Debian Bug report logs -
#704944
glusterfs: cve-2012-5635
Reported by: Michael Gilbert <mgilbert@debian.org>
Date: Mon, 8 Apr 2013 02:06:02 UTC
Severity: important
Fixed in version glusterfs/3.5.0-1
Done: Patrick Matthäi <pmatthaei@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Patrick Matthäi <pmatthaei@debian.org>:
Bug#704944; Package src:glusterfs.
(Mon, 08 Apr 2013 02:06:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>:
New Bug report received and forwarded. Copy sent to Patrick Matthäi <pmatthaei@debian.org>.
(Mon, 08 Apr 2013 02:06:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: src:glusterfs
severity: important
tag: security
Hi,
redhat published some advisories for glusterfs. After spending a bit
of time, I wasn't track down patches, but the following link has
information:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5635
The redhat advisory indicates that the fixes are included in 3.3.0:
https://rhn.redhat.com/errata/RHSA-2013-0691.html
Best wishes,
Mike
Reply sent
to pmatthaei@debian.org:
You have taken responsibility.
(Mon, 08 Apr 2013 07:33:09 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <mgilbert@debian.org>:
Bug acknowledged by developer.
(Mon, 08 Apr 2013 07:33:09 GMT) (full text, mbox, link).
Message #10 received at 704944-done@bugs.debian.org (full text, mbox, reply):
Am 08.04.2013 04:02, schrieb Michael Gilbert:
> package: src:glusterfs
> severity: important
> tag: security
>
> Hi,
>
> redhat published some advisories for glusterfs. After spending a bit
> of time, I wasn't track down patches, but the following link has
> information:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5635
>
> The redhat advisory indicates that the fixes are included in 3.3.0:
> https://rhn.redhat.com/errata/RHSA-2013-0691.html
>
> Best wishes,
> Mike
>
See:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698502
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
GNU/Linux Debian Developer
Blog: http://www.linux-dev.org/
E-Mail: pmatthaei@debian.org
patrick@linux-dev.org
*/
Information forwarded
to debian-bugs-dist@lists.debian.org, Patrick Matthäi <pmatthaei@debian.org>:
Bug#704944; Package src:glusterfs.
(Mon, 08 Apr 2013 23:15:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Patrick Matthäi <pmatthaei@debian.org>.
(Mon, 08 Apr 2013 23:15:07 GMT) (full text, mbox, link).
Message #15 received at 704944@bugs.debian.org (full text, mbox, reply):
On Mon, Apr 8, 2013 at 3:28 AM, Patrick Matthäi wrote:
> Am 08.04.2013 04:02, schrieb Michael Gilbert:
>>
>> package: src:glusterfs
>> severity: important
>> tag: security
>>
>> Hi,
>>
>> redhat published some advisories for glusterfs. After spending a bit
>> of time, I wasn't track down patches, but the following link has
>> information:
>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5635
>>
>> The redhat advisory indicates that the fixes are included in 3.3.0:
>> https://rhn.redhat.com/errata/RHSA-2013-0691.html
>>
>> Best wishes,
>> Mike
>>
>
> See:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698502
So, because it isn't clear to me, do your patches also address the
remaining issues as reported by Kurt Seifried as stated in the redhat
bug [0], which have the different id CVE-2012-5635 or do they only
address CVE-2012-4417?
Best wishes,
Mike
[0] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5635
Information forwarded
to debian-bugs-dist@lists.debian.org, Patrick Matthäi <pmatthaei@debian.org>:
Bug#704944; Package src:glusterfs.
(Wed, 10 Apr 2013 18:24:07 GMT) (full text, mbox, link).
Acknowledgement sent
to pmatthaei@debian.org:
Extra info received and forwarded to list. Copy sent to Patrick Matthäi <pmatthaei@debian.org>.
(Wed, 10 Apr 2013 18:24:07 GMT) (full text, mbox, link).
Message #20 received at 704944@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Am 09.04.2013 01:12, schrieb Michael Gilbert:
> On Mon, Apr 8, 2013 at 3:28 AM, Patrick Matthäi wrote:
>> Am 08.04.2013 04:02, schrieb Michael Gilbert:
>>>
>>> package: src:glusterfs
>>> severity: important
>>> tag: security
>>>
>>> Hi,
>>>
>>> redhat published some advisories for glusterfs. After spending a bit
>>> of time, I wasn't track down patches, but the following link has
>>> information:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5635
>>>
>>> The redhat advisory indicates that the fixes are included in 3.3.0:
>>> https://rhn.redhat.com/errata/RHSA-2013-0691.html
>>>
>>> Best wishes,
>>> Mike
>>>
>>
>> See:
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698502
>
> So, because it isn't clear to me, do your patches also address the
> remaining issues as reported by Kurt Seifried as stated in the redhat
> bug [0], which have the different id CVE-2012-5635 or do they only
> address CVE-2012-4417?
>
> Best wishes,
> Mike
>
> [0] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5635
Good question.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5635 speaks about
the Red Hat Storage Management system, which is a product using glusterfs.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4417 is the same
vuln. but writing about glusterfs and Red Hat Storage.
So (also if CVE-2012-5635 states: different vulnerabilities than
CVE-2012-4417) it has got the same source, just used in two different
products (so on the same fix for both CVEs)?
Louis do you have got an idea?
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
GNU/Linux Debian Developer
Blog: http://www.linux-dev.org/
E-Mail: pmatthaei@debian.org
patrick@linux-dev.org
*/
[signature.asc (application/pgp-signature, attachment)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 09 May 2013 07:28:56 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 15 Nov 2018 20:03:05 GMT) (full text, mbox, link).
Marked as fixed in versions glusterfs/3.5.0-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 15 Nov 2018 20:03:05 GMT) (full text, mbox, link).
Bug archived.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 15 Nov 2018 20:03:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:38:38 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon