Debian Bug report logs -
#584402
CVE-2010-1457: allows local users to read arbitrary files
Reported by: Giuseppe Iuculano <iuculano@debian.org>
Date: Thu, 3 Jun 2010 10:51:01 UTC
Severity: serious
Tags: security
Fixed in version 1.19.3-2
Done: Yavor Doganov <yavor@gnu.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian GNUstep maintainers <pkg-gnustep-maintainers@lists.alioth.debian.org>
:
Bug#584402
; Package gnustep-base
.
(Thu, 03 Jun 2010 10:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian GNUstep maintainers <pkg-gnustep-maintainers@lists.alioth.debian.org>
.
(Thu, 03 Jun 2010 10:51:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: gnustep-base
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gnustep-base.
CVE-2010-1457[0]:
| Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local
| users to read arbitrary files via a (1) -c or (2) -a option, which
| prints file contents in an error message.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1457
http://security-tracker.debian.org/tracker/CVE-2010-1457
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwHiBsACgkQNxpp46476aoSYQCdFzeamccrfWPpyjNRJRo8eQ/N
uXQAnjLr/CrQtryRroeEnVZlRwrLsZq+
=fETh
-----END PGP SIGNATURE-----
Reply sent
to Yavor Doganov <yavor@gnu.org>
:
You have taken responsibility.
(Thu, 03 Jun 2010 11:51:23 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>
:
Bug acknowledged by developer.
(Thu, 03 Jun 2010 11:51:23 GMT) (full text, mbox, link).
Message #10 received at 584402-done@bugs.debian.org (full text, mbox, reply):
Version: 1.19.3-2
Both security issues are fixed in the above version. I added the CVE
IDs retroactively, which is probably why the security team still counts
them as unfixed.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Fri, 02 Jul 2010 07:31:19 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:04:04 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.