Debian Bug report logs -
#819952
oar: CVE-2016-1235: vulnerability in the oarsh command
Reported by: Vincent Danjean <vdanjean@debian.org>
Date: Mon, 4 Apr 2016 08:48:02 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version oar/2.5.2-3
Fixed in versions oar/2.5.7-1, oar/2.5.4-2+deb8u1, oar/2.5.2-3+deb7u1
Done: Vincent Danjean <vdanjean@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Pierre Neyron <pierre.neyron@free.fr>:
Bug#819952; Package src:oar.
(Mon, 04 Apr 2016 08:48:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Vincent Danjean <vdanjean@debian.org>:
New Bug report received and forwarded. Copy sent to Pierre Neyron <pierre.neyron@free.fr>.
(Mon, 04 Apr 2016 08:48:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: oar
Version: 2.5.2-3
Severity: normal
This bug is fixed upstream but it will help to track affected versions in Debian
Vincent
-- System Information:
Debian Release: stretch/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'squeeze-lts'), (500, 'oldstable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel, mipsel
Kernel: Linux 4.5.0-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 04 Apr 2016 09:27:06 GMT) (full text, mbox, link).
Reply sent
to Pierre Neyron <pierre.neyron@free.fr>:
You have taken responsibility.
(Mon, 04 Apr 2016 21:57:19 GMT) (full text, mbox, link).
Notification sent
to Vincent Danjean <vdanjean@debian.org>:
Bug acknowledged by developer.
(Mon, 04 Apr 2016 21:57:19 GMT) (full text, mbox, link).
Message #12 received at 819952-close@bugs.debian.org (full text, mbox, reply):
Source: oar
Source-Version: 2.5.7-1
We believe that the bug you reported is fixed in the latest version of
oar, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 819952@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Neyron <pierre.neyron@free.fr> (supplier of updated oar package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 04 Apr 2016 20:11:21 +0200
Source: oar
Binary: liboar-perl oar-common oar-server oar-server-mysql oar-server-pgsql oar-node oar-user oar-user-mysql oar-user-pgsql oar-web-status oar-doc oar-restful-api
Architecture: all amd64 source
Version: 2.5.7-1
Distribution: unstable
Urgency: high
Maintainer: Pierre Neyron <pierre.neyron@free.fr>
Changed-By: Pierre Neyron <pierre.neyron@free.fr>
Closes: 819952
Description:
liboar-perl - OAR batch scheduler common library package
oar-common - OAR batch scheduler common package
oar-doc - OAR batch scheduler documentation package
oar-node - OAR batch scheduler node package
oar-restful-api - OAR web services
oar-server-mysql - OAR batch scheduler MySQL server backend package
oar-server - OAR batch scheduler server package
oar-server-pgsql - OAR batch scheduler PostgreSQL server backend package
oar-user-mysql - OAR batch scheduler MySQL user backend package
oar-user - OAR batch scheduler user package
oar-user-pgsql - OAR batch scheduler PostgreSQL user backend package
oar-web-status - OAR batch scheduler visualization tool package
Changes:
oar (2.5.7-1) unstable; urgency=high
.
* New upstream release, which encompasses a fix for a vulnerability in the
oarsh command (CVE-2016-1235; Closes: #819952)
* Make liboar-perl a dependency of oar-common, because the oarnodesetting
