Debian Bug report logs -
#667031
Multiple security issues
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Tue, 3 Apr 2012 14:30:01 UTC
Severity: grave
Tags: security
Fixed in version rpm/4.9.1.3-1
Done: Michal Čihař <nijel@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Michal ÄihaÅ <nijel@debian.org>:
Bug#667031; Package rpm.
(Tue, 03 Apr 2012 14:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Michal ÄihaÅ <nijel@debian.org>.
(Tue, 03 Apr 2012 14:30:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: rpm
Severity: grave
Tags: security
Multiple security issues have been discovered in rpm. Red Hat bugzilla
contains references to descripions and patches for rpm 4.8:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0815
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0060
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0061
Cheers,
Moritz
Reply sent
to Michal ÄihaÅ <nijel@debian.org>:
You have taken responsibility.
(Thu, 05 Apr 2012 09:50:30 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Thu, 05 Apr 2012 09:50:44 GMT) (full text, mbox, link).
Message #10 received at 667031-close@bugs.debian.org (full text, mbox, reply):
Source: rpm
Source-Version: 4.9.1.3-1
We believe that the bug you reported is fixed in the latest version of
rpm, which is due to be installed in the Debian FTP archive:
librpm-dbg_4.9.1.3-1_amd64.deb
to main/r/rpm/librpm-dbg_4.9.1.3-1_amd64.deb
librpm-dev_4.9.1.3-1_amd64.deb
to main/r/rpm/librpm-dev_4.9.1.3-1_amd64.deb
librpm2_4.9.1.3-1_amd64.deb
to main/r/rpm/librpm2_4.9.1.3-1_amd64.deb
librpmbuild2_4.9.1.3-1_amd64.deb
to main/r/rpm/librpmbuild2_4.9.1.3-1_amd64.deb
librpmio2_4.9.1.3-1_amd64.deb
to main/r/rpm/librpmio2_4.9.1.3-1_amd64.deb
librpmsign0_4.9.1.3-1_amd64.deb
to main/r/rpm/librpmsign0_4.9.1.3-1_amd64.deb
python-rpm_4.9.1.3-1_amd64.deb
to main/r/rpm/python-rpm_4.9.1.3-1_amd64.deb
rpm-common_4.9.1.3-1_amd64.deb
to main/r/rpm/rpm-common_4.9.1.3-1_amd64.deb
rpm-i18n_4.9.1.3-1_all.deb
to main/r/rpm/rpm-i18n_4.9.1.3-1_all.deb
rpm2cpio_4.9.1.3-1_amd64.deb
to main/r/rpm/rpm2cpio_4.9.1.3-1_amd64.deb
rpm_4.9.1.3-1.debian.tar.gz
to main/r/rpm/rpm_4.9.1.3-1.debian.tar.gz
rpm_4.9.1.3-1.dsc
to main/r/rpm/rpm_4.9.1.3-1.dsc
rpm_4.9.1.3-1_amd64.deb
to main/r/rpm/rpm_4.9.1.3-1_amd64.deb
rpm_4.9.1.3.orig.tar.bz2
to main/r/rpm/rpm_4.9.1.3.orig.tar.bz2
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 667031@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michal ÄihaÅ <nijel@debian.org> (supplier of updated rpm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 05 Apr 2012 09:34:05 +0200
Source: rpm
Binary: rpm rpm2cpio rpm-common rpm-i18n librpm-dbg librpm2 librpmio2 librpmbuild2 librpmsign0 librpm-dev python-rpm
Architecture: source all amd64
Version: 4.9.1.3-1
Distribution: unstable
Urgency: high
Maintainer: Michal ÄihaÅ <nijel@debian.org>
Changed-By: Michal ÄihaÅ <nijel@debian.org>
Description:
librpm-dbg - debugging symbols for RPM
librpm-dev - RPM shared library, development kit
librpm2 - RPM shared library
librpmbuild2 - RPM build shared library
librpmio2 - RPM IO shared library
librpmsign0 - RPM signing shared library
python-rpm - Python bindings for RPM
rpm - package manager for RPM
rpm-common - common files for RPM
rpm-i18n - localization and localized man pages for rpm
rpm2cpio - tool to convert RPM package to CPIO archive
Closes: 667031
Changes:
rpm (4.9.1.3-1) unstable; urgency=high
.
* New upstream release.
- Fixes CVE-2012-0815, CVE-2012-0060, CVE-2012-0061 (Closes: #667031).
* Update debian/copyright to match current format.
* Bump standards to 3.9.3.
Checksums-Sha1:
37789907280526afdf7811813982ff629d31cb5d 2674 rpm_4.9.1.3-1.dsc
d1157a05a2368de07e06638daee01d3749107c8b 3485850 rpm_4.9.1.3.orig.tar.bz2
6a6cfeda94ca212a2b5fd1e8c1ae2f7900ea3e30 34730 rpm_4.9.1.3-1.debian.tar.gz
3bae9865cb1fce86519bdf7dc7e568362d967420 1289260 rpm-i18n_4.9.1.3-1_all.deb
37c255802ffd834f9fbc3a5149cdb103be3210fd 993244 rpm_4.9.1.3-1_amd64.deb
24ce6a4961382d73c0b7f58c6452186c76c9736a 840614 rpm2cpio_4.9.1.3-1_amd64.deb
d5e6b27836089f3793c1ebdd6b4c441e0627f959 853718 rpm-common_4.9.1.3-1_amd64.deb
bf512a8b0be7eb984d5e131f3b0868a228356cfc 1891262 librpm-dbg_4.9.1.3-1_amd64.deb
e4d72cff821b3aedd058d198d9afaa4d888f6abc 1022822 librpm2_4.9.1.3-1_amd64.deb
7248fe829c05b9cd4054eb1d03832eb841ecee27 916892 librpmio2_4.9.1.3-1_amd64.deb
2c2840d6a913245b85d161396ff3b16ab9fe47b1 905954 librpmbuild2_4.9.1.3-1_amd64.deb
a2fd2ad1af43e0b0b3c95cd299a03e3815244772 844536 librpmsign0_4.9.1.3-1_amd64.deb
68c3efb478f1361975c76270a678cad6df7dcf51 896814 librpm-dev_4.9.1.3-1_amd64.deb
ddfc583ec519852e8bdfcbc6560cce8b8f5f478f 916208 python-rpm_4.9.1.3-1_amd64.deb
Checksums-Sha256:
26764c528b109c17fd1d3af2f385425f41922828d2e52e0166d612c28e6838de 2674 rpm_4.9.1.3-1.dsc
531894301e1a9891baf356fb32f732b10d1b313f5c5875a47fdcbdc0c3f67883 3485850 rpm_4.9.1.3.orig.tar.bz2
c050075f1adca1e5d65b6a680b5b55c983c0cebb364693f6d6cfa87ae9ffb93e 34730 rpm_4.9.1.3-1.debian.tar.gz
45edccd863555aba34dfb8acaecb6014a8ddcb76f00c32e7c1450d61f93f06d1 1289260 rpm-i18n_4.9.1.3-1_all.deb
e7b24a90d46baa6cddbfefd6099ad13b6087df2507447b89d831c5148287f874 993244 rpm_4.9.1.3-1_amd64.deb
464882494fff9fb8b6a96f401eb9fbd1f9545f48ff3bc1372285f8303b5189f7 840614 rpm2cpio_4.9.1.3-1_amd64.deb
82020706a3745d0d983dffcab0e1504a81ecca6f18328e2b4699d183f50fbe1a 853718 rpm-common_4.9.1.3-1_amd64.deb
fe2e886bced8a37200e2d51cfcac80eabc8f06e3571842fff8763b862d0dfb72 1891262 librpm-dbg_4.9.1.3-1_amd64.deb
4daeb508b2abcfb4d34707a0f48ee6996440e684270bf46d92f1cc52acb154ed 1022822 librpm2_4.9.1.3-1_amd64.deb
133893c5c563b3cead97f973cad9384af08673f3e215076503b802d1ea741e29 916892 librpmio2_4.9.1.3-1_amd64.deb
02df2dc5770f4fb0a8a7b0b0fa1c1cbb721789d26d80f9d1d5e61ecae7a45986 905954 librpmbuild2_4.9.1.3-1_amd64.deb
4baeddf15c34ff8888e79e4cf5632a069ec5a83decb698e48a98e4ebdb8ade4d 844536 librpmsign0_4.9.1.3-1_amd64.deb
0fc1f31943234494d145e9b3a59486c2d83cb5a5e15311faf737c65d3e206a8d 896814 librpm-dev_4.9.1.3-1_amd64.deb
c4c597d5929e937e17c49d7e7fdc3745e7a823b158b908185822a7bed13ac76f 916208 python-rpm_4.9.1.3-1_amd64.deb
Files:
4fc2c97fa99866c2d2498e9af4efcb5d 2674 admin optional rpm_4.9.1.3-1.dsc
e266b959de9865cce2816451e8a62e12 3485850 admin optional rpm_4.9.1.3.orig.tar.bz2
b12852758c31516d0f8a14c91e6bc87b 34730 admin optional rpm_4.9.1.3-1.debian.tar.gz
a5dfdd7ea88e88a1f19e7007a07a76bb 1289260 localization optional rpm-i18n_4.9.1.3-1_all.deb
8248df158f4ec65210155b35f8ad7cc2 993244 admin optional rpm_4.9.1.3-1_amd64.deb
63f35fe423bbf45b957a0000e8cacd2d 840614 admin optional rpm2cpio_4.9.1.3-1_amd64.deb
ece8aa1360f9c983266f60e886d1cc1a 853718 admin optional rpm-common_4.9.1.3-1_amd64.deb
758738cd69b06b635a99cf08c59693ac 1891262 debug extra librpm-dbg_4.9.1.3-1_amd64.deb
5e5ec5e63a0a7b4e3a85230c8460a3ec 1022822 libs optional librpm2_4.9.1.3-1_amd64.deb
dac6f2b183c1f3e442de3db73f3c6c79 916892 libs optional librpmio2_4.9.1.3-1_amd64.deb
ed5f380215db9778c4cb0264d9ad0a08 905954 libs optional librpmbuild2_4.9.1.3-1_amd64.deb
5519dd5e4d14830636740fc8140e48e5 844536 libs optional librpmsign0_4.9.1.3-1_amd64.deb
7752beac8d23e2418210a9303c002290 896814 libdevel extra librpm-dev_4.9.1.3-1_amd64.deb
ada15c8ca8703881eca310876f73449d 916208 python extra python-rpm_4.9.1.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPfU0GAAoJEGo39bHX+xdNeqYQANRW5j9DjjhNURdt7twwd52R
pX8BkkeSCz7pNuza5WtlmIQJahycxCXxipdnXna5kRdGYiXfsWyaynQ9GHFqRPfp
LsKaYsergTTCvj16x72HZW01cVXsplFZbfewKiwg79XuRAMfPonSdQ5ElZzwmQtJ
gXjh4YZwlBlEae/8wpN9A5DaP/eWZOJgVW80loJWJgFTUH0kCXVIxcUA53akU3Ax
Am6hQCtXD9uEG418QOkG6ULU9IDHsWDG5EoSHQj+cFOUJiuP5rJCuCYqP79WPhwN
egAUiRcQKVc+sFKXHUTLiXriAaLR8umJK/sNC6YeyNqDdFtrXfmmraVEUUFjISEz
PoVyjyvOkNDMJ9n72i32bIua35Mi1mw0mY+FOeECjQxp5JXsj5dRzU4QfzK2TOwk
D6E5mBAgfy7amLtaFPX+u6ICx6/+RQSsIHvkEUz/qR9HDw7YWgA9HKTIeLd2fp01
zBTNP7W4G3xaU4PSOMcjL8j1rBpGcxPULWyd4eIiWcAPhTucljXwCwXaJTPFQ6vN
eaHI4MobZwDWh4lsU1tciPk+Ddm62CM+xAOFZNtzrRSOBQ0QFqXXR6154g+gOPWD
uxcawBJrOL0oqJAtJwYqLfULEKAH9BAawk7tRg25Ldi5G6ZL7rjCHJgKucnzzXm1
g0YSyYkrjcDe/u+JKcoR
=I568
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 06 May 2012 07:36:57 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:10:59 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon