Your message dated Thu, 20 May 2010 06:47:22 +0000
with message-id <[email protected]>
and subject line Bug#559824: fixed in parser-mysql 10.3-2
has caused the Debian Bug report #559824,
regarding CVE-2009-3736 local privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
559824: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559824
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: parser-mysql
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for libtool. I have determined that this package embeds a
vulnerable copy of the libtool source code. However, since this is a
mass bug filing (due to so many packages embedding libtool), I have not
had time to determine whether the vulnerable code is actually present
in any of the binary packages. Please determine whether this is the
case. If the binary packages are not affected, please feel free to close
the bug with a message containing the details of what you did to check.
CVE-2009-3736[0]:
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
| attempts to open a .la file in the current working directory, which
| allows local users to gain privileges via a Trojan horse file.
Note that this problem also affects etch and lenny, so if your package
is affected, please coordinate with the security team to release the
DSA for the affected packages.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
http://security-tracker.debian.org/tracker/CVE-2009-3736
--- End Message ---
--- Begin Message ---
Source: parser-mysql
Source-Version: 10.3-2
We believe that the bug you reported is fixed in the latest version of
parser-mysql, which is due to be installed in the Debian FTP archive:
parser-mysql_10.3-2.debian.tar.gz
to main/p/parser-mysql/parser-mysql_10.3-2.debian.tar.gz
parser-mysql_10.3-2.dsc
to main/p/parser-mysql/parser-mysql_10.3-2.dsc
parser3-mysql_10.3-2_amd64.deb
to main/p/parser-mysql/parser3-mysql_10.3-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergey B Kirpichev <[email protected]> (supplier of updated parser-mysql
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Wed, 19 May 2010 20:57:06 +0400
Source: parser-mysql
Binary: parser3-mysql
Architecture: source amd64
Version: 10.3-2
Distribution: unstable
Urgency: low
Maintainer: Sergey B Kirpichev <[email protected]>
Changed-By: Sergey B Kirpichev <[email protected]>
Description:
parser3-mysql - MySQL driver for Parser 3
Closes: 559824
Changes:
parser-mysql (10.3-2) unstable; urgency=low
.
* Use "3.0 (quilt)" package format.
* Update format of debian/copyright and copyright years.
* Bump standards-version to 3.8.4.
* Patch embedded copy ltdl.c from upstream branch-1-5 (CVE-2009-3736).
Closes: #559824.
Checksums-Sha1:
0565cb2b2676cae1cb2f9583b377f4fa1d5f0a59 1293 parser-mysql_10.3-2.dsc
c2b89d5f6e5f6d19a26fb14cdb6178c5d72bfe73 21737
parser-mysql_10.3-2.debian.tar.gz
3d79d3977afa382aca5195c69bec15f8053e46fc 23576 parser3-mysql_10.3-2_amd64.deb
Checksums-Sha256:
0ac40782f464622e6dd8de92c38c23d6b4ce240ae12ad7ba9057949456485542 1293
parser-mysql_10.3-2.dsc
4c011537d33a1c17c2d811dcde5fea70a46846a7c56f357f52ec4ed6fd1131bb 21737
parser-mysql_10.3-2.debian.tar.gz
c6ca1e0405a0aac5c191674f6115c44daf7cd9f97032e53cc4a4582ae3fc4126 23576
parser3-mysql_10.3-2_amd64.deb
Files:
2837715d77bdcc6193bb83c3dbca1e56 1293 web optional parser-mysql_10.3-2.dsc
0e5ce18b15b503a8acc5e20ba8c6c0d0 21737 web optional
parser-mysql_10.3-2.debian.tar.gz
0586a815ebf9b8bfe87b9e63e8d9e263 23576 web optional
parser3-mysql_10.3-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAkv02LcACgkQq4wAz/jiZTdyIgCgqOEvESsB3BftUSUQ4LWtrmbE
9F8AoLmAlWbz5uYMIgRxQy37J4We95w6
=bGqi
-----END PGP SIGNATURE-----
--- End Message ---