command of the oar-node package also needs the Perl libs
* Change php dependencies for the transition to php7.0
Checksums-Sha1:
bb45e3f96958c24e283a6ed2d9eae84137ae7174 2387 oar_2.5.7-1.dsc
3c6f18669a9e856dbbc46e727defd70da4e128e3 4683261 oar_2.5.7.orig.tar.gz
2812516a3ff00d8802df58e5a43750767e000322 10600 oar_2.5.7-1.debian.tar.xz
9fc50241d1dfedcf99e9b2195dbd53110a39bafa 76224 liboar-perl_2.5.7-1_amd64.deb
906c80391f291fef3d5d8f57078954f41865cca6 11986 oar-common-dbgsym_2.5.7-1_amd64.deb
00df4f2ac3daf725d7fd17249dd800647d1c3fbf 64480 oar-common_2.5.7-1_amd64.deb
539c713810cf01d82996a9923da8b8cb451562f7 2826318 oar-doc_2.5.7-1_all.deb
9787a71696d2a0f65c58d3f4f521e31d71088804 33260 oar-node_2.5.7-1_amd64.deb
24052202682d4b5bd99fa347d44f95f30e785e16 7982 oar-restful-api-dbgsym_2.5.7-1_amd64.deb
d5b8a8fbe7b8edbed003119a1199536d6b9f573c 54942 oar-restful-api_2.5.7-1_amd64.deb
c538b68451acce642ed34ff217aacf76b859e8d9 25340 oar-server-dbgsym_2.5.7-1_amd64.deb
14c4db2187d099a09a05a3f40e2fffd8834062c7 20976 oar-server-mysql_2.5.7-1_amd64.deb
ac3276bc5f0d1623585dab5f020e22cc72dfbb4e 20978 oar-server-pgsql_2.5.7-1_amd64.deb
98ed521044d03a28dbccff117e15724f94c1f024 150704 oar-server_2.5.7-1_amd64.deb
880c879924d52d821999d00ec6df6b0854c211ff 16880 oar-user-dbgsym_2.5.7-1_amd64.deb
6d02a804befcbda099dce743687099cde83c669b 20962 oar-user-mysql_2.5.7-1_amd64.deb
9153fcc03563889535d1dd44c93d300287b1660b 20960 oar-user-pgsql_2.5.7-1_amd64.deb
607b24c1d6d3f7a2498c593e0164e08e150ca6f0 68596 oar-user_2.5.7-1_amd64.deb
5605e31a584ad497a835ba4bd12614b1fa5154c6 55464 oar-web-status_2.5.7-1_all.deb
Checksums-Sha256:
e3e83ec2450f729da155653e039cfbd65888857dfaacbd63d7f9abccff0c55a1 2387 oar_2.5.7-1.dsc
c325907667b02929415e0b9e3c7d31b330214be4246360b88971141080de6771 4683261 oar_2.5.7.orig.tar.gz
f8bdfaf7753a33b3bb891e98be11d9390c761dccec0876117379edd562641961 10600 oar_2.5.7-1.debian.tar.xz
3ef3c72e51edc6183c176f9448e8d94e09a27d1c9b22da2c07c596541f8f977e 76224 liboar-perl_2.5.7-1_amd64.deb
c84bc6c78797ac11a72093163a32929deab6a8d27e95c324bfa0c352241ef0ba 11986 oar-common-dbgsym_2.5.7-1_amd64.deb
c08bba37bd72083067e953465733368c19bb628d1e7805068f2644e845506825 64480 oar-common_2.5.7-1_amd64.deb
ee8e681a41b3343914784d42e341d5add9c9f0953ab119e35389787ea2d21429 2826318 oar-doc_2.5.7-1_all.deb
d24904c5b4aba970e0cb19db2e32e1a4ed5ef29d48249a67f81643efb96403c6 33260 oar-node_2.5.7-1_amd64.deb
d82d0a77a58dc7791c8fab6052c7742e97402abda9c0a38f6f9d26e83acf2f12 7982 oar-restful-api-dbgsym_2.5.7-1_amd64.deb
e5413e2417069d8e9a066b02c909475780c2f0eb3b9c644854c21f4ed72b1fa1 54942 oar-restful-api_2.5.7-1_amd64.deb
b30951548bcce42365a8bdb7d7e472aca82265e93031bfb7091bbc8c08e69b02 25340 oar-server-dbgsym_2.5.7-1_amd64.deb
5544a9172dbb58e60ade30265417890794248d430eca7da45a849dba08d79a64 20976 oar-server-mysql_2.5.7-1_amd64.deb
b87e18e90bc00f25ebc734bfb76c7c08f3fc4878c3ee22926ab43e6358328435 20978 oar-server-pgsql_2.5.7-1_amd64.deb
e24814a556d1550d16235a3011002f7c5e285c599ce230d71825a1a3e7704fe3 150704 oar-server_2.5.7-1_amd64.deb
76d55b9be7b3fd7ec4f2a82891d9af4afa351757ca92c2e599d1c6c81cea008b 16880 oar-user-dbgsym_2.5.7-1_amd64.deb
2f223a291dcad41246bdbac5df601430b0f0592deaef16bad2f242546a2d5dde 20962 oar-user-mysql_2.5.7-1_amd64.deb
10cf1c3c5888c482874a2279ba39964de2a57dca61e6c7c9df4a9a2794b6433c 20960 oar-user-pgsql_2.5.7-1_amd64.deb
0ec5008e666ae96df4cfff3b77c31ce82f89b4a33ea277760214a972f55d67e7 68596 oar-user_2.5.7-1_amd64.deb
6e8cb6c4e37e36f0a7edd62c06ddc8acf92a4d1104d31236500f384515d4887b 55464 oar-web-status_2.5.7-1_all.deb
Files:
06abfa83c2520a0adeff19cdb4debf32 2387 utils extra oar_2.5.7-1.dsc
11ef258d167de3af1d5ad68d213eede7 4683261 utils extra oar_2.5.7.orig.tar.gz
bf412d1af9542beb2508db38915d57a1 10600 utils extra oar_2.5.7-1.debian.tar.xz
dae14c205eaa56f34cf5b10095026ecf 76224 perl extra liboar-perl_2.5.7-1_amd64.deb
8793b267e4eb4df56783c2435423d46b 11986 debug extra oar-common-dbgsym_2.5.7-1_amd64.deb
3b258c04460a024c5febcb86d38a67b1 64480 utils extra oar-common_2.5.7-1_amd64.deb
ba667f8a48b985da1438355eacc73ae9 2826318 doc extra oar-doc_2.5.7-1_all.deb
1dc1cfe9cb7109d4abb96c16e01f45c7 33260 utils extra oar-node_2.5.7-1_amd64.deb
7f178807962d642119f567fbdb78466c 7982 debug extra oar-restful-api-dbgsym_2.5.7-1_amd64.deb
e85fde7aa7872793b95eb31e6301d7b8 54942 net extra oar-restful-api_2.5.7-1_amd64.deb
c83fe27d8d010956c6a54ce3f76f581b 25340 debug extra oar-server-dbgsym_2.5.7-1_amd64.deb
c24be3aeb0c5a11e4872ee71aac9560d 20976 utils extra oar-server-mysql_2.5.7-1_amd64.deb
940d05d646276ed906e129db772d852b 20978 utils extra oar-server-pgsql_2.5.7-1_amd64.deb
08fb584c85f25807eb322d646b896501 150704 utils extra oar-server_2.5.7-1_amd64.deb
6e5a63ab3396e8dbad6937eb740c4fdb 16880 debug extra oar-user-dbgsym_2.5.7-1_amd64.deb
1fbb9e9ff0f464bead42149e1070f069 20962 utils extra oar-user-mysql_2.5.7-1_amd64.deb
7b4fe0686735e0bc2b1f38b3c4bf2b6b 20960 utils extra oar-user-pgsql_2.5.7-1_amd64.deb
131faca2641e94e41663cc7e7eab9f6a 68596 utils extra oar-user_2.5.7-1_amd64.deb
869480c4a4dc56d88001acc7749080ff 55464 web extra oar-web-status_2.5.7-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVwLQsJZH3mN+x7dRAQiE+g/+L35tOrvNA6HhIzOinHEZIPa3OYtRP6Cj
rquYduPwKrgpwWLkRLuQtkUCrrfxPJKjERt324qFphyau+ADF5bwJD3B06arh4Uu
NStO7EUn7roirQ+Rr2qlflc5xrbNO452pvZU5ADm0vTuB8uz4lVPQSDlAqnfLgSs
820JVxRUJjyFmQQzkAUcxRhHFmjjv+ZmBbbWo/IQrVPfpX9clzsQLJkwGy7E3BYy
16faM/3FWjqBk79/m8AGF8F0GMirU4SQGSTC48+0c+1yP4nLNc0tGZKSrQyt3c5R
jjfqGgRDzLbdDZAUtgGtcuzYR1TGqfWbI/4laZo1GjKeM9oTVVd7LM3kJPgJYjOa
rFp9Z3R2p5hATqrMGtOtj87h4n4BlUbIjmHr7zIPpbGfYfhmO9oKPFoQ4EiRBhjG
ucO7es6rXbTn7qEFwSmkq/35xquk7i78b82opZD5i0ub5YLtaWR6eREIO9Dr57TI
1LiaskuNB5sVZlPFKi7mQBg09F1KaZZltxwuX30L3cu51SDO1Kl/e7OKU9bnA7cJ
F4jHxy25Bl7Tn3ptz8O9Uyla+jQNS+ch4oc/7gs0TEGYXtf2LjS4nOjLgexMtdBU
7Q3v5EZl3Zp8b1a60/YMOyrXP/l6/NY+nlD1VrNNcbohBxOz4nUqG3Qit7qBOFCq
Q+vJDKgt570=
=4A38
-----END PGP SIGNATURE-----
Added tag(s) security.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 05 Apr 2016 05:21:06 GMT) (full text, mbox, link).
Severity set to 'grave' from 'normal'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 05 Apr 2016 05:21:07 GMT) (full text, mbox, link).
Changed Bug title to 'oar: CVE-2016-1235: vulnerability in the oarsh command' from 'oar: Too many options can be passed to oarsh'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 05 Apr 2016 05:21:08 GMT) (full text, mbox, link).
Reply sent
to Vincent Danjean <vdanjean@debian.org>:
You have taken responsibility.
(Fri, 08 Apr 2016 09:51:38 GMT) (full text, mbox, link).
Notification sent
to Vincent Danjean <vdanjean@debian.org>:
Bug acknowledged by developer.
(Fri, 08 Apr 2016 09:51:38 GMT) (full text, mbox, link).
Message #23 received at 819952-close@bugs.debian.org (full text, mbox, reply):
Source: oar
Source-Version: 2.5.4-2+deb8u1
We believe that the bug you reported is fixed in the latest version of
oar, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 819952@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vincent Danjean <vdanjean@debian.org> (supplier of updated oar package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 04 Apr 2016 10:49:52 +0200
Source: oar
Binary: liboar-perl oar-common oar-server oar-server-mysql oar-server-pgsql oar-node oar-user oar-user-mysql oar-user-pgsql oar-web-status oar-doc oar-restful-api oar-api
Architecture: source amd64 all
Version: 2.5.4-2+deb8u1
Distribution: stable
Urgency: high
Maintainer: Pierre Neyron <pierre.neyron@free.fr>
Changed-By: Vincent Danjean <vdanjean@debian.org>
Description:
liboar-perl - OAR batch scheduler common library package
oar-api - transitional dummy package
oar-common - OAR batch scheduler common package
oar-doc - OAR batch scheduler documentation package
oar-node - OAR batch scheduler node package
oar-restful-api - OAR web services
oar-server - OAR batch scheduler server package
oar-server-mysql - OAR batch scheduler MySQL server backend package
oar-server-pgsql - OAR batch scheduler PostgreSQL server backend package
oar-user - OAR batch scheduler user package
oar-user-mysql - OAR batch scheduler MySQL user backend package
oar-user-pgsql - OAR batch scheduler PostgreSQL user backend package
oar-web-status - OAR batch scheduler visualization tool package
Closes: 819952
Changes:
oar (2.5.4-2+deb8u1) jessie-security; urgency=high
.
[ Pierre Neyron ]
* Add patch: fix a vulnerability in the oarsh command
(CVE-2016-1235; Closes: #819952)
Checksums-Sha1:
91877597acadd7fad2deb9d14faafb6798b62153 2511 oar_2.5.4-2+deb8u1.dsc
c7418643121da9852fad26a1071c50bd02d9d958 5066627 oar_2.5.4.orig.tar.gz
cf30b0fef5afa2fd38bf3f1b63c30de0d2f60ba0 15240 oar_2.5.4-2+deb8u1.debian.tar.xz
44d0d89594685f53a741c774584f0e25c086e996 73560 liboar-perl_2.5.4-2+deb8u1_amd64.deb
ee8609632d4c99d2e8c839ea2b4e39edcc4021ff 64314 oar-common_2.5.4-2+deb8u1_amd64.deb
e280ae9b2a0b541e3acbbddfdac07f49cca3fc23 147532 oar-server_2.5.4-2+deb8u1_amd64.deb
1756189f2fb04a7411dfdf0b6ab932ee60b74676 19846 oar-server-mysql_2.5.4-2+deb8u1_amd64.deb
285d4c7f09e4d59e275bf607e1177773d079fc5d 19842 oar-server-pgsql_2.5.4-2+deb8u1_amd64.deb
343380dcd57c9581a97375b1a4189776f889ba1f 31798 oar-node_2.5.4-2+deb8u1_amd64.deb
bb721d267db35d17ea1763aad64a26ff735297a9 66728 oar-user_2.5.4-2+deb8u1_amd64.deb
de0536afc8d97fa3fafe5b367f7dfe999d6ee5d4 19816 oar-user-mysql_2.5.4-2+deb8u1_amd64.deb
c1e4613f1ad30f2a672473a29163b705d78716db 19822 oar-user-pgsql_2.5.4-2+deb8u1_amd64.deb
a1b0633546be68e23aa88c663db7ee102a4300ad 48532 oar-web-status_2.5.4-2+deb8u1_all.deb
e90944adf7fe78bdd0e47aaefb710bf8b57df60c 1188308 oar-doc_2.5.4-2+deb8u1_all.deb
a33db428087ad6853a38e80453380e35297ffd4f 51680 oar-restful-api_2.5.4-2+deb8u1_amd64.deb
6ecf297faab9f6b8a60024d3a183e6d5138ecdb8 19688 oar-api_2.5.4-2+deb8u1_all.deb
Checksums-Sha256:
4dccd0cfd492bc21ac43fc94a26a07c317fcc0cc2a173b3ea6e5ce61ff0dcf73 2511 oar_2.5.4-2+deb8u1.dsc
08348357b9b424fa8bcc4e2b75a54b92d8dd4b09b328d675531a4ee4abc6de18 5066627 oar_2.5.4.orig.tar.gz
f08bf55326a3ee04fd4fbfde09c7803b872155cb02a103ff65b6009b4efcc3cd 15240 oar_2.5.4-2+deb8u1.debian.tar.xz
b39daa99f61a68f28e627bdf0a8ef4b06f58bb4d677430177288cbeaf3f68ae0 73560 liboar-perl_2.5.4-2+deb8u1_amd64.deb
acfa3134583fd9854309492e5c78b736961493626e32af21396f54b9e4bce2a7 64314 oar-common_2.5.4-2+deb8u1_amd64.deb
1de50d345a8a788721544544c209e6732a52cf4ef61fa6ba0953eac2d7b23686 147532 oar-server_2.5.4-2+deb8u1_amd64.deb
4ff8bce42bfcd9db569bdba8c4ba2167d60fefccee11cfa627db64fb493464a2 19846 oar-server-mysql_2.5.4-2+deb8u1_amd64.deb
09b4b044ad575f1364bdc4524475270b43db65a5c62b67810e625f800f488090 19842 oar-server-pgsql_2.5.4-2+deb8u1_amd64.deb
0271a4a4541fdcd5dd8f55f3801cca6b19768dd8ccdcb67b117c24306b0021e2 31798 oar-node_2.5.4-2+deb8u1_amd64.deb
16f30c5e1545a560b9cc1410c95bcb88085151fa482e10337f2f96c3d64e0ea8 66728 oar-user_2.5.4-2+deb8u1_amd64.deb
ff965944573159f949437eb311e6134819e0aa5811d1039bef50c305b3e081bb 19816 oar-user-mysql_2.5.4-2+deb8u1_amd64.deb
3b4bba9b5185336c7ee64f966f7a4fef13445e984fb5791043a0fde6bd406982 19822 oar-user-pgsql_2.5.4-2+deb8u1_amd64.deb
d296414bc2858066618e6a1cde680856ea52a6445f6356ab1feb0cf645bd415b 48532 oar-web-status_2.5.4-2+deb8u1_all.deb
16464a2bcb3876b5805c16e2a11cc5a448d696772135fb1bb8d7e8392a8c215d 1188308 oar-doc_2.5.4-2+deb8u1_all.deb
75612cd10a3dafd525ebbeafb9194413512a6bf3944e78490764ddd2d2e545e2 51680 oar-restful-api_2.5.4-2+deb8u1_amd64.deb
bf42ec381a13fbcccc2e3dc1d684659f22fcdb9e3944cd6f550121ce5a4f1cee 19688 oar-api_2.5.4-2+deb8u1_all.deb
Files:
124cd81bd35342abaf6c9e845ea9fd1e 2511 science extra oar_2.5.4-2+deb8u1.dsc
2b7eec29da348c0332bf17fd74b92d0c 5066627 science extra oar_2.5.4.orig.tar.gz
d258f76698d76bbf312b5a013fbbe811 15240 science extra oar_2.5.4-2+deb8u1.debian.tar.xz
9dd3e21971b61c880776ea42c14ef999 73560 perl extra liboar-perl_2.5.4-2+deb8u1_amd64.deb
71a77abff3f9f7549bcf662940c500b4 64314 science extra oar-common_2.5.4-2+deb8u1_amd64.deb
73d0107bbad654df36dcd096881dd320 147532 science extra oar-server_2.5.4-2+deb8u1_amd64.deb
d1b84ff6c4b49fd719024b78731d5bae 19846 science extra oar-server-mysql_2.5.4-2+deb8u1_amd64.deb
20152ac40a27e97f1ef0e98a9d5524f2 19842 science extra oar-server-pgsql_2.5.4-2+deb8u1_amd64.deb
bbff8cf0b6c5e6dd20e6dd508b6edc6e 31798 science extra oar-node_2.5.4-2+deb8u1_amd64.deb
e0040fc8ff9cd2937209c3d550ced974 66728 science extra oar-user_2.5.4-2+deb8u1_amd64.deb
10e5f75b2147652458339d168a0d8dd9 19816 science extra oar-user-mysql_2.5.4-2+deb8u1_amd64.deb
5c4b0fd688fb641fb6d86df2ae080551 19822 science extra oar-user-pgsql_2.5.4-2+deb8u1_amd64.deb
7276803f9da77aa5a46aecf13498713a 48532 science extra oar-web-status_2.5.4-2+deb8u1_all.deb
e695199981b4f3c071def84fe50594ea 1188308 doc extra oar-doc_2.5.4-2+deb8u1_all.deb
be7545ed9cec5c082514e157c970c1f4 51680 science extra oar-restful-api_2.5.4-2+deb8u1_amd64.deb
73a7d58c177a28a19a256122f101c460 19688 science extra oar-api_2.5.4-2+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVwIr7JZH3mN+x7dRAQjkGg//TrvkWAf677hHWfkktI8Y1DCn7HeK2L2j
7u8GF/l5Nl36Gk7NcxNr64mWno4Cdo7YVeeZyW9a9MhRf5fuskui1J/Yemt/yO2E
4dXeLeMK3KZJployhJxP3MxHjG7iUzzM3go2cZmJX2LwjMj6sYjLewrCRCDQ+92i
SnUlAe8j5rg9rBTstG0l0+wm5DZcYUq6QkPS/iQkP+zCk75laRVR4JyUy9nbgOfi
jmAkc6JBCvmqFLYUVtZbvUayJzYN53Kz8WUOOrgm1d2VrqF2uM3ljBYmYyG3z0ab
kJnt1uEw86EX+Nrd4JH3eYhESC33DCyJRtjL34ZMxS02Jg42tIoiL/xtigTZ8RFd
O9At/ivyx4/4gBW651oWhMtnJrUETKg6VYuivpRkvYXyqCzbQeLMqed1gnhuUXjw
//G1ImFbucDX3L4e/3yGRlGmf2mYisVDGLWazUa7PSy0c3IUJX3QPUHfz7r30C+x
cyIibU+PMych+Ur9Scll0JvRXj5k9tR3ElGlmcp7SHBxnqNf8BEXQjN5Rz7dOg5o
gOlrZfFG6sQ+p4qHCexLGHJBc/q4UDbu7Plyt/5l7Buok/Ob9BRNmebyuXj67VKg
Lk3RNI+LYFgTASZJNMxQ2Giv0qwkIMAa9zpAxlHX8rRI+CFmd8EPeRmq8OtMTrwD
JzxemmXSRtw=
=5Ast
-----END PGP SIGNATURE-----
Reply sent
to Vincent Danjean <vdanjean@debian.org>:
You have taken responsibility.
(Fri, 08 Apr 2016 09:51:43 GMT) (full text, mbox, link).
Notification sent
to Vincent Danjean <vdanjean@debian.org>:
Bug acknowledged by developer.
(Fri, 08 Apr 2016 09:51:44 GMT) (full text, mbox, link).
Message #28 received at 819952-close@bugs.debian.org (full text, mbox, reply):
Source: oar
Source-Version: 2.5.2-3+deb7u1
We believe that the bug you reported is fixed in the latest version of
oar, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 819952@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vincent Danjean <vdanjean@debian.org> (supplier of updated oar package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 04 Apr 2016 11:07:22 +0200
Source: oar
Binary: liboar-perl oar-common oar-server oar-server-mysql oar-server-pgsql oar-node oar-user oar-user-mysql oar-user-pgsql oar-web-status oar-doc oar-admin oar-restful-api oar-api
Architecture: source amd64 all
Version: 2.5.2-3+deb7u1
Distribution: oldstable
Urgency: high
Maintainer: Philippe Le Brouster <plb@nebkha.net>
Changed-By: Vincent Danjean <vdanjean@debian.org>
Description:
liboar-perl - OAR batch scheduler common library package
oar-admin - OAR batch scheduler administration tools package
oar-api - transitional dummy package
oar-common - OAR batch scheduler common package
oar-doc - OAR batch scheduler documentation package
oar-node - OAR batch scheduler node package
oar-restful-api - OAR RESTful API
oar-server - OAR batch scheduler server package
oar-server-mysql - OAR batch scheduler MySQL server backend package
oar-server-pgsql - OAR batch scheduler PostgreSQL server backend package
oar-user - OAR batch scheduler user package
oar-user-mysql - OAR batch scheduler MySQL user backend package
oar-user-pgsql - OAR batch scheduler PostgreSQL user backend package
oar-web-status - OAR batch scheduler visualization tool package
Closes: 819952
Changes:
oar (2.5.2-3+deb7u1) wheezy-security; urgency=high
.
