Debian Bug report logs -
#834529
firewalld: CVE-2016-5410: Firewall configuration can be modified by any logged in user
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 16 Aug 2016 17:51:02 UTC
Severity: important
Tags: fixed-upstream, patch, security, upstream
Found in version firewalld/0.3.12-1
Fixed in version firewalld/0.4.3.3-1
Done: Michael Biebl <biebl@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#834529; Package src:firewalld.
(Tue, 16 Aug 2016 17:51:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>.
(Tue, 16 Aug 2016 17:51:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: firewalld
Version: 0.3.12-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for firewalld.
CVE-2016-5410[0]:
Firewall configuration can be modified by any logged in user
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-5410
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1360135
[2] http://seclists.org/oss-sec/2016/q3/291
[3] https://github.com/t-woerner/firewalld/commit/0371995a58ec4c777960007b7dbee93933f760cb
Regards,
Salvatore
Reply sent
to Michael Biebl <biebl@debian.org>:
You have taken responsibility.
(Sat, 27 Aug 2016 16:24:21 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 27 Aug 2016 16:24:21 GMT) (full text, mbox, link).
Message #10 received at 834529-close@bugs.debian.org (full text, mbox, reply):
Source: firewalld
Source-Version: 0.4.3.3-1
We believe that the bug you reported is fixed in the latest version of
firewalld, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 834529@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated firewalld package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 27 Aug 2016 16:00:36 +0200
Source: firewalld
Binary: firewalld firewall-applet firewall-config
Architecture: source
Version: 0.4.3.3-1
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
firewall-applet - panel applet providing status information of firewalld
firewall-config - graphical configuration tool to change the firewall settings
firewalld - dynamically managed firewall with support for network zones
Closes: 834529
Changes:
firewalld (0.4.3.3-1) unstable; urgency=medium
.
* New upstream release.
- Fixes CVE-2016-5410: Firewall configuration can be modified by any
logged in user. (Closes: #834529)
Checksums-Sha1:
618d10b553e7d540829198191ffbd0b11b1b6148 2162 firewalld_0.4.3.3-1.dsc
3d2aa97695f1c367def631c1ed9781c7ff127720 679617 firewalld_0.4.3.3.orig.tar.bz2
55da00b3eeab1d6d3819ed034ec7d5a3d7aa183c 5800 firewalld_0.4.3.3-1.debian.tar.xz
Checksums-Sha256:
0ca0f865a7e81898257bb924773e0d9d508c2c196eeab9bdf23a7291aca0271e 2162 firewalld_0.4.3.3-1.dsc
e57d851e4f1aa65927e055d3e73b7a29a5ae37de51671ce1885e030fe6e0b6d4 679617 firewalld_0.4.3.3.orig.tar.bz2
ba88169162bef33c7af386dce0b4ac2cd777459c4e0f812e759793c8a4ac94eb 5800 firewalld_0.4.3.3-1.debian.tar.xz
Files:
df0d5b48ed4006c6eeac856ba8d4cc53 2162 net optional firewalld_0.4.3.3-1.dsc
ecf7f90f765d662073088b7ac8346e5d 679617 net optional firewalld_0.4.3.3.orig.tar.bz2
8c1810a5576ed4045664c44a00465916 5800 net optional firewalld_0.4.3.3-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJXwZ02AAoJEGrh4w1gjyLcvIQQAIbaMJ9m/rHAjWbFM0gAym30
yMLIytunyAcriOMpihwC6QklEdIhD4kW/uMjWm7fxODBhUpwj3N8Kqjad78vGjnK
D7q4JDH7r7/di5cFpc2R430asAJIfmE+CVDDsSwgdljlbNzq8EDb+1jRBrn5gX2S
dWfQTxgfv7NxCAb9wqeI96loN8vtxxfv+dQ67zbgcCVhMJhZIChEsvZ59NtJxc4a
dQIh4RSz9x6R/MyoJhFHw1p+neolS0j2SVGVXF2YdggxVtq9V7y5CXMm/ZpnIpQF
2lgJ97fnQ1nJNjmJXjd3UF0T1+sU2rmuOuu7++AbY5MOYbFpf4HIb0ymNEXiG9fu
lZPfxlW9c1CG2yx4UEXlxLUOOf2ebkFBAHknfFUc6BnZA2RUBloruDKjvRzQtbWE
BHLZtPAKP62NNhxVKIuCXsf/xhjeCb+e8ECPMNqZoVhtPINlZqlfsp2ptlCZUDcS
shtOAWTJdLhMBOtwi7GlIa4c9qQBQ5Gcx3WW8iTmkBxDweki6boxOAvTClo/0K+P
D6zpZcfhMkQCae3V8pog1ryuQ7f6eDy1CA05nz+J/jte4IzPxu6Twmm9pwUSuO62
fVHGlX58Prd4cletlhe8eAxxwyU5PVIsTgY3XdfsHNVkOmgDajLvN58zC1dax8lz
4F6YM25y1ww1ssWbGDOS
=5k9V
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 30 Sep 2016 07:26:11 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:27:21 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon