Your message dated Fri, 30 Mar 2007 09:17:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#415530: fixed in squashfs 1:3.1r2-6.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: squashfs
Version: 3.1r2-6
Severity: important
Tags: security
References:
http://projects.info-pull.com/mokb/MOKB-02-11-2006.html
http://sourceforge.net/mailarchive/forum.php?thread_id=31007759&forum_id=39601
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211237
I reproduced this on a system running the latest 2.6.18/squashfs. I
applied the patch in Red Hat's bugzilla, which fixed the problem
(mount failed cleanly).
Of course, this is only exploitable if local users have the ability to
mount, so the security implications are small (thus the non-RC severity).
--- End Message ---
--- Begin Message ---
Source: squashfs
Source-Version: 1:3.1r2-6.1
We believe that the bug you reported is fixed in the latest version of
squashfs, which is due to be installed in the Debian FTP archive:
squashfs-source_3.1r2-6.1_all.deb
to pool/main/s/squashfs/squashfs-source_3.1r2-6.1_all.deb
squashfs-tools_3.1r2-6.1_i386.deb
to pool/main/s/squashfs/squashfs-tools_3.1r2-6.1_i386.deb
squashfs_3.1r2-6.1.diff.gz
to pool/main/s/squashfs/squashfs_3.1r2-6.1.diff.gz
squashfs_3.1r2-6.1.dsc
to pool/main/s/squashfs/squashfs_3.1r2-6.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Baumann <[EMAIL PROTECTED]> (supplier of updated squashfs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 30 Mar 2007 08:52:00 +0200
Source: squashfs
Binary: squashfs-tools squashfs-source
Architecture: source i386 all
Version: 1:3.1r2-6.1
Distribution: unstable
Urgency: high
Maintainer: Arnaud Fontaine <[EMAIL PROTECTED]>
Changed-By: Daniel Baumann <[EMAIL PROTECTED]>
Description:
squashfs-source - Source for the squash filesystem
squashfs-tools - Tool to create and append to squashfs filesystems
Closes: 415530
Changes:
squashfs (1:3.1r2-6.1) unstable; urgency=high
.
* Non-maintainer upload.
* Added patch from upstream to linux-2.6.18/squashfs3.1-patch to fix kernel
crash on special crafted squashfs file systems CVE-2006-5701
(Closes: #415530).
Files:
67debe3da65c02dff27b84bb6049476c 789 admin optional squashfs_3.1r2-6.1.dsc
6f260e24a7c9942b56e512477f87c483 28828 admin optional
squashfs_3.1r2-6.1.diff.gz
daf31789b681e22ede59f9011857ce82 32354 admin optional
squashfs-source_3.1r2-6.1_all.deb
6cb39da09d3c2802b2d40511a33f78d6 95274 admin optional
squashfs-tools_3.1r2-6.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGDNSz+C5cwEsrK54RAnFfAKDTMqchUPYn09GbuDxsxcP6uSjOsACgx6It
Y2PzH2xlPAU35rXtKjHYLyU=
=iN7F
-----END PGP SIGNATURE-----
--- End Message ---
