
 7b50cec0afc0c458df91b72eb65a3140c250d311 204604 gnustep-base-common_1.22.1-4+deb7u1_all.deb
 3fb13c5dc89e8fc0749ea09acc3af56b6a26e359 15984 gnustep-base-examples_1.22.1-4+deb7u1_all.deb
 3096a42e594a336803f880fb375fee6af043c123 1876200 gnustep-base-doc_1.22.1-4+deb7u1_all.deb
Checksums-Sha256: 
 7b061e56dfd97464b5cc4633fe520443b0bc8143125633401e111eeb4d031912 2289 gnustep-base_1.22.1-4+deb7u1.dsc
 a0e16121b5789233bda3c8fbdbc569a7b0b02e3b3c5cba9f56c3ceb44363a92c 143032 gnustep-base_1.22.1-4+deb7u1.diff.gz
 1cb416b84b906d7577357cbd25c30d74c2b988524a44258a84bbb49c317f772e 204604 gnustep-base-common_1.22.1-4+deb7u1_all.deb
 c59ded1729b39eebfd25ec9d25bc39fa7d23b64eb714ac273194257f0cf64698 15984 gnustep-base-examples_1.22.1-4+deb7u1_all.deb
 7c270339450c6859aaa6820f93b1ccf9e13be8ee277cad9242c8749590ac2db2 1876200 gnustep-base-doc_1.22.1-4+deb7u1_all.deb
Files: 
 01458a5c555ddfeed5fe15e4294ffa0c 2289 gnustep optional gnustep-base_1.22.1-4+deb7u1.dsc
 e27799f23df8913063f4a2f013c34eb9 143032 gnustep optional gnustep-base_1.22.1-4+deb7u1.diff.gz
 9dc27d4c98facea8702e6a519b1c3b1f 204604 gnustep optional gnustep-base-common_1.22.1-4+deb7u1_all.deb
 a628a6618cabb2323a78f393fa570d4b 15984 gnustep optional gnustep-base-examples_1.22.1-4+deb7u1_all.deb
 ab33cdd939e63d1949aabbf99b1fd498 1876200 doc optional gnustep-base-doc_1.22.1-4+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJUbyEHAAoJEJxcmesFvXUKtYEH/2/OytwUzzrejyaxz5m3OnME
9ojEfYM+fFNRazKJ4Lf5cWEy7/s1AsnahUv3HUzq2oEMx/P5O2zKnwpDB7c6tJq3
2C6XJ0w6SlP3rmCcK3aCTQXTCEnaACHvxGqojc/JVwRoewZthO360bwKiOpln/It
lzDaJrdSVR8QI36oIH1Ye1ZlwPoSO/u2IIPnEunkoHq2RFlqmcz9YFozzJmbPAzQ
/fstjFCKNAZfZtoTJdMk9Zk5E42nGiYlKjhoaaHRMe//wjMkftQdB1WvY7/GOng3
UNSpT8WdvhUdkFqji3IfRPHxCSipgk8nVG/TlDGWciPBbf4Sshr726SHKJKaja0=
=l8zA
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.