Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

audit: CVE-2015-5186: log terminal emulator escape sequences handling

Related Vulnerabilities: CVE-2015-5186  

Source

Debian Bug report logs - #795457
audit: CVE-2015-5186: log terminal emulator escape sequences handling

version graph

Package: src:audit; Maintainer for src:audit is Laurent Bigonville <bigon@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 14 Aug 2015 07:15:01 UTC

Severity: important

Tags: fixed-upstream, patch, security, upstream

Found in versions audit/1:2.4.2-1, audit/1.7.13-1

Fixed in version audit/1:2.4.4-1

Done: Laurent Bigonville <bigon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laurent Bigonville <bigon@debian.org>:
Bug#795457; Package src:audit. (Fri, 14 Aug 2015 07:15:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laurent Bigonville <bigon@debian.org>. (Fri, 14 Aug 2015 07:15:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: audit: CVE-2015-5186: log terminal emulator escape sequences handling
Date: Fri, 14 Aug 2015 09:10:10 +0200
Source: audit
Version: 1:2.4.2-1
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for audit.

CVE-2015-5186[0]:
log terminal emulator escape sequences handling

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-5186
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1251621
[2] https://fedorahosted.org/audit/changeset/1122

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Marked as found in versions audit/1.7.13-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 14 Aug 2015 07:39:06 GMT) (full text, mbox, link).

Reply sent to Laurent Bigonville <bigon@debian.org>:
You have taken responsibility. (Mon, 24 Aug 2015 21:51:10 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Mon, 24 Aug 2015 21:51:10 GMT) (full text, mbox, link).

Message #12 received at 795457-close@bugs.debian.org (full text, mbox, reply):

From: Laurent Bigonville <bigon@debian.org>
To: 795457-close@bugs.debian.org
Subject: Bug#795457: fixed in audit 1:2.4.4-1
Date: Mon, 24 Aug 2015 21:50:21 +0000
Source: audit
Source-Version: 1:2.4.4-1

We believe that the bug you reported is fixed in the latest version of
audit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 795457@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laurent Bigonville <bigon@debian.org> (supplier of updated audit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 24 Aug 2015 23:29:11 +0200
Source: audit
Binary: auditd libauparse0 libauparse-dev libaudit1 libaudit-common libaudit-dev python-audit audispd-plugins
Architecture: source amd64 all
Version: 1:2.4.4-1
Distribution: unstable
Urgency: medium
Maintainer: Laurent Bigonville <bigon@debian.org>
Changed-By: Laurent Bigonville <bigon@debian.org>
Description:
 audispd-plugins - Plugins for the audit event dispatcher
 auditd     - User space tools for security auditing
 libaudit-common - Dynamic library for security auditing - common files
 libaudit-dev - Header files and static library for security auditing
 libaudit1  - Dynamic library for security auditing
 libauparse-dev - Header files and static library for the libauparse0 library
 libauparse0 - Dynamic library for parsing security auditing
 python-audit - Python bindings for security auditing
Closes: 787066 795457
Changes:
 audit (1:2.4.4-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix log terminal emulator escape sequences handling (Closes: #795457
       CVE-2015-5186)
     - Internal libev updated to 4.20, this should fix the clang FTBFS (Closes:
       #787066)
     - debian/libauparse0.symbols: Adjust the symbols file
   * Install .pc files in the respective -dev packages
   * debian/control: Explicitly build-depends against dh-python
   * debian/rules: Unconditionally enable Aarch64 processor support now that
     it's an official port.
Checksums-Sha1:
 7a4e27f39bed5f7e929f3f3b069bc041c41a9a5d 2096 audit_2.4.4-1.dsc
 ad38f3352e21716e86d73b4e06cc41a5e85882ee 1004024 audit_2.4.4.orig.tar.gz
 82b117811a34589092878bd1e513fba75ad1e548 16124 audit_2.4.4-1.debian.tar.xz
 c71667d31e46e956da81719dec49675395591c37 64364 audispd-plugins_2.4.4-1_amd64.deb
 f1f1fa73cdef3bf06f60744f23dd63d0d7cc0b9e 209976 auditd_2.4.4-1_amd64.deb
 57fdac3101866d0103b2854cc69a771c5ea1f7a5 14646 libaudit-common_2.4.4-1_all.deb
 afc18f75fa38cdfd2513eed3f4ea6db2bff19d3c 75426 libaudit-dev_2.4.4-1_amd64.deb
 749415118d4890b56da8b138add5b661b164636b 47104 libaudit1_2.4.4-1_amd64.deb
 39ddd93523a49a4b118aa0d1e86d6adc3865a75a 76048 libauparse-dev_2.4.4-1_amd64.deb
 f633faf3a2128992f935db4fe1fe0ba4b0c84e42 47806 libauparse0_2.4.4-1_amd64.deb
 fdfa325a7024630125e9cc3af8612a1fe01f9e61 62528 python-audit_2.4.4-1_amd64.deb
Checksums-Sha256:
 46aecdc78e838d411f1eed1e95fa40605960baa393ea292c87641f8e44b3df27 2096 audit_2.4.4-1.dsc
 25f57f465f3230d7b1166b615ffd6748818a3dc225d0e8b396c5b2e951674e23 1004024 audit_2.4.4.orig.tar.gz
 853dc9a5e2442b88fd98556bf363e07c6b42c73c935997a0ed01de0b217b53b7 16124 audit_2.4.4-1.debian.tar.xz
 d3b597536dc066d0178d0c68f03ab69e207a47ba9d597d935c2d7c1a567e6b38 64364 audispd-plugins_2.4.4-1_amd64.deb
 bfe6ec86bc09ce95b6bb480813b5c2e95fd843a4c8e1b7af64e713abcd238f32 209976 auditd_2.4.4-1_amd64.deb
 34bc78e6e5eb19e0fa1df008fb6011d3e2406ae15e2268baf58e35f4c4ee1dd8 14646 libaudit-common_2.4.4-1_all.deb
 8c29cfde7dd20e5f78b8d1521a8ad09e0a76e8e600fe2cbdbe5179c28f08e469 75426 libaudit-dev_2.4.4-1_amd64.deb
 3c4eb6a7644834166e87ddf4020e19801fbcded7d496e7cd6c2d3c391d246074 47104 libaudit1_2.4.4-1_amd64.deb
 539d19259e7e84b3c5432726fb6b999218a79871e646fdbf66a1269611bda828 76048 libauparse-dev_2.4.4-1_amd64.deb
 a8a5dc0d5ab140e5c71b88a34873c0b20ba726cac6e75dfabcfc278bb079d674 47806 libauparse0_2.4.4-1_amd64.deb
 d8d5c8b7876a26958f8e48204e5ac4b666b3812357270f04842a1994c3f1a60c 62528 python-audit_2.4.4-1_amd64.deb
Files:
 9268c36bdda4f9d023ec866ddac4fd3d 2096 libs extra audit_2.4.4-1.dsc
 72b0fd94d32846142bc472f0d91e62b4 1004024 libs extra audit_2.4.4.orig.tar.gz
 5bf3a10c629247498ca05d2577727d85 16124 libs extra audit_2.4.4-1.debian.tar.xz
 af672aa8b300fbb1210b0b18136de139 64364 admin extra audispd-plugins_2.4.4-1_amd64.deb
 e275065461cff508f2e974dbba8ef1f6 209976 admin extra auditd_2.4.4-1_amd64.deb
 643b2a16afb4658ef3c716c97ae7ed74 14646 libs optional libaudit-common_2.4.4-1_all.deb
 2818b97194e50dc41b15e1a3e5380456 75426 libdevel extra libaudit-dev_2.4.4-1_amd64.deb
 83f27ea471d1f4600cd626bf49f04a83 47104 libs optional libaudit1_2.4.4-1_amd64.deb
 e9cef9ec4237db9cc75ceb832ed1a3ce 76048 libdevel extra libauparse-dev_2.4.4-1_amd64.deb
 35fc941e4f2bddd82e167fbb5805d194 47806 libs optional libauparse0_2.4.4-1_amd64.deb
 40348c815c85554be085df58d739bdcd 62528 python extra python-audit_2.4.4-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJV245tAAoJEB/FiR66sEPVjqkH/1+60tVnSULHxzWxWPKu6Ywh
U2LN9oFLf6EK3AcMH3D/pPTwop/cOCVXJ5x/LzsmNF5OR747sEXZtBVA7nGWJ/p5
EegWNoAGJbsGbypFpxdFH6cBIWK6pLDSeBuF0w2C7Ztm8rNOU1mzR5RjD2QEIv+V
FZBtRPV/CBvkd1DAzEcoX19ad8TOx3KzYBQtssYE5fuyeAR84Lx43UrodMxEu4Hy
VMBCOPpaeih4oaA63srYspC/0nKQ9DMNkPSxWboXDFxs63gxUwLrHiogaC07eiSZ
BSAuz4/BIlcQzwph8qvUCCe05/xInuxLnzae2E6KanNg47/ZnheIDfPFrZaHG4k=
=3YsW
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 07 Nov 2015 07:28:13 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:54:12 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started