Debian Bug report logs -
#672381
CVE-2012-0862: enables unintentional services over tcpmux port
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Thu, 10 May 2012 14:27:02 UTC
Severity: grave
Tags: patch, security
Fixed in version xinetd/1:2.3.14-7.1
Done: Luk Claes <luk@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Pierre Habouzit <madcoder@debian.org>:
Bug#672381; Package xinetd.
(Thu, 10 May 2012 14:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Pierre Habouzit <madcoder@debian.org>.
(Thu, 10 May 2012 14:27:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: xinetd
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=790940 for details and
a proposed patch.
Cheers,
Moritz
Changed Bug title to 'CVE-2012-0862: enables unintentional services over tcpmux port' from 'CVE-2012-0862'
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org.
(Thu, 10 May 2012 22:36:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Pierre Habouzit <madcoder@debian.org>:
Bug#672381; Package xinetd.
(Sun, 27 May 2012 17:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Pierre Habouzit <madcoder@debian.org>.
(Sun, 27 May 2012 17:57:03 GMT) (full text, mbox, link).
Message #12 received at 672381@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 672381 + patch
tags 672381 + pending
thanks
Dear maintainer,
I've prepared an NMU for xinetd (versioned as 1:2.3.14-7.1) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.
Cheers
Luk
[xinetd-2.3.14-7.1-nmu.diff (text/x-diff, attachment)]
Added tag(s) patch.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org.
(Sun, 27 May 2012 17:57:05 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org.
(Sun, 27 May 2012 17:57:06 GMT) (full text, mbox, link).
Reply sent
to Luk Claes <luk@debian.org>:
You have taken responsibility.
(Tue, 29 May 2012 18:24:08 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Tue, 29 May 2012 18:24:08 GMT) (full text, mbox, link).
Message #21 received at 672381-close@bugs.debian.org (full text, mbox, reply):
Source: xinetd
Source-Version: 1:2.3.14-7.1
We believe that the bug you reported is fixed in the latest version of
xinetd, which is due to be installed in the Debian FTP archive:
xinetd_2.3.14-7.1.diff.gz
to main/x/xinetd/xinetd_2.3.14-7.1.diff.gz
xinetd_2.3.14-7.1.dsc
to main/x/xinetd/xinetd_2.3.14-7.1.dsc
xinetd_2.3.14-7.1_i386.deb
to main/x/xinetd/xinetd_2.3.14-7.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 672381@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated xinetd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 27 May 2012 19:26:42 +0200
Source: xinetd
Binary: xinetd
Architecture: source i386
Version: 1:2.3.14-7.1
Distribution: unstable
Urgency: high
Maintainer: Pierre Habouzit <madcoder@debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description:
xinetd - replacement for inetd with many enhancements
Closes: 672381
Changes:
xinetd (1:2.3.14-7.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix CVE-2012-0862 avoiding enabling unintentional services
(Closes: #672381).
Checksums-Sha1:
496393cb876794be22cf3e41b938c91957bd3770 1181 xinetd_2.3.14-7.1.dsc
713bdbb43c92d81b7849aeddab33eb833f2e338c 101420 xinetd_2.3.14-7.1.diff.gz
2879b2a50d6fcb6f06606d6dc1adee0eb74b3783 146026 xinetd_2.3.14-7.1_i386.deb
Checksums-Sha256:
eca60ce5a40b74b9c5e2c156e8c22e813ba9bdeabda1b4594828ba7a2f44c126 1181 xinetd_2.3.14-7.1.dsc
82d7f4ef70587fbf1f776a0271648b3677668884cb36362281c274f29fc520e5 101420 xinetd_2.3.14-7.1.diff.gz
b7cd6327b3296552019768def91a6fa0df12d4c3f68313b8611fda96ef8b93b8 146026 xinetd_2.3.14-7.1_i386.deb
Files:
ec7bac7642eccd5a2fccec370fa20846 1181 net extra xinetd_2.3.14-7.1.dsc
726c327a1877ced5a8c2e7c83857f494 101420 net extra xinetd_2.3.14-7.1.diff.gz
ed6a5d22df9ab06c7a066d471bf07ac8 146026 net extra xinetd_2.3.14-7.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk/CanUACgkQ5UTeB5t8Mo08JwCgvvi19OGetpEPqp8V0Wa5/QG2
weYAoMWmEMIRkHfzq5jAGCI78UDK9ahT
=A4FM
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 02 Jun 2013 08:21:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:26:25 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon