Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

CVE-2018-17336

Related Vulnerabilities: CVE-2018-17336  

Source

Debian Bug report logs - #909607
CVE-2018-17336

version graph

Package: udisks2; Maintainer for udisks2 is Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>; Source for udisks2 is src:udisks2 (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Tue, 25 Sep 2018 20:39:02 UTC

Severity: grave

Tags: fixed-upstream, security, upstream

Found in version udisks2/2.7.6-3

Fixed in version udisks2/2.8.1-1

Done: Jeremy Bicha <jbicha@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/storaged-project/udisks/issues/578

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#909607; Package udisks2. (Tue, 25 Sep 2018 20:39:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>. (Tue, 25 Sep 2018 20:39:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2018-17336
Date: Tue, 25 Sep 2018 22:34:54 +0200
Package: udisks2
Version: 2.7.6-3
Severity: grave
Tags: security

This was assigned http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17336:
https://github.com/storaged-project/udisks/issues/578

Cheers,
        Moritz

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 25 Sep 2018 20:51:06 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://github.com/storaged-project/udisks/issues/578'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 25 Sep 2018 20:51:06 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 25 Sep 2018 20:51:07 GMT) (full text, mbox, link).

Reply sent to Jeremy Bicha <jbicha@debian.org>:
You have taken responsibility. (Fri, 28 Sep 2018 20:45:04 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Fri, 28 Sep 2018 20:45:04 GMT) (full text, mbox, link).

Message #16 received at 909607-close@bugs.debian.org (full text, mbox, reply):

From: Jeremy Bicha <jbicha@debian.org>
To: 909607-close@bugs.debian.org
Subject: Bug#909607: fixed in udisks2 2.8.1-1
Date: Fri, 28 Sep 2018 20:43:16 +0000
Source: udisks2
Source-Version: 2.8.1-1

We believe that the bug you reported is fixed in the latest version of
udisks2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 909607@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jeremy Bicha <jbicha@debian.org> (supplier of updated udisks2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 28 Sep 2018 15:48:23 -0400
Source: udisks2
Binary: udisks2 udisks2-btrfs udisks2-lvm2 udisks2-doc libudisks2-0 libudisks2-dev gir1.2-udisks-2.0
Architecture: source
Version: 2.8.1-1
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Jeremy Bicha <jbicha@debian.org>
Description:
 gir1.2-udisks-2.0 - GObject based library to access udisks2 - introspection data
 libudisks2-0 - GObject based library to access udisks2
 libudisks2-dev - GObject based library to access udisks2 - development files
 udisks2    - D-Bus service to access and manipulate storage devices
 udisks2-btrfs - BTRFS support for udisks2
 udisks2-doc - udisks2 documentation
 udisks2-lvm2 - LVM2 support for udisks2
Closes: 909607
Changes:
 udisks2 (2.8.1-1) unstable; urgency=medium
 .
   [ Andreas Henriksson ]
   * New upstream release.
     - includes fix for CVE-2018-17336 (Closes: #909607)
   * Bump build-dependency version according to configure.ac changes
   * Drop patches from upstream now included in release
   * libudisks2-0.symbols: Add newly introduced symbols
 .
   [ Jeremy Bicha ]
   * Fix udevadm-called-without-guard lintian warning
Checksums-Sha1:
 0d098c7bbe08c36e7c8826c495581c51263083cc 3203 udisks2_2.8.1-1.dsc
 e69fc1a417f4d5e116487ca735bbef89e96cc0f4 1354879 udisks2_2.8.1.orig.tar.bz2
 7dcc19192c6c2151bd59ba0e27e91672f4fabe7e 14752 udisks2_2.8.1-1.debian.tar.xz
 298d61db6147ae6f0d449c34f2588c8be63857e0 10322 udisks2_2.8.1-1_source.buildinfo
Checksums-Sha256:
 61bdb0f17ef6e84a0e137cf8d340e4c518bd5f7a2a303c2d4ca5ae105b5bd365 3203 udisks2_2.8.1-1.dsc
 4fcf49ef63c071bb35ea6351fdc2208dd6e54dfefd6ee29ee0c414f8dfde461c 1354879 udisks2_2.8.1.orig.tar.bz2
 da946db47d144ae1a142205964ee909de49def52306673870251cfd9d4a8fad7 14752 udisks2_2.8.1-1.debian.tar.xz
 d9e8d99719d43351b18a7470bc71a89640ad6ba03a90886210aa86b1b120b1fa 10322 udisks2_2.8.1-1_source.buildinfo
Files:
 97bb63396ef6c444c03443138c7985d5 3203 admin optional udisks2_2.8.1-1.dsc
 aefebdb5a082f99b4f86cadc41352b3d 1354879 admin optional udisks2_2.8.1.orig.tar.bz2
 4a647d918fe17bac59e1ae83e8bdb993 14752 admin optional udisks2_2.8.1-1.debian.tar.xz
 9ebf6f7257f7d43ea9e9b25e224e63bb 10322 admin optional udisks2_2.8.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAluuhxEACgkQ5mx3Wuv+
bH34vA//SQtXVChwq4vPWNRCPpPvdLYT27BlamDkmespfH79/F8NqaCD/4Ylgn6V
W1Erss1S+gtMOLstNJSm1iDol4QxTDuFYUI9ytq7+M6CeLevmQJc0DjJnH3c3Vc3
/4fvGBDqpKJxSUY8cJRpqQ6kWiIkr4cp0wkIgmRxFrmQRMq4Xe/jx6RJSGaRfXcA
j9Z6lGdYF/YreclhyMIHetxPE5qpHZwYabQ+gDGBoTNHVZF88Hn2vEFnbldrb5jy
tq9pppQet30Hg4BhymDuJp/E1AiC/d6wEFBgwu1Vhj3pM50ChRLWc4ticzzrKroS
nWxXfXgVzJYdzjrGid5w2k7uXVT1CUC39D0DU1bbHEm3eMar6+DdixRTqujvZgUW
MhKf3YWp+JpiwA0JxR/Yy3snPfMw9hAgDjyMSqA9RFpOEusYiRCgFEYhwee6vita
uVutmizEEMdu3DQC5zyvHddNKtZ5fPyJxfezhNRkzCVyqWOiGk3Emh7e9emi3Eyp
FWWmQPY76uyrn3DISK4fGSEbc0ePv//t+6ibeZ2UdLTjHBYMfgUp3MVqiatr0izY
XChOQPKLnFRj26P4/h0zJ95jC0iyKJXGve8lmJvG7HiEMGSrRk2oeEJjN4aY8444
IuZULK3z4YE2gMIcH6UMg+A+Qk6kgxK0uDBF1g8D2/Zi81RHPRw=
=nwgt
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 01 Nov 2018 07:25:36 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:38:19 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started