Debian Bug report logs -
#688942
389-ds-base: CVE-2012-4450
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 27 Sep 2012 07:30:02 UTC
Severity: grave
Tags: security
Fixed in version 389-ds-base/1.2.11.15-1
Done: Timo Aaltonen <tjaalton@ubuntu.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
:
Bug#688942
; Package 389-ds-base
.
(Thu, 27 Sep 2012 07:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
.
(Thu, 27 Sep 2012 07:30:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: 389-ds-base
Severity: grave
Tags: security
Justification: user security hole
This was assigned CVE-2012-4450:
https://fedorahosted.org/389/ticket/340
Patch:
http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
:
Bug#688942
; Package 389-ds-base
.
(Thu, 27 Sep 2012 08:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Timo Aaltonen <tjaalton@ubuntu.com>
:
Extra info received and forwarded to list. Copy sent to Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
.
(Thu, 27 Sep 2012 08:27:03 GMT) (full text, mbox, link).
Message #10 received at 688942@bugs.debian.org (full text, mbox, reply):
On 27.09.2012 10:24, Moritz Muehlenhoff wrote:
> Package: 389-ds-base
> Severity: grave
> Tags: security
> Justification: user security hole
>
> This was assigned CVE-2012-4450:
> https://fedorahosted.org/389/ticket/340
>
> Patch:
> http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
thanks, updated git to 1.2.11.15 + that patch, looking for a sponsor to
upload it.
--
t
Reply sent
to Timo Aaltonen <tjaalton@ubuntu.com>
:
You have taken responsibility.
(Wed, 03 Oct 2012 17:21:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(Wed, 03 Oct 2012 17:21:05 GMT) (full text, mbox, link).
Message #15 received at 688942-close@bugs.debian.org (full text, mbox, reply):
Source: 389-ds-base
Source-Version: 1.2.11.15-1
We believe that the bug you reported is fixed in the latest version of
389-ds-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 688942@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@ubuntu.com> (supplier of updated 389-ds-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 03 Oct 2012 19:33:52 +0300
Source: 389-ds-base
Binary: 389-ds 389-ds-base-libs 389-ds-base-libs-dbg 389-ds-base-dev 389-ds-base 389-ds-base-dbg
Architecture: source all amd64
Version: 1.2.11.15-1
Distribution: unstable
Urgency: low
Maintainer: Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
Changed-By: Timo Aaltonen <tjaalton@ubuntu.com>
Description:
389-ds - 389 Directory Server suite - metapackage
389-ds-base - 389 Directory Server suite - server
389-ds-base-dbg - 389 Directory Server suite - server debugging symbols
389-ds-base-dev - 389 Directory Server suite - development files
389-ds-base-libs - 389 Directory Server suite - libraries
389-ds-base-libs-dbg - 389 Directory Server suite - library debugging symbols
Closes: 688942 689389
Changes:
389-ds-base (1.2.11.15-1) unstable; urgency=low
.
* New upstream release.
* Add fix-cve-2012-4450.diff. (Closes: #688942)
* dirsrv.init: Fix stop() to remove the pidfile only when the process
is finished. (Closes: #689389)
* copyright: Update the source url.
* control: Drop quilt from build-depends, since using 3.0 (quilt)
* lintian-overrides: Add an override for hardening-no-fortify-
functions, since it's a false positive in this case.
* control: Drop dpkg-dev from build-depends, no need to specify it
directly.
* copyright: Add myself as a copyright holder for debian/*.
* 389-ds-base.prerm: Add 'set -e'.
* rules: drop DEB_HOST_MULTIARCH, dh9 handles it.
