Bug#840357: marked as done (CVE-2015-1336)

Sun, 11 Dec 2016 09:06:42 -0800 

Your message dated Sun, 11 Dec 2016 17:03:51 +0000
with message-id <[email protected]>
and subject line Bug#840357: fixed in man-db 2.7.6-1
has caused the Debian Bug report #840357,
regarding CVE-2015-1336
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
840357: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: man-db
Version: 2.7.5-1
Severity: important
Tags: security

Please see
http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: man-db
Source-Version: 2.7.6-1

We believe that the bug you reported is fixed in the latest version of
man-db, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated man-db package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 11 Dec 2016 16:27:19 +0000
Source: man-db
Binary: man-db
Architecture: source
Version: 2.7.6-1
Distribution: unstable
Urgency: medium
Maintainer: Colin Watson <[email protected]>
Changed-By: Colin Watson <[email protected]>
Description:
 man-db     - on-line manual pager
Closes: 813665 840357
Changes:
 man-db (2.7.6-1) unstable; urgency=medium
 .
   * New upstream release:
     - Note that "man -K" searches page source (closes: #813665).
     - SECURITY: Eliminate dangerous setgid-root directories.
     - man now understands the <page>.<section> form on its command line, so
       for example 'man chmod.2' is now the same as 'man 2 chmod'.