Debian Bug report logs -
#859815
CVE-2017-7572
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 7 Apr 2017 16:21:01 UTC
Severity: important
Tags: fixed-upstream, security
Found in version backintime/1.1.12-1
Fixed in version backintime/1.1.12-2
Done: Jonathan Wiltshire <jmw@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Jonathan Wiltshire <jmw@debian.org>:
Bug#859815; Package src:backintime.
(Fri, 07 Apr 2017 16:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Jonathan Wiltshire <jmw@debian.org>.
(Fri, 07 Apr 2017 16:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: backintime
Severity: important
Tags: security
Hi,
please see http://www.openwall.com/lists/oss-security/2017/04/07/2
Cheers,
Moritz
Marked as found in versions backintime/1.1.12-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 07 Apr 2017 18:15:03 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 07 Apr 2017 18:15:04 GMT) (full text, mbox, link).
Removed tag(s) upstream.
Request was from Germar Reitze <germar.reitze@gmail.com>
to control@bugs.debian.org.
(Sun, 09 Apr 2017 19:36:02 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from Germar Reitze <germar.reitze@gmail.com>
to control@bugs.debian.org.
(Sun, 09 Apr 2017 19:36:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Jonathan Wiltshire <jmw@debian.org>:
Bug#859815; Package src:backintime.
(Wed, 12 Apr 2017 07:45:02 GMT) (full text, mbox, link).
Acknowledgement sent
to c.buhtz@posteo.jp:
Extra info received and forwarded to list. Copy sent to Jonathan Wiltshire <jmw@debian.org>.
(Wed, 12 Apr 2017 07:45:03 GMT) (full text, mbox, link).
Message #18 received at 859815@bugs.debian.org (full text, mbox, reply):
The bug is fixed in the lates release 1.1.20
https://github.com/bit-team/backintime/releases/tag/v1.1.20
Reply sent
to Jonathan Wiltshire <jmw@debian.org>:
You have taken responsibility.
(Sat, 22 Apr 2017 18:51:09 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sat, 22 Apr 2017 18:51:10 GMT) (full text, mbox, link).
Message #23 received at 859815-close@bugs.debian.org (full text, mbox, reply):
Source: backintime
Source-Version: 1.1.12-2
We believe that the bug you reported is fixed in the latest version of
backintime, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 859815@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <jmw@debian.org> (supplier of updated backintime package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 22 Apr 2017 17:21:03 +0100
Source: backintime
Binary: backintime-common backintime-qt4 backintime-gnome backintime-kde
Architecture: source all
Version: 1.1.12-2
Distribution: unstable
Urgency: high
Maintainer: Jonathan Wiltshire <jmw@debian.org>
Changed-By: Jonathan Wiltshire <jmw@debian.org>
Description:
backintime-common - simple backup/snapshot system (common files)
backintime-gnome - GNOME front-end for backintime (transitional package)
backintime-kde - KDE front-end for backintime (transitional package)
backintime-qt4 - simple backup/snapshot system (graphical interface)
Closes: 858193 859815
Changes:
backintime (1.1.12-2) unstable; urgency=high
.
* 01-858193-back-up-slash-root-perms.patch: back up permissions
of '/' as well (Closes: #858193)
* 02-polkit-vuln.patch: fix race condition in polkit privilege
authorisation (CVE-2017-7572) (Closes: #859815)
* Build-depend on dh-python
Checksums-Sha1:
09ae0264cfd87f6bf586adfad87faa29b024ef57 2078 backintime_1.1.12-2.dsc
6cfe7fcb5a356191eec4b1da764f51eccffa9706 6964 backintime_1.1.12-2.debian.tar.xz
733fd5ec9784cf5641720a2df8e710ce6acf6068 247164 backintime-common_1.1.12-2_all.deb
f71a7fac0e0fac3c224cf50234132891e0e646f6 16784 backintime-gnome_1.1.12-2_all.deb
b4380f6d281b2c86c3a3db37ba81f89e305711a7 16778 backintime-kde_1.1.12-2_all.deb
63161f89474d61af06a56181409f7bc20190f0b0 64706 backintime-qt4_1.1.12-2_all.deb
83d5bebf8d3b498f619b82285f34aa3c524b08c5 6621 backintime_1.1.12-2_amd64.buildinfo
Checksums-Sha256:
4f4712f1d09ebcecb8b4d7eb5c2e303180797b3c87fa994bdfe7b58f4efb1cbb 2078 backintime_1.1.12-2.dsc
37685b88554b4619a27fa05bcf73a5b21da9aae0f2f8bab08835a1adcd9d37b7 6964 backintime_1.1.12-2.debian.tar.xz
2e1cf23ec3742bfa7aff68581fe67e3379520166b156ed1650106d5606c36e65 247164 backintime-common_1.1.12-2_all.deb
f5c5e6dc8a2320e93394c38dea04e3380bde07a303e7e9685782f9a3eed3f50f 16784 backintime-gnome_1.1.12-2_all.deb
28f05ca96c478fe4bd92b7e5c89558d1b7467e580866933788c9925b923a2b68 16778 backintime-kde_1.1.12-2_all.deb
68fdeef2157da41e9e8eda0181ab9136325b42437d62d313c6cbfa33b102341a 64706 backintime-qt4_1.1.12-2_all.deb
5328a95cdd900bcdfeb37a1211ee77ceced7767ac4424a38f165ce9793d5ac9f 6621 backintime_1.1.12-2_amd64.buildinfo
Files:
a3447f0684c4dd24305ec9a20c22426c 2078 utils extra backintime_1.1.12-2.dsc
ff5b42fb41a969404bd220e59c7dcbd4 6964 utils extra backintime_1.1.12-2.debian.tar.xz
80d750627d1b5c7cbd9e45230f6c128a 247164 utils extra backintime-common_1.1.12-2_all.deb
69e681ce75201df4e27fca157d6c5ebf 16784 oldlibs extra backintime-gnome_1.1.12-2_all.deb
9e7df08b034ab6e44293f5113d777b5c 16778 oldlibs extra backintime-kde_1.1.12-2_all.deb
da4da6d8eff4518ce0886c40d27e0455 64706 utils extra backintime-qt4_1.1.12-2_all.deb
9f6092dd5b492a892aef92e9db9a26a7 6621 utils extra backintime_1.1.12-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEADLdyLGMneGYn8dtRNMqtfom+MkFAlj7oDcACgkQRNMqtfom
+MnIDg/+JEuFoowdtuAJxGfCPaJ+8JwHoMa3y3em9Ussqroaw3S8c6L/ntzonhja
xSS9PqMOQ8Vav18qTX8+ZIjEwnk7Ez3dAkFIVTJ+E/MFUoRpf676tayAXgT3MBqM
y2lN0yl4yxa+jETKfIUedDiZHrB+sp3eDJd05waWy+mR87NyUUnR2qA6PQYboRNw
Reljc860WLCsipO8Geeqq9YKiACJFZN4aVksJMGjp5rFo3/7BhytFSrA3ZqJQm+a
KtNowujqn1+ZXxL5cFufLS8I7vpA4dQt2zLxpKSiOf3k5yP4NUE3Aduo3uExr8Or
NLk+YH+pVt8PE59bTxMCz71t/srAOW+AZRj8aF8Khtyl6n+Gdnf1eEn5mdB6QYfA
hF23oETpoZG8SrV9GHkw+p8rjHjO86Evlri4VDfdeXXqq9ODAk1/qiIZ1CKf0e5e
E2mS81Vz/qEsYM3sRADTGuqIM2yLIAg1Jfij49XUuWlj3/MX0s4eChG3ALX2ucCP
4SflLybPTGZQRheehpjeEEueIzxAnuFN2hktVWp3uGq6SU80caC4LPIzikLh0aFa
vlz9y0qc8tkgf/+zR4tIfM8tfIXOSiE80Vh+esyh4mw7SUk+T0t/a7uBqreVgkd8
a0XKCzexUfE8LKT1+ov7YX72Jo1MdgO4KAJC3VGEXpb7LuWibG8=
=BW7L
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 26 May 2017 07:25:27 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:36:34 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon