Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2013-6435 CVE-2014-8118

Related Vulnerabilities: CVE-2013-6435   CVE-2014-8118  

Source

Debian Bug report logs - #773101
CVE-2013-6435 CVE-2014-8118

version graph

Package: rpm; Maintainer for rpm is RPM packaging team <team+pkg-rpm@tracker.debian.org>; Source for rpm is src:rpm (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Sun, 14 Dec 2014 10:51:01 UTC

Severity: grave

Tags: patch, security

Found in version rpm/4.11.3-1

Fixed in version rpm/4.11.3-1.1

Done: Matt Kraai <kraai@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Michal Čihař <nijel@debian.org>:
Bug#773101; Package rpm. (Sun, 14 Dec 2014 10:51:06 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Michal Čihař <nijel@debian.org>. (Sun, 14 Dec 2014 10:51:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2013-6435 CVE-2014-8118
Date: Sun, 14 Dec 2014 11:48:20 +0100
Package: rpm
Version: 4.11.3-1
Severity: grave
Tags: security

Hi,
please see here for details:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8118
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6435

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Michal Čihař <nijel@debian.org>:
Bug#773101; Package rpm. (Mon, 15 Dec 2014 03:06:05 GMT) (full text, mbox, link).

Acknowledgement sent to Matt Kraai <kraai@ftbfs.org>:
Extra info received and forwarded to list. Copy sent to Michal Čihař <nijel@debian.org>. (Mon, 15 Dec 2014 03:06:05 GMT) (full text, mbox, link).

Message #10 received at 773101@bugs.debian.org (full text, mbox, reply):

From: Matt Kraai <kraai@ftbfs.org>
To: 773101@bugs.debian.org
Subject: rpm: diff for NMU version 4.11.3-1.1
Date: Sun, 14 Dec 2014 18:30:02 -0800
[Message part 1 (text/plain, inline)]
Control: tags 773101 + patch
Control: tags 773101 + pending

Hi,

I've prepared an NMU for rpm (versioned as 4.11.3-1.1) and uploaded it
to DELAYED/5.  Please feel free to tell me if I should cancel it or
delay it longer.

-- 
Matt

[rpm-4.11.3-1.1-nmu.diff (text/x-diff, attachment)]

Added tag(s) patch. Request was from Matt Kraai <kraai@ftbfs.org> to 773101-submit@bugs.debian.org. (Mon, 15 Dec 2014 03:06:05 GMT) (full text, mbox, link).

Added tag(s) pending. Request was from Matt Kraai <kraai@ftbfs.org> to 773101-submit@bugs.debian.org. (Mon, 15 Dec 2014 03:06:06 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#773101; Package rpm. (Mon, 15 Dec 2014 07:39:04 GMT) (full text, mbox, link).

Acknowledgement sent to Michal Čihař <nijel@debian.org>:
Extra info received and forwarded to list. (Mon, 15 Dec 2014 07:39:04 GMT) (full text, mbox, link).

Message #19 received at 773101@bugs.debian.org (full text, mbox, reply):

From: Michal Čihař <nijel@debian.org>
To: Matt Kraai <kraai@ftbfs.org>, 773101@bugs.debian.org
Subject: Re: Bug#773101: rpm: diff for NMU version 4.11.3-1.1
Date: Mon, 15 Dec 2014 07:55:19 +0100
[Message part 1 (text/plain, inline)]
Hi

Dne Sun, 14 Dec 2014 18:30:02 -0800
Matt Kraai <kraai@ftbfs.org> napsal(a):

> Control: tags 773101 + patch
> Control: tags 773101 + pending
> 
> Hi,
> 
> I've prepared an NMU for rpm (versioned as 4.11.3-1.1) and uploaded it
> to DELAYED/5.  Please feel free to tell me if I should cancel it or
> delay it longer.

Thanks a lot, it looks fine. I simply did not get to work on it over
weekend. Feel free to upload it directly as well.

-- 
	Michal Čihař | http://cihar.com | http://blog.cihar.com

[Message part 2 (application/pgp-signature, inline)]

Reply sent to Matt Kraai <kraai@debian.org>:
You have taken responsibility. (Mon, 15 Dec 2014 09:24:18 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Mon, 15 Dec 2014 09:24:18 GMT) (full text, mbox, link).

Message #24 received at 773101-close@bugs.debian.org (full text, mbox, reply):

From: Matt Kraai <kraai@debian.org>
To: 773101-close@bugs.debian.org
Subject: Bug#773101: fixed in rpm 4.11.3-1.1
Date: Mon, 15 Dec 2014 09:22:17 +0000
Source: rpm
Source-Version: 4.11.3-1.1

We believe that the bug you reported is fixed in the latest version of
rpm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 773101@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matt Kraai <kraai@debian.org> (supplier of updated rpm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 14 Dec 2014 18:14:54 -0800
Source: rpm
Binary: rpm rpm2cpio rpm-common rpm-i18n librpm-dbg librpm3 librpmio3 librpmbuild3 librpmsign1 librpm-dev python-rpm debugedit
Architecture: source amd64 all
Version: 4.11.3-1.1
Distribution: unstable
Urgency: medium
Maintainer: Michal Čihař <nijel@debian.org>
Changed-By: Matt Kraai <kraai@debian.org>
Description:
 debugedit  - tool to mangle source locations in .debug files
 librpm-dbg - debugging symbols for RPM
 librpm-dev - RPM shared library, development kit
 librpm3    - RPM shared library
 librpmbuild3 - RPM build shared library
 librpmio3  - RPM IO shared library
 librpmsign1 - RPM signing shared library
 python-rpm - Python bindings for RPM
 rpm        - package manager for RPM
 rpm-common - common files for RPM
 rpm-i18n   - localization and localized man pages for rpm
 rpm2cpio   - tool to convert RPM package to CPIO archive
Closes: 773101
Changes:
 rpm (4.11.3-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Fix CVE-2013-6435 and CVE-2014-8118 (Closes: #773101).
Checksums-Sha1:
 fe724ea8a647bf7a0d4907ffd8de273f2edd4a31 2874 rpm_4.11.3-1.1.dsc
 e10e0283bdc51c1196c89bc57e70ec6c6aa79ad7 34876 rpm_4.11.3-1.1.debian.tar.xz
 1ed79d22e1e186697a203bb97a2a93d4b6875f28 1133604 rpm_4.11.3-1.1_amd64.deb
 d13073a3efffc2ea9cacd018627e7f9735cff4e7 1023842 rpm2cpio_4.11.3-1.1_amd64.deb
 b7cae3538f7ea9e216ce8d6eb7874a738eff199f 1045190 rpm-common_4.11.3-1.1_amd64.deb
 97bcdde75e26375a7ae3975e33822cba3137a4a0 1322282 rpm-i18n_4.11.3-1.1_all.deb
 a91801813739afdc626e93bd28c9b64a8d34bc58 2245820 librpm-dbg_4.11.3-1.1_amd64.deb
 d2b81d19f8ccc03a63d27a8dba9e2efa1d5e141a 1175684 librpm3_4.11.3-1.1_amd64.deb
 70384c679f5ea3a43e184b277e6ec4877d1a7554 1087388 librpmio3_4.11.3-1.1_amd64.deb
 6c2262845844aadbd7df3e9ea321bc32fb2296ad 1076750 librpmbuild3_4.11.3-1.1_amd64.deb
 1ac75ccfabf1bdec21d291be5a76e133950be7f3 1026740 librpmsign1_4.11.3-1.1_amd64.deb
 1bafc8ab1880ecaff772c1dfff0d6efe1ca597d0 1073000 librpm-dev_4.11.3-1.1_amd64.deb
 50d85252b4a596aeaef2952cdb0904f99b363ce0 1052456 python-rpm_4.11.3-1.1_amd64.deb
 0a2a550ce018d69a11fc77cdb939bba5a31f7b0f 1034452 debugedit_4.11.3-1.1_amd64.deb
Checksums-Sha256:
 b1fcdebb03ada20e4e3f923235c068be76f30c654fc90944343a6ba58632d1ce 2874 rpm_4.11.3-1.1.dsc
 b03e4ed1ae778c00cc191aa0856100ea2e7f1940ace6121a51133a0bb84d0fe1 34876 rpm_4.11.3-1.1.debian.tar.xz
 0a396dca8c574b31dc1c87d85b09a52713455874957cc8ef6b7a5ad0bb4c756a 1133604 rpm_4.11.3-1.1_amd64.deb
 cb7da1a81c2c0b19fad54fb9e83e5bfb73ee6a77911ec7f16a287919dd16ad7a 1023842 rpm2cpio_4.11.3-1.1_amd64.deb
 cb168c2769844d2b5daa51f4a82d75c63e879ae9c841ca8390f41d214d2c53ab 1045190 rpm-common_4.11.3-1.1_amd64.deb
 674036bb0bdcbb87ed16d835b9f77cbc856f61a2b0f8c3d899667ecacc3ce7ea 1322282 rpm-i18n_4.11.3-1.1_all.deb
 15ee1d8bcc48e10ec017b33cce43719b5137069f34116bbb71543929565bfe1b 2245820 librpm-dbg_4.11.3-1.1_amd64.deb
 3cd392f729c9bcc187541b46e2d5d45c80cb189d4da8b4d19a24216e0d0446b5 1175684 librpm3_4.11.3-1.1_amd64.deb
 13b687e760658ae33fec7a461ae745f488139efccf0f25a95db8ee40db85f5cb 1087388 librpmio3_4.11.3-1.1_amd64.deb
 636c925953e3f472c7c20eccc1756ce0830463fbcb83492a74f31d3230377b22 1076750 librpmbuild3_4.11.3-1.1_amd64.deb
 fe9b608b24145d86aeb00541f9862aa8a778a17ef063e9df5b032fbb281f2a5e 1026740 librpmsign1_4.11.3-1.1_amd64.deb
 713e2518cb92d91d183e2913ddbcf126812b3b8546eb188efc4eaa66a2cb5509 1073000 librpm-dev_4.11.3-1.1_amd64.deb
 55045c718d0f332b0fbf123dd4558a490a8287561beb53003e016d287d9963c4 1052456 python-rpm_4.11.3-1.1_amd64.deb
 850544bc064e99976de2e776bd999caaa78280e56ee80b8c07ead462f21c0a02 1034452 debugedit_4.11.3-1.1_amd64.deb
Files:
 38971f0d01e377e972376b7f84984f62 2874 admin optional rpm_4.11.3-1.1.dsc
 398dc98fe573d332da55a1f6b72d2dab 34876 admin optional rpm_4.11.3-1.1.debian.tar.xz
 bd20bef5deb0d4b3585b30734e6ad855 1133604 admin optional rpm_4.11.3-1.1_amd64.deb
 c675e46e78a1b73cd9aef5cc1c76f891 1023842 admin optional rpm2cpio_4.11.3-1.1_amd64.deb
 5bdecc0e31099424c6be2ba9426270cd 1045190 admin optional rpm-common_4.11.3-1.1_amd64.deb
 691c49ea97c96c98659a5285fde4f687 1322282 localization optional rpm-i18n_4.11.3-1.1_all.deb
 95660e568a8e753f0ed731f089c595bb 2245820 debug extra librpm-dbg_4.11.3-1.1_amd64.deb
 cd490f64c296df3680161e6404f076d4 1175684 libs optional librpm3_4.11.3-1.1_amd64.deb
 dde145758df7752cbca4a2654697b432 1087388 libs optional librpmio3_4.11.3-1.1_amd64.deb
 772154a2c21fa81d75a17200178900c1 1076750 libs optional librpmbuild3_4.11.3-1.1_amd64.deb
 67c626c890dba80248b403f0c557ef56 1026740 libs optional librpmsign1_4.11.3-1.1_amd64.deb
 ce26f46f86ac18908695f38694bb53e1 1073000 libdevel extra librpm-dev_4.11.3-1.1_amd64.deb
 3be669e7448c80ee0f9cddf11295ef7b 1052456 python extra python-rpm_4.11.3-1.1_amd64.deb
 5eb72188b93a20f1f0eded86e61282e1 1034452 admin optional debugedit_4.11.3-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUjkUNAAoJEB6TENmtzmBl2y0QAIh4NcN1NOPsCnD7Z/bqoxV8
Ln/6gay5KNBAnzcSed2eZ4zI4R0qzrfk4GEvoVOhrLi82XHOrPdVg39dhHgjmNaM
avBgrbaGNYjss1NS9I4HYmJv3EXJXKLgdXJ5tg4jCTiRFmIrqZJYdLTSv6q8o7sz
qSTcr8126Mr3tWultR4mH5XP+KGfdGH6nJuWLoUTHZwOrUDbmbSy2eyWwPthSuXK
lyftj3JrsXIAxbtCt2TngkWqG2xcpLTuatNtij3BX6gd6y8HnqU3JvjBp3RzyiHZ
xY3FZRkvn/6FGH3AgZG7TdDFddIbjPumMlihQV1N4urrNYGkKtJp4g1M6sy+1L1W
AE+FzLhtCVaDYbPT3mDYpCpV7K8yUnuUfrN3p5CF5wPbih/h6Z1kP8xtpuQqxRMc
yDExCYCdWvjWWwN/TCNWPb8SqVwX/9YJjGMK3wbYp8pC7+Le3iCvpt1MRRKhhfck
3iznh8GNXIRrNVg5Bygtr93wM/yWdbyQ5jcZrPxEGa4WYM/4SW3ts//80w+FGb9U
7M00OumLz18H3M0gWMfDFNIdHUcQEUwLDQr2qtr1xno7wzLVnVgxqyD4rXINqrHa
dolFDCCBsVVX88TbtBFJ33bGnViyKmKiIxTO3WQAJrhbbGWSVGE5YmCykgH8lp6G
xPsv8YZwVTSrN4IBDsLC
=Rgco
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 18 Jan 2015 07:25:05 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:23:00 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started