Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2012-3409

Related Vulnerabilities: CVE-2012-3409  

Source

Debian Bug report logs - #682220
CVE-2012-3409

version graph

Package: ecryptfs-utils; Maintainer for ecryptfs-utils is Laszlo Boszormenyi (GCS) <gcs@debian.org>; Source for ecryptfs-utils is src:ecryptfs-utils (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Fri, 20 Jul 2012 12:09:01 UTC

Severity: grave

Tags: security

Fixed in version ecryptfs-utils/99-1

Done: Daniel Baumann <daniel.baumann@progress-technologies.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Daniel Baumann <daniel.baumann@progress-technologies.net>:
Bug#682220; Package ecryptfs-utils. (Fri, 20 Jul 2012 12:09:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Daniel Baumann <daniel.baumann@progress-technologies.net>. (Fri, 20 Jul 2012 12:09:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2012-3409
Date: Fri, 20 Jul 2012 14:07:57 +0200
Package: ecryptfs-utils
Severity: grave
Tags: security

Please see the thread starting at
http://www.openwall.com/lists/oss-security/2012/07/10/19

Cheers,
        Moritz

Reply sent to Daniel Baumann <daniel.baumann@progress-technologies.net>:
You have taken responsibility. (Fri, 20 Jul 2012 14:51:10 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Fri, 20 Jul 2012 14:51:10 GMT) (full text, mbox, link).

Message #10 received at 682220-close@bugs.debian.org (full text, mbox, reply):

From: Daniel Baumann <daniel.baumann@progress-technologies.net>
To: 682220-close@bugs.debian.org
Subject: Bug#682220: fixed in ecryptfs-utils 99-1
Date: Fri, 20 Jul 2012 14:47:18 +0000
Source: ecryptfs-utils
Source-Version: 99-1

We believe that the bug you reported is fixed in the latest version of
ecryptfs-utils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 682220@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Baumann <daniel.baumann@progress-technologies.net> (supplier of updated ecryptfs-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 20 Jul 2012 15:31:43 +0200
Source: ecryptfs-utils
Binary: ecryptfs-utils ecryptfs-utils-dbg libecryptfs0 libecryptfs-dev python-ecryptfs
Architecture: source i386
Version: 99-1
Distribution: unstable
Urgency: low
Maintainer: Daniel Baumann <daniel.baumann@progress-technologies.net>
Changed-By: Daniel Baumann <daniel.baumann@progress-technologies.net>
Description: 
 ecryptfs-utils - ecryptfs cryptographic filesystem (utilities)
 ecryptfs-utils-dbg - ecryptfs cryptographic filesystem (utilities; debug)
 libecryptfs-dev - ecryptfs cryptographic filesystem (development)
 libecryptfs0 - ecryptfs cryptographic filesystem (library)
 python-ecryptfs - ecryptfs cryptographic filesystem (python)
Closes: 682220
Changes: 
 ecryptfs-utils (99-1) unstable; urgency=low
 .
   * Merging upstream version 99:
     - force the MS_NOSUID mount flag in mount.ecryptfs_private to protect
       against user controlled lower filesystems, such as an auto mounted
       USB drive, that may contain a setuid-root binary, CVE-2012-3409
       (Closes: #682220)
Checksums-Sha1: 
 63c12a27ec69376aa519a02b6da3a65e848aa0c6 1566 ecryptfs-utils_99-1.dsc
 23c954a52bcdf33cf5ac0e52bd9ccddf880145bc 384732 ecryptfs-utils_99.orig.tar.xz
 6969a4ec31cdf2ac9cf6b27b30efa7c1ec127fac 7968 ecryptfs-utils_99-1.debian.tar.xz
 1e21db1b93238c4a5c65c2952a707243060a2a50 93742 ecryptfs-utils_99-1_i386.deb
 d2f7bf46d189fe03396d2cc7e1b8b72b0b1170d8 220534 ecryptfs-utils-dbg_99-1_i386.deb
 40eea45429d723d10f0ccaee63693b7df33933f7 40062 libecryptfs0_99-1_i386.deb
 49c9653cc28da9f193ad5688cd9b6d2e488cbd32 44740 libecryptfs-dev_99-1_i386.deb
 37aa2a31513c459471fc033f8f06a9e3994c0bd2 18696 python-ecryptfs_99-1_i386.deb
Checksums-Sha256: 
 bfa067dbdd15259ef0710364a16f3eaf4ff42663f26190db1370c13eb7633d0d 1566 ecryptfs-utils_99-1.dsc
 a956f1193859b88ac8bd863803a17e41997d456d5547deb62dfd0659463951c1 384732 ecryptfs-utils_99.orig.tar.xz
 7b93ff40ffb09c003555da86575c0cfe108a5b575d3cacc2153491c2678704db 7968 ecryptfs-utils_99-1.debian.tar.xz
 e4acff6c5101904f98255871f81f1c402bdeb97b2b31c12e6773d36cc92cf04d 93742 ecryptfs-utils_99-1_i386.deb
 4a0d561143a252c0376a1f3ceb8851086d484ae20c0fc802f896837cc169cf1a 220534 ecryptfs-utils-dbg_99-1_i386.deb
 5dc8755126d359808a2bb6ca2bb2bc5175b89401e2cc946915ddebb02ae21833 40062 libecryptfs0_99-1_i386.deb
 39ed3ebfd5fe2c46089048472dced8d0a5258fbf79c3d66c468777c1433a7ff3 44740 libecryptfs-dev_99-1_i386.deb
 367e4b428b75b03ad67fb42d586ed1c10d17fce365830defe9a6cab44492589c 18696 python-ecryptfs_99-1_i386.deb
Files: 
 ee898d0c2d7ad7b2f64e565cc6dcd31b 1566 misc optional ecryptfs-utils_99-1.dsc
 7495a684f35417376ff48e5181ad9cbb 384732 misc optional ecryptfs-utils_99.orig.tar.xz
 2bee0342d2bdebffe191fbc608750b54 7968 misc optional ecryptfs-utils_99-1.debian.tar.xz
 9fab96c53d5d9ec1951ce8b81fc9beb4 93742 misc optional ecryptfs-utils_99-1_i386.deb
 f863dfdf6ec9e797d264f39172e7f426 220534 debug extra ecryptfs-utils-dbg_99-1_i386.deb
 114bfc0b241ab4ee1e518dbdd8e5d935 40062 libs optional libecryptfs0_99-1_i386.deb
 3b1b4a2ce8522a4350e7e33002c0f715 44740 libdevel optional libecryptfs-dev_99-1_i386.deb
 4f3b027c34c2452930046aaffa98b280 18696 python optional python-ecryptfs_99-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlAJZrcACgkQ+C5cwEsrK54JxwCg1cntzjuOErc/8VYobZq2MZqr
f3EAnRi0HNUvKiKzVMwPW83qNpYsyr9c
=A+Co
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 23 Aug 2012 07:26:35 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:16:35 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started