[ Pierre Neyron ]
* Add patch: fix a vulnerability in the oarsh command
(CVE-2016-1235; Closes: #819952)
Checksums-Sha1:
39653f3beec97536fdd2668f6c3a92af2a32f2b8 2408 oar_2.5.2-3+deb7u1.dsc
d80d6c1830bec7eeea057031b1e3d64967f4840e 6249043 oar_2.5.2.orig.tar.gz
bbde697903029d8634d7f0281b52ce2842fe82b2 69755 oar_2.5.2-3+deb7u1.debian.tar.gz
13738dff1da3241d4d42fa2f7724fc263adf8d83 74434 liboar-perl_2.5.2-3+deb7u1_amd64.deb
25a3193dcb9dc460be1bc25e6aae5b4729f04d91 67246 oar-common_2.5.2-3+deb7u1_amd64.deb
c6997b1ca6a70acf381e7c32e1ca0c71359730f0 151416 oar-server_2.5.2-3+deb7u1_amd64.deb
faab061d60ad766e925f25dca117ae5bf54e7b44 16446 oar-server-mysql_2.5.2-3+deb7u1_amd64.deb
7f41b032488ee3794234afd3e41b187f42c63931 16452 oar-server-pgsql_2.5.2-3+deb7u1_amd64.deb
ed5a4a35679a723e2ec921b141b383a23e65a3b7 28610 oar-node_2.5.2-3+deb7u1_amd64.deb
d9d82c79ec767eb93d96e46bf7e1989ac342394f 65694 oar-user_2.5.2-3+deb7u1_amd64.deb
d1010a58c396e6109d351dba3639c8a4e1451cbd 16426 oar-user-mysql_2.5.2-3+deb7u1_amd64.deb
6f753704fa7cec19e178fb7b8e0c17a92386a682 16428 oar-user-pgsql_2.5.2-3+deb7u1_amd64.deb
0b24dcf6a4b3671adcbedb4e18886aaed404547a 67830 oar-web-status_2.5.2-3+deb7u1_all.deb
b5fb82b2a219f95d16f872d6e30b9efbdca8568b 1277058 oar-doc_2.5.2-3+deb7u1_all.deb
06923d8fb441d99d28cf2e49e77fb4da4e6e15a7 47890 oar-admin_2.5.2-3+deb7u1_amd64.deb
bd18c210a8c2aca2763b3efe783eea9f19ab957b 52536 oar-restful-api_2.5.2-3+deb7u1_amd64.deb
71dbc80eb0b82045d5639d3dc694ba64e643d978 16290 oar-api_2.5.2-3+deb7u1_all.deb
Checksums-Sha256:
de69c6ac313fa0e7d1439ab6634586f77b1d263df1962515b4e9ccff32e12a57 2408 oar_2.5.2-3+deb7u1.dsc
4f4fb91e4d5be898b0da514246f2f16e110a31980e0af06d2652d924bf545b86 6249043 oar_2.5.2.orig.tar.gz
4ac0695c7e623832551b70d9d97dac35a77edd67c7d23d1c5ce01f1d5f788ac2 69755 oar_2.5.2-3+deb7u1.debian.tar.gz
e00ff2d6f7bf151db88c051dfa34531f05666e6fa4d8842bc4e2a030923f161f 74434 liboar-perl_2.5.2-3+deb7u1_amd64.deb
398d2be5d63058cefc47d8fe8a036390cdaedc3722da2f6145a519168cb2e4f5 67246 oar-common_2.5.2-3+deb7u1_amd64.deb
cb78bab3e9e0e38c0816c76e6c668a14cf5add3f73c055555d134805fa11137c 151416 oar-server_2.5.2-3+deb7u1_amd64.deb
da3ba28d08524ce16187fbbc75ea74ede468309fac7c7de7dd39079529821089 16446 oar-server-mysql_2.5.2-3+deb7u1_amd64.deb
6be1ee6e93e96bfb2b46cfa4956d73db7105998bfd408a3ecc084935f8034676 16452 oar-server-pgsql_2.5.2-3+deb7u1_amd64.deb
ee6d60c726b4acf29699f4212acc3fa7f3b18756a1be2ed58713ad99805d298d 28610 oar-node_2.5.2-3+deb7u1_amd64.deb
aaa3112684534f44d72343df18d449a2a0bba6303a106e0fde6216635c995326 65694 oar-user_2.5.2-3+deb7u1_amd64.deb
5b7b0e81185db43f9e74248e88e92bd700d16645532c242f5015216105ab1955 16426 oar-user-mysql_2.5.2-3+deb7u1_amd64.deb
572c2fd76e898cde711b5fc40b9f771c6551e68dfff63ed1790d351d2b2c8841 16428 oar-user-pgsql_2.5.2-3+deb7u1_amd64.deb
84acbd641e50e7b51f7b2f3391c0b98051192e8e4d56c805a5033c19dd7f2a03 67830 oar-web-status_2.5.2-3+deb7u1_all.deb
a0ef790623becf2acf899a481893c319202ddc6d1bfc35f36cfcc3b797ac9e1c 1277058 oar-doc_2.5.2-3+deb7u1_all.deb
7e7b6fcf72150d7f88a082dfff5f9f7ef87e83c4637e11528fa1ab5418742459 47890 oar-admin_2.5.2-3+deb7u1_amd64.deb
95822b495f3c01a2766bad433c0bbd5a51ed83f13591ffbef3dd6180f97abde4 52536 oar-restful-api_2.5.2-3+deb7u1_amd64.deb
13dd34ca0cc8d7fdecee01d4bf2ded7d2f411ed7fda2c6c6686b374fb3e9802c 16290 oar-api_2.5.2-3+deb7u1_all.deb
Files:
28b86ad6cfd176f701f9b10b4392d492 2408 science extra oar_2.5.2-3+deb7u1.dsc
ec5e33e96116b2534da77dcd7fdb7b92 6249043 science extra oar_2.5.2.orig.tar.gz
e862a599e31dc64285ef17c13bc87925 69755 science extra oar_2.5.2-3+deb7u1.debian.tar.gz
c2efe1f03c55f4f0ce0997b7a4b2d0ef 74434 perl extra liboar-perl_2.5.2-3+deb7u1_amd64.deb
59d9de056afb824590c9d10adcdaf751 67246 science extra oar-common_2.5.2-3+deb7u1_amd64.deb
834a9abf153f3e52d7ff883ce4630d82 151416 science extra oar-server_2.5.2-3+deb7u1_amd64.deb
10d73b4deb4b96c3059378a47e5f129d 16446 science extra oar-server-mysql_2.5.2-3+deb7u1_amd64.deb
007e3f8e5c429347e85c83e55f421846 16452 science extra oar-server-pgsql_2.5.2-3+deb7u1_amd64.deb
913f7fd683d6a87517905f515b6d7f5b 28610 science extra oar-node_2.5.2-3+deb7u1_amd64.deb
545bb7314741f2a2a1ce2a01d8fcea63 65694 science extra oar-user_2.5.2-3+deb7u1_amd64.deb
de945e85c146926d387daa8cfa333ac9 16426 science extra oar-user-mysql_2.5.2-3+deb7u1_amd64.deb
d773ef3e0841b0b5c447106de39b84d0 16428 science extra oar-user-pgsql_2.5.2-3+deb7u1_amd64.deb
4780855ff9b929208f256fda9c81ef35 67830 science extra oar-web-status_2.5.2-3+deb7u1_all.deb
d90fda1be08f7c1920a507492feedbfb 1277058 doc extra oar-doc_2.5.2-3+deb7u1_all.deb
ea8e4c44169c71ff115d07cb4bac1268 47890 science extra oar-admin_2.5.2-3+deb7u1_amd64.deb
1105a9ee63262378f99d72e8654e56ef 52536 science extra oar-restful-api_2.5.2-3+deb7u1_amd64.deb
ab570495e4c186eae563ec0c5ac4a4e9 16290 science extra oar-api_2.5.2-3+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVwIyEJZH3mN+x7dRAQifXg/+K36mzBGxr94pLkCqse2lTZ05CZ4Qrmzx
KIaarIIH0LrBxHgGPNoKyDbcA8eXavij98jB4VbL4FUiwxrbQbUAD2l3r/TOxQ1P
nqormVq9a/FaBsvNrfHtveR5L8ph/W26iu59XF0VWhybiw6x2FK/vd6rVL2Fu3eu
ZkphR26XYtjOoXHWS2uXggO2eqGmeWUb+CGW6FkudTncEj5LJPFKkzB8SXDNX6YN
W8m4MxLXf7H4SmqOr6i+3HObuMFe/VZzH+k5Bjl/1VUgaj2XJTpdsYELyZNbCzgP
Wq9EBBf6/sXLAiMeShgON0BXSmIoTcrSsZ9SOqwtJsZP0aH/doWs/drjMBZOqqa+
5fdAMKSr8yjyL9+vNZQK+I8/fR+7UWLEkn880JFPN3aA5524Mpxu2MDo0flgA4Vf
ilMbaRtURGCnxAcMbDhdiilYvktwAo70T8ApkuC2HIDR8OszgGAGL3ncjfychFd9
+EIHN2jrpgtqsQDuzq5tBA8gyz7KqLXznXxFdDZD7CmIW7hF+bpW2r0XE8b7uRbi
lAaFzzgi56z3S4vxSzHuqMONI11FS2wF0xZzwg8J1T7viNXLqClZWn6eNZWHaWvJ
RYAUJPZKXFZgZmDxLJvhV4DyVV4xg1QIdkNGU88DMlzlIAcyoA3YAa4f9PfeGgjO
ZTMibbddweI=
=a35J
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 05 Jun 2016 07:38:20 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:20:44 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon