Debian Bug report logs -
#610032
CVE-2010-4341
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 14 Jan 2011 23:24:01 UTC
Severity: grave
Tags: security, squeeze-ignore
Fixed in versions sssd/1.2.1-4.1, sssd/1.2.1-4+squeeze1
Done: Thijs Kinkhorst <thijs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Petter Reinholdtsen <pere@debian.org>:
Bug#610032; Package sssd.
(Fri, 14 Jan 2011 23:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Petter Reinholdtsen <pere@debian.org>.
(Fri, 14 Jan 2011 23:24:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: sssd
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4341
for description and patch.
Cheers,
Moritz
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Information forwarded
to debian-bugs-dist@lists.debian.org, Petter Reinholdtsen <pere@debian.org>:
Bug#610032; Package sssd.
(Sat, 15 Jan 2011 11:09:10 GMT) (full text, mbox, link).
Acknowledgement sent
to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Petter Reinholdtsen <pere@debian.org>.
(Sat, 15 Jan 2011 11:09:10 GMT) (full text, mbox, link).
Message #10 received at 610032@bugs.debian.org (full text, mbox, reply):
user release.debian.org@packages.debian.org
tag 610032 + squeeze-ignore
usertag 610032 + squeeze-can-defer
thanks
On Sat, 2011-01-15 at 00:21 +0100, Moritz Muehlenhoff wrote:
> Package: sssd
> Severity: grave
> Tags: security
>
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4341
> for description and patch.
Can be fixed via stable-security after release if required; marking as
not a blocker for Squeeze.
Regards,
Adam
Added tag(s) squeeze-ignore.
Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk>
to control@bugs.debian.org.
(Sat, 15 Jan 2011 11:09:14 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Petter Reinholdtsen <pere@debian.org>:
Bug#610032; Package sssd.
(Tue, 25 Jan 2011 20:27:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Petter Reinholdtsen <pere@debian.org>.
(Tue, 25 Jan 2011 20:27:09 GMT) (full text, mbox, link).
Message #17 received at 610032@bugs.debian.org (full text, mbox, reply):
On Sat, Jan 15, 2011 at 12:21:16AM +0100, Moritz Muehlenhoff wrote:
> Package: sssd
> Severity: grave
> Tags: security
>
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4341
> for description and patch.
What's the status?
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Petter Reinholdtsen <pere@debian.org>:
Bug#610032; Package sssd.
(Tue, 25 Jan 2011 21:00:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Petter Reinholdtsen <pere@debian.org>.
(Tue, 25 Jan 2011 21:00:03 GMT) (full text, mbox, link).
Message #22 received at 610032@bugs.debian.org (full text, mbox, reply):
[Moritz Mühlenhoff]
> What's the status?
Been too busy with work and real life to look at sssd, and welcome NMUs
to fix it. It is unlikely to change before Squeeze is released, but I
hope it will improve in a month or two. I suspect Werner is in the
same situation.
Happy hacking,
--
Petter Reinholdtsen
Information forwarded
to debian-bugs-dist@lists.debian.org, Petter Reinholdtsen <pere@debian.org>:
Bug#610032; Package sssd.
(Tue, 25 Jan 2011 21:21:20 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Petter Reinholdtsen <pere@debian.org>.
(Tue, 25 Jan 2011 21:21:20 GMT) (full text, mbox, link).
Message #27 received at 610032@bugs.debian.org (full text, mbox, reply):
On Tue, Jan 25, 2011 at 09:56:45PM +0100, Petter Reinholdtsen wrote:
> [Moritz Mühlenhoff]
> > What's the status?
>
> Been too busy with work and real life to look at sssd, and welcome NMUs
> to fix it. It is unlikely to change before Squeeze is released, but I
> hope it will improve in a month or two. I suspect Werner is in the
> same situation.
Petter, Werner
I've uploaded an NMU to unstable. I could only do artificial tests.
since I lack a setup/LDAP to test sssd in practive.
Please test the packages in a real sssd setup and request the unblock
for Squeeze.
Cheers,
Moritz
Reply sent
to Moritz Muehlenhoff <jmm@debian.org>:
You have taken responsibility.
(Tue, 25 Jan 2011 21:36:22 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Tue, 25 Jan 2011 21:36:22 GMT) (full text, mbox, link).
Message #32 received at 610032-close@bugs.debian.org (full text, mbox, reply):
Source: sssd
Source-Version: 1.2.1-4.1
We believe that the bug you reported is fixed in the latest version of
sssd, which is due to be installed in the Debian FTP archive:
libnss-sss_1.2.1-4.1_amd64.deb
to main/s/sssd/libnss-sss_1.2.1-4.1_amd64.deb
libpam-sss_1.2.1-4.1_amd64.deb
to main/s/sssd/libpam-sss_1.2.1-4.1_amd64.deb
python-sss_1.2.1-4.1_amd64.deb
to main/s/sssd/python-sss_1.2.1-4.1_amd64.deb
sssd_1.2.1-4.1.diff.gz
to main/s/sssd/sssd_1.2.1-4.1.diff.gz
sssd_1.2.1-4.1.dsc
to main/s/sssd/sssd_1.2.1-4.1.dsc
sssd_1.2.1-4.1_amd64.deb
to main/s/sssd/sssd_1.2.1-4.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 610032@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Muehlenhoff <jmm@debian.org> (supplier of updated sssd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 25 Jan 2011 22:09:21 +0100
Source: sssd
Binary: sssd libnss-sss libpam-sss python-sss
Architecture: source amd64
Version: 1.2.1-4.1
Distribution: unstable
Urgency: medium
Maintainer: Petter Reinholdtsen <pere@debian.org>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Description:
libnss-sss - Nss library for the System Security Services Daemon
libpam-sss - Pam module for the System Security Services Daemon
python-sss - Pam module for the System Security Services Daemon
sssd - System Security Services Daemon
Closes: 610032
Changes:
sssd (1.2.1-4.1) unstable; urgency=medium
.
* Non-maintainer upload by the Security Team
* Fix CVE-2010-4341 (Closes: #610032)
Checksums-Sha1:
6375de3a5fc5a526477c46087dba35691aabe2b1 1592 sssd_1.2.1-4.1.dsc
a8c492eb54032159df0fb87d8992b32918998c89 15965 sssd_1.2.1-4.1.diff.gz
5ac8955c55b5261c247605d0c30ad954ec332a50 1727542 sssd_1.2.1-4.1_amd64.deb
30e9fe6a5cc8bfada190ee13e1bd34d7b8ed5ca6 16298 libnss-sss_1.2.1-4.1_amd64.deb
2d71707935f7f66cd5c3d7fc1575f6c94c05448d 20528 libpam-sss_1.2.1-4.1_amd64.deb
1d9bf69e723ad316b5a03e3c754f2bdc1325d163 150038 python-sss_1.2.1-4.1_amd64.deb
Checksums-Sha256:
3b10bffff0b419d63fad411582f52ccf9820e018c11688fcc12f00eeeb3d87c7 1592 sssd_1.2.1-4.1.dsc
b24a2eac117c53ffec35646aa537c30a2319d3bdb683f396d2ea4a47fee85c7d 15965 sssd_1.2.1-4.1.diff.gz
a49f8671cea433bfefd16e45aa152ca844ad204453016f2500afac6d9feccd7e 1727542 sssd_1.2.1-4.1_amd64.deb
7f72d442876ea44f5ba68f08221fa13263ef85b78d4fce4bbdf6a6f5f81fca57 16298 libnss-sss_1.2.1-4.1_amd64.deb
641166fd35a934bfe477ee86b5063c528cead09d166200fefc3b699d995b6ed7 20528 libpam-sss_1.2.1-4.1_amd64.deb
99c3c5cfdbcb16ec6d7935354edb4deac89d6bbe12f04a9b3610484f14ff6898 150038 python-sss_1.2.1-4.1_amd64.deb
Files:
6a77eca3df059b22ded30373c24675ce 1592 utils extra sssd_1.2.1-4.1.dsc
a401cdca4085774d143b32b8e25e3d92 15965 utils extra sssd_1.2.1-4.1.diff.gz
49b491229fc109a402376ba5a49892a9 1727542 utils extra sssd_1.2.1-4.1_amd64.deb
c05bc7a04b81dff4a36046630640e182 16298 utils extra libnss-sss_1.2.1-4.1_amd64.deb
2c868f385e32ab9227909e251b45c0a6 20528 utils extra libpam-sss_1.2.1-4.1_amd64.deb
cea35fc3cd4c459faf70a50c8d656c07 150038 python extra python-sss_1.2.1-4.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0/PdoACgkQXm3vHE4uylpCcwCfVP37BU9paeK5oeeZSV4vvm1V
MEsAnRwlhiERFAv7/6wxjNBksw1Yvcsx
=4kfM
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Petter Reinholdtsen <pere@debian.org>:
Bug#610032; Package sssd.
(Mon, 31 Jan 2011 20:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Petter Reinholdtsen <pere@debian.org>.
(Mon, 31 Jan 2011 20:09:03 GMT) (full text, mbox, link).
Message #37 received at 610032@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
sssd/1.2.1-4.1 was NMU'ed by Moritz to sid to fix a security issue, but
unfortunately in unstable it picked up newer dependencies so it can't migrate
to testing. I've prepared an upload for tpu with exactly the same changes
(modulo changelog) but built in a squeeze environment, and would like to get
your permission to upload it.
Debdiff attached and built packages at http://loeki.tv/~thijs/sssd/
Cheers,
Thijs
[sssd_testing.diff (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Petter Reinholdtsen <pere@debian.org>:
Bug#610032; Package sssd.
(Mon, 31 Jan 2011 20:45:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Petter Reinholdtsen <pere@debian.org>.
(Mon, 31 Jan 2011 20:45:07 GMT) (full text, mbox, link).
Message #42 received at 610032@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Mon, Jan 31, 2011 at 21:04:48 +0100, Thijs Kinkhorst wrote:
> Hi,
>
> sssd/1.2.1-4.1 was NMU'ed by Moritz to sid to fix a security issue, but
> unfortunately in unstable it picked up newer dependencies so it can't migrate
> to testing. I've prepared an upload for tpu with exactly the same changes
> (modulo changelog) but built in a squeeze environment, and would like to get
> your permission to upload it.
>
> Debdiff attached and built packages at http://loeki.tv/~thijs/sssd/
>
Please go ahead.
Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility.
(Mon, 31 Jan 2011 21:36:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Mon, 31 Jan 2011 21:36:04 GMT) (full text, mbox, link).
Message #47 received at 610032-close@bugs.debian.org (full text, mbox, reply):
Source: sssd
Source-Version: 1.2.1-4+squeeze1
We believe that the bug you reported is fixed in the latest version of
sssd, which is due to be installed in the Debian FTP archive:
libnss-sss_1.2.1-4+squeeze1_i386.deb
to main/s/sssd/libnss-sss_1.2.1-4+squeeze1_i386.deb
libpam-sss_1.2.1-4+squeeze1_i386.deb
to main/s/sssd/libpam-sss_1.2.1-4+squeeze1_i386.deb
python-sss_1.2.1-4+squeeze1_i386.deb
to main/s/sssd/python-sss_1.2.1-4+squeeze1_i386.deb
sssd_1.2.1-4+squeeze1.diff.gz
to main/s/sssd/sssd_1.2.1-4+squeeze1.diff.gz
sssd_1.2.1-4+squeeze1.dsc
to main/s/sssd/sssd_1.2.1-4+squeeze1.dsc
sssd_1.2.1-4+squeeze1_i386.deb
to main/s/sssd/sssd_1.2.1-4+squeeze1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 610032@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated sssd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 31 Jan 2011 20:48:45 +0100
Source: sssd
Binary: sssd libnss-sss libpam-sss python-sss
Architecture: source i386
Version: 1.2.1-4+squeeze1
Distribution: testing
Urgency: medium
Maintainer: Petter Reinholdtsen <pere@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
libnss-sss - Nss library for the System Security Services Daemon
libpam-sss - Pam module for the System Security Services Daemon
python-sss - Pam module for the System Security Services Daemon
sssd - System Security Services Daemon
Closes: 610032
Changes:
sssd (1.2.1-4+squeeze1) testing; urgency=medium
.
* Non-maintainer upload by the Security Team
* Fix CVE-2010-4341 (Closes: #610032)
Checksums-Sha1:
a8e92327af62bf8bc59cb4b63b961c438ab0ddff 1912 sssd_1.2.1-4+squeeze1.dsc
d9bda7f00b6204096c51466b2cddbbf25a66dddd 16066 sssd_1.2.1-4+squeeze1.diff.gz
576542141df16e5908f05a567e7fb3e8d8514dd4 1530442 sssd_1.2.1-4+squeeze1_i386.deb
baccc0e1d87af9ecfa819efccc440814d9fc8894 19226 libnss-sss_1.2.1-4+squeeze1_i386.deb
714e45b61fcb80914dc6e6ae741aa76df14ad982 23068 libpam-sss_1.2.1-4+squeeze1_i386.deb
07dd956192ae09b0d1f3eec64b54c829207af222 135566 python-sss_1.2.1-4+squeeze1_i386.deb
Checksums-Sha256:
16a21e167ac74d54f05950be8dea3039a1f96fb2ce67452796c6af4addcefb86 1912 sssd_1.2.1-4+squeeze1.dsc
7aac8debd90bc0bb0c3dc5230e876ccb67aaca12e3fca6a2680c91c458e03da9 16066 sssd_1.2.1-4+squeeze1.diff.gz
3c3b7827738d7e7e870e1b124bcfae4955de384e02409a017f1673ae8f348659 1530442 sssd_1.2.1-4+squeeze1_i386.deb
e886f57d04c07fe3df1a6ad136d41ba669359b7d2c5268abddc9c78cbf0da041 19226 libnss-sss_1.2.1-4+squeeze1_i386.deb
4b4400e401a1d074b8b7807a2388215e4542d844ea488df7488c7e2a00e6d79b 23068 libpam-sss_1.2.1-4+squeeze1_i386.deb
cda16f88f3515edea56834cedabe1c28b33341e5f8bccd620fd95e2ce36b8e7e 135566 python-sss_1.2.1-4+squeeze1_i386.deb
Files:
38aff2dfab70aba4b70ed3a1cc1b9321 1912 utils extra sssd_1.2.1-4+squeeze1.dsc
0fb28b9ac7e57d9f7455dab7e6461fb9 16066 utils extra sssd_1.2.1-4+squeeze1.diff.gz
f2c40afa8822f28ad01cafd54bf435a9 1530442 utils extra sssd_1.2.1-4+squeeze1_i386.deb
1f3c8abc468a4d00edd2677e521c08ce 19226 utils extra libnss-sss_1.2.1-4+squeeze1_i386.deb
c72332ad7e1b571913afd04fff8a6346 23068 utils extra libpam-sss_1.2.1-4+squeeze1_i386.deb
f45357081ec8a1cff4a557ddaa4bbb57 135566 python extra python-sss_1.2.1-4+squeeze1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJNRxOcAAoJEOxfUAG2iX57fYwH/iTGb0taGjYLegmJYSbqBqdO
HyjJXdnsRIuDg4NGndsBA7KAoOhkW/XrJ0A2OuG4ETlm8c9B6GvfGJciwcdJEHAS
LVpsqEZq8yqDF+uMEFgMxGEIL4xmKaYR0CLKYf98R2pFmc7gBcHeCa9Zv+JAZtED
XOMu2wcjX2y1i1Cai52DIgnejQZ2u2ylF9SQ4GB6TMfC6rrRmU9SGWGgyA67RVqo
wDmL8xxKXhQucgQOlLsOBSxm0OiqpisnwUNc2/hTgY4O6Is+IAFEB2WhFp10HhgT
1Bs7HvBFedDN3oQbR/XUd/w/kj0nGoRMKnJc/lF/M8M8Rr8i6OYkINQ3Gq0iH+E=
=hsnI
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 01 Mar 2011 07:32:33 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:08:06 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon