Debian Bug report logs -
#714340
suds: CVE-2013-2217: Insecure temporary directory use when initializing file-based URL cache
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 28 Jun 2013 05:27:01 UTC
Severity: important
Tags: security, upstream
Fixed in version suds/0.4.1-8
Done: Mathias Behrle <mathiasb@m9s.biz>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Tryton Maintainers <maintainers@debian.tryton.org>:
Bug#714340; Package suds.
(Fri, 28 Jun 2013 05:27:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Tryton Maintainers <maintainers@debian.tryton.org>.
(Fri, 28 Jun 2013 05:27:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: suds
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for suds.
CVE-2013-2217[0]:
Insecure temporary directory use when initializing file-based URL cache
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2217
http://security-tracker.debian.org/tracker/CVE-2013-2217
[1] http://www.openwall.com/lists/oss-security/2013/06/27/5
[2] https://bugzilla.redhat.com/show_bug.cgi?id=978696#c4
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Mathias Behrle <mathiasb@m9s.biz>:
You have taken responsibility.
(Sat, 29 Jun 2013 16:36:09 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 29 Jun 2013 16:36:09 GMT) (full text, mbox, link).
Message #10 received at 714340-close@bugs.debian.org (full text, mbox, reply):
Source: suds
Source-Version: 0.4.1-8
We believe that the bug you reported is fixed in the latest version of
suds, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 714340@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathias Behrle <mathiasb@m9s.biz> (supplier of updated suds package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 29 Jun 2013 17:42:55 +0200
Source: suds
Binary: python-suds
Architecture: source all
Version: 0.4.1-8
Distribution: unstable
Urgency: high
Maintainer: Debian Tryton Maintainers <maintainers@debian.tryton.org>
Changed-By: Mathias Behrle <mathiasb@m9s.biz>
Description:
python-suds - Lightweight SOAP client for Python
Closes: 714340
Changes:
suds (0.4.1-8) unstable; urgency=high
.
* Removing needless empty line in rules.
* Adding 02-fix-unsecure-cache-path.patch for CVE-2013-2217 (Closes: #714340).
Checksums-Sha1:
faf13ed5516d7db1da9dab97b69f3f97f0ba98db 1907 suds_0.4.1-8.dsc
4b0ef7e265639cfadb9747090b5ce6524871c603 3672 suds_0.4.1-8.debian.tar.xz
7789f82a8b8f150339843243d3b832967f91ab4b 91812 python-suds_0.4.1-8_all.deb
Checksums-Sha256:
530e6e57183410a0020df9ec423d0bf82fd11db4c58fcb6315460bacc65b7fa9 1907 suds_0.4.1-8.dsc
7e817db28fe0835625601dfb7e74140269fce2a778b6024bbf9f6e8f8bd019a5 3672 suds_0.4.1-8.debian.tar.xz
542c4ba4f3a4f98836c6b614fc514d31ee2b01260295dfe99c1f0dff4edf17c3 91812 python-suds_0.4.1-8_all.deb
Files:
e3bacbe48a172eff7158462eeb64c4b1 1907 python optional suds_0.4.1-8.dsc
08a18e657e670cc91080a95d744a8161 3672 python optional suds_0.4.1-8.debian.tar.xz
ec2b2d5b7a9b47bb16b56973bf091410 91812 python optional python-suds_0.4.1-8_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRzwj1AAoJENbQm+SEBbv2VF8P/0RTIgI9lf62jg/h4jqxnYwx
VFN4I/gXpSyGJv9gaML0dbmRLjovLw2zojZZuhCPAVbknt5u1QpBrk8XqgoN8esy
dp1U6bFwclNaTOUQFtdXcu9LZJPSFY9uOlUkqSPn1/YAZ+mR0Ssdfpil/wR8vXJt
ks8PIWUK0cyKCBN0kv0HAWoKCTjHOGF2+hbNZubqaba/yXnmd+mi3CZNigTeSoLl
L3WPIQ6ltyDH69y29rB8SWV/x+lxNvK1E5ei/k1+Bup9wzhkLeHu1uwJPZZO1Hnz
etiM++m8DKRSswGli5GaOijSlDOGsSUTVxJTGcQW6UNAY1BbgAaidVns/VP5SGmR
9Hm88ekYVkF2JnLXkHNSLAZ1EMHT/Gua2Tn2aAMXL9It+9kxMs/cftPvQBI1T68u
I6+qaGJnI5AdV39dShH0VmvtRiptzCaXL38E9xsIflS8rX5zDs43jgRzvgPHJMUC
MDp7tAaD4aHTrM77tryQyFqAf7IgP7z2EOtc17bfmIgYf3QpzJPebCv/2cIGEmfW
8HSGDScFbs9JW6MQ486Ktbw88rtzxJPKaKRfyVTEgiISTRYIDC7LefOtA0hvqqps
Kw3R///Bj7tErauP30b2K0YtU0hg3WTobEE7jozYwq9+bsRkdlkUGGAWlOyjPpTA
+bwep5aMWFM0xPMW07XH
=S1XU
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 10 Aug 2013 07:29:34 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:27:48 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon