Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2018-14722

Related Vulnerabilities: CVE-2018-14722  

Source

Debian Bug report logs - #906131
CVE-2018-14722

version graph

Package: btrfsmaintenance; Maintainer for btrfsmaintenance is Nicholas D Steeves <nsteeves@gmail.com>; Source for btrfsmaintenance is src:btrfsmaintenance (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Tue, 14 Aug 2018 17:27:02 UTC

Severity: grave

Tags: security

Found in version btrfsmaintenance/0.4.1-1

Fixed in version btrfsmaintenance/0.4.1-2

Done: Nicholas D Steeves <nsteeves@gmail.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Nicholas D Steeves <nsteeves@gmail.com>:
Bug#906131; Package btrfsmaintenance. (Tue, 14 Aug 2018 17:27:05 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Nicholas D Steeves <nsteeves@gmail.com>. (Tue, 14 Aug 2018 17:27:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2018-14722
Date: Tue, 14 Aug 2018 19:24:26 +0200
Package: btrfsmaintenance
Severity: grave
Tags: security

Please see http://www.openwall.com/lists/oss-security/2018/08/14/7

Cheers,
        Moritz

Marked as found in versions btrfsmaintenance/0.4.1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 14 Aug 2018 18:33:05 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#906131; Package btrfsmaintenance. (Wed, 15 Aug 2018 05:24:02 GMT) (full text, mbox, link).

Acknowledgement sent to Nicholas D Steeves <nsteeves@gmail.com>:
Extra info received and forwarded to list. (Wed, 15 Aug 2018 05:24:02 GMT) (full text, mbox, link).

Message #12 received at 906131@bugs.debian.org (full text, mbox, reply):

From: Nicholas D Steeves <nsteeves@gmail.com>
To: Moritz Muehlenhoff <jmm@debian.org>, 906131@bugs.debian.org
Cc: Sven Hoexter <sven@stormbind.net>
Subject: Re: Bug#906131: CVE-2018-14722
Date: Wed, 15 Aug 2018 01:20:45 -0400
[Message part 1 (text/plain, inline)]
Dear Moritz and Sven,

On Tue, Aug 14, 2018 at 07:24:26PM +0200, Moritz Muehlenhoff wrote:
> Package: btrfsmaintenance
> Severity: grave
> Tags: security
> 
> Please see http://www.openwall.com/lists/oss-security/2018/08/14/7
> 
> Cheers,
>         Moritz

Thank you for forwarding this report.  Unfortunately I do not yet have
DM for btrfsmaintenance so cannot upload.  I've CCed Sven in case he
wants to sponsor, but if he's on holidays would you be willing to
sponsor it?

I've uploaded to mentors

  https://mentors.debian.net/package/btrfsmaintenance
  dget https://mentors.debian.net/debian/pool/main/b/btrfsmaintenance/btrfsmaintenance_0.4.1-2.dsc

The package's repo can also be cloned:
  git clone https://salsa.debian.org/sten-guest/btrfsmaintenance.git

I don't use dgit, except to quickly download the latest
orig.tarball...  Maybe something like this would be fastest:
  dgit clone btrfsmaintenance
  cd btrfsmaintenace
  git remote add salsa https://salsa.debian.org/sten-guest/btrfsmaintenance.git
  git fetch salsa && git merge --allow-unrelated-histories -X theirs salsa/master

Cheers,
Nicholas

[signature.asc (application/pgp-signature, inline)]

Reply sent to Nicholas D Steeves <nsteeves@gmail.com>:
You have taken responsibility. (Wed, 15 Aug 2018 08:51:09 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Wed, 15 Aug 2018 08:51:09 GMT) (full text, mbox, link).

Message #17 received at 906131-close@bugs.debian.org (full text, mbox, reply):

From: Nicholas D Steeves <nsteeves@gmail.com>
To: 906131-close@bugs.debian.org
Subject: Bug#906131: fixed in btrfsmaintenance 0.4.1-2
Date: Wed, 15 Aug 2018 08:48:28 +0000
Source: btrfsmaintenance
Source-Version: 0.4.1-2

We believe that the bug you reported is fixed in the latest version of
btrfsmaintenance, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 906131@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicholas D Steeves <nsteeves@gmail.com> (supplier of updated btrfsmaintenance package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 15 Aug 2018 00:32:20 -0400
Source: btrfsmaintenance
Binary: btrfsmaintenance
Architecture: source all
Version: 0.4.1-2
Distribution: unstable
Urgency: high
Maintainer: Nicholas D Steeves <nsteeves@gmail.com>
Changed-By: Nicholas D Steeves <nsteeves@gmail.com>
Description:
 btrfsmaintenance - automate btrfs maintenance tasks on mountpoints or directories
Closes: 906131
Changes:
 btrfsmaintenance (0.4.1-2) unstable; urgency=high
 .
   * Import patch provided by SUSE to fix CVE-2018-14722. (Closes: #906131)
     - 0002-Import-patch-provided-by-SUSE-to-fix-CVE-2018-14722.patch
   * Declare Standards-Version: 4.2.0. (No additional changes needed)
Checksums-Sha1:
 c73bd894f09a986f393ac916b030c929b64149b6 1942 btrfsmaintenance_0.4.1-2.dsc
 4f910db9aff82964826f3f6394726427bc21a946 5824 btrfsmaintenance_0.4.1-2.debian.tar.xz
 33724713783ff4f6f32e9ddef6fc00bae8dbb123 17248 btrfsmaintenance_0.4.1-2_all.deb
 5221c9b95a222fb1177c202c4bf7775c8a7280bd 5638 btrfsmaintenance_0.4.1-2_amd64.buildinfo
Checksums-Sha256:
 91a271754e54c2531f310414b457151a37fd62169cb1facd8dffcf59fda64abc 1942 btrfsmaintenance_0.4.1-2.dsc
 42be9cf4de0e63a95f0ecc5d86f2d768717429c7a4e008570613e5ae6c269b0f 5824 btrfsmaintenance_0.4.1-2.debian.tar.xz
 470b0c47bebee96d673f36a3c6a35c0eb9a0e41748b45c1e43f96b60cd45c0b8 17248 btrfsmaintenance_0.4.1-2_all.deb
 924725f38c79049158139c30f5b42ae689770eff2f6466040f5843d27eaa914d 5638 btrfsmaintenance_0.4.1-2_amd64.buildinfo
Files:
 0648ed44373cd2909206bfffaa529e27 1942 admin optional btrfsmaintenance_0.4.1-2.dsc
 c798081fff1c66ce8d8405015363d230 5824 admin optional btrfsmaintenance_0.4.1-2.debian.tar.xz
 ee7a14fdaed3c619f974e5ff88b03e78 17248 admin optional btrfsmaintenance_0.4.1-2_all.deb
 d01460f19fe845739576e339de1f8263 5638 admin optional btrfsmaintenance_0.4.1-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfAcX+forK514ixQbptwk2dokk9EFAltz39IACgkQptwk2dok
k9FZ4Q//ccDYVbht1Ln1Y+jzHhQflokKVOmNHNaGjTlFf+CcKZ8s90G6wYo9TBYQ
i8ML5asAquclp7lh8dU4MrsTeh7M6r+n49E5Ozepu6nQkKMuRutLOnQQGqvPUjUV
nAKgO/ltm+1yls59T8SioL3ZX+mCqBo+GO3MGHQdnYHkugD8o3fZnfWCNI85uqub
5xyhmjtqJJwaogHcxG/02H9quMFjH1qnGQ44klJaob0EbgThMIqDLljDiiF4a2u1
XQdtxNQ6kMiAfyTI6T3srFCgPnAzHstFKPLmNdnn409k2YF9+M1A1xc0XeAkIzZR
HFoEEnt7B5Y0iamViVstZumVAW5Wccab3UK+fW275YecpGvMuKCVZWJ3e87o1Otz
vk5otjC3ZmdH12ymEcfynW8aVGgsnpMp9MpNDTevZzc+fyZl1XLjAhUFyBSoPASi
zQSng5WrmJ4f1rYq+LdWwwkc04USmVMIQKB7nrnXMv/Ni/D9MtFkHeAV1O1mcR0C
hNeQR8IeNeRo520WgdkdZk62mXBU5DFHYmp9w1A11voBaZ/qwUaMONHnlo7BbxAG
LoG/sy4jB+xklbQZ20VshUtKIEyDGfYYB55Rypv/rStilp6ty6PLuxeVIEZSRjg6
AwUQOGnqrog9K4y97GVX0bfZqv0eYQEHg1VIL2xYH2oA8MJlLIw=
=v+hU
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#906131; Package btrfsmaintenance. (Wed, 15 Aug 2018 15:36:03 GMT) (full text, mbox, link).

Acknowledgement sent to Nicholas D Steeves <nsteeves@gmail.com>:
Extra info received and forwarded to list. (Wed, 15 Aug 2018 15:36:03 GMT) (full text, mbox, link).

Message #22 received at 906131@bugs.debian.org (full text, mbox, reply):

From: Nicholas D Steeves <nsteeves@gmail.com>
To: 906131@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@debian.org>, Sven Hoexter <sven@stormbind.net>
Subject: Re: Bug#906131 closed by Nicholas D Steeves <nsteeves@gmail.com> (Bug#906131: fixed in btrfsmaintenance 0.4.1-2)
Date: Wed, 15 Aug 2018 11:34:21 -0400
[Message part 1 (text/plain, inline)]
Hi Sven,

On Wed, Aug 15, 2018 at 08:51:09AM +0000, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the btrfsmaintenance package:
> 
> #906131: CVE-2018-14722
> 
> It has been closed by Nicholas D Steeves <nsteeves@gmail.com>.

Thank you for sponsoring this upload so quickly :-)

Truly appreciative,
Nicholas

[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 14 Sep 2018 07:25:53 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:04:45 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started