Checksums-Sha1:
287c04fa230ce10683e05c35a33281593cd38b7e 2538 389-ds-base_1.2.11.15-1.dsc
1d34456b520240eff3e40679802e7c2347078e37 2983709 389-ds-base_1.2.11.15.orig.tar.bz2
3a07b308ee790f938e7a114034ec96dfa78d5b76 22481 389-ds-base_1.2.11.15-1.debian.tar.gz
91a17bea4e12bef8ba7682ecd7b8d0030bea9a41 15308 389-ds_1.2.11.15-1_all.deb
e409a597b83d894d73cc787df2212f71c30f713d 430514 389-ds-base-libs_1.2.11.15-1_amd64.deb
2fc42e90ca4144156945d53d7a5ebd5cbf263442 1314264 389-ds-base-libs-dbg_1.2.11.15-1_amd64.deb
7f6b464f71258ad32fb07fb1d83fa147f7b65bec 73916 389-ds-base-dev_1.2.11.15-1_amd64.deb
7c10f39969491da5b1c6344c8e144a5dc26ed189 1740264 389-ds-base_1.2.11.15-1_amd64.deb
24d4253bba4438ba23a0ac0482f7d907a93c4db6 4416754 389-ds-base-dbg_1.2.11.15-1_amd64.deb
Checksums-Sha256:
afb770489b9e3d3b37e68df281f914cad7ba243088055f2b26f126a635bf2642 2538 389-ds-base_1.2.11.15-1.dsc
de193bf5e38e1c7e1b9af0e1eebab70c8b62c2b0daeaa0a33e737add90bcbce0 2983709 389-ds-base_1.2.11.15.orig.tar.bz2
06316ced7855884d4c3c170441ceb3bd1590b2d9eb0ab2e942d66e50cade13b6 22481 389-ds-base_1.2.11.15-1.debian.tar.gz
21a515edea0904cb09b09615bfce185b9c3d2530697402a556fb4424caed7189 15308 389-ds_1.2.11.15-1_all.deb
4921580b288e175aefc603f448142b4addb154d129d2443b0e9655e7e69862a3 430514 389-ds-base-libs_1.2.11.15-1_amd64.deb
ee7a8ec438ffbbbb2213255f1f7fe3f82875dd193080ae16a46588cb5fc6a4cc 1314264 389-ds-base-libs-dbg_1.2.11.15-1_amd64.deb
b4f8baaf12b7157982a4194a71824882bc0a0521388c28d5012f0570687cc58e 73916 389-ds-base-dev_1.2.11.15-1_amd64.deb
2dcbc07aa4b797dd664ff58df24619edf6b236517e3e3bb25df4f0a920bad3ee 1740264 389-ds-base_1.2.11.15-1_amd64.deb
b844cb5b2fa167efcaf8a24e5ca7bc9521db2239efe0f50cff1f68ad0646b17b 4416754 389-ds-base-dbg_1.2.11.15-1_amd64.deb
Files:
eca46b8dff49b3d258548d813b20d7ed 2538 net optional 389-ds-base_1.2.11.15-1.dsc
ae6bc25834728bcd9dd96ef82094c2bd 2983709 net optional 389-ds-base_1.2.11.15.orig.tar.bz2
ac0e39c9465066ec41d66fa3dbd0bd79 22481 net optional 389-ds-base_1.2.11.15-1.debian.tar.gz
d97b3c62e3e7db528639507b6a6b9c7b 15308 net optional 389-ds_1.2.11.15-1_all.deb
ef2dcc54c1f3e45dfa2cf92f26b0276d 430514 libs optional 389-ds-base-libs_1.2.11.15-1_amd64.deb
f82f70138ace3d35a12595917b8438d8 1314264 debug extra 389-ds-base-libs-dbg_1.2.11.15-1_amd64.deb
93f8227f67aa88871eee14983a08024e 73916 libdevel optional 389-ds-base-dev_1.2.11.15-1_amd64.deb
efaec22f681d2670bf8abdde31742e3b 1740264 net optional 389-ds-base_1.2.11.15-1_amd64.deb
3b538bfe27ef4507e180154a5f91f956 4416754 debug extra 389-ds-base-dbg_1.2.11.15-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQbHH8AAoJENADhS+9UlKe5+UP/3RNCnVe7xST27oWb73GFIBB
FQ56frWdDXsDK8xvr4HHgkS/o57Ynt5yZLCcl/WMsaxDTTMCjOWeaEHw49cggYTS
v4zHoHCJr2EYmNgrohgjVJ8WtsOXcCl/PhbDuu4RaHE0E6msX9SZ3wpUyGDiUCu5
OGGjdue2+pfBfyH/pCvxbuKTgmiRybGJ4OqMcg7UeF8al1vKCAfX2faC5AyIbqV3
ezbvl4BpPG1GMMExggy5OYi5f+baVH7ui4TCSjyEE9hPURcis5YExaOvNSPKBQ7p
XBlSyFQN//isuVPtmYYz9HnE13z0mOmvKOrO2l3H/DEj/B7O3ok1keUKCGatX8E2
D+IN38lWGFWLXR9NdAW1oYip2dKa/dCHMok+vqVn15e06bYU6IPzE0vTVCQIoz9D
AcipbpjXtqjy3/EbsFJJybw9ogS/9/E5eCp0CUTXWCT4HrIrkGt7YVWEOKzFbpfb
Qp9ejNufWIr1o76Ve69e9NRSFLIJlzHw1RUEAuKoNj1n+o67+M9nLidVZgujNtVG
xRi7vG2BxihIxX9DGB6WpQA9yyG4pHY4ggxaezTzpro3cbGUNnO3J9t04ZS71KA+
JAF0+ZJGoT2q+Ocoa6ElxTFRn42W1nVmflwo9GC99VEHMHWQCLCnnWjSGDFipqy6
V2mrfAuzB9EBCDYETEUE
=Cyvz
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Fri, 02 Nov 2012 07:26:34 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:26:55 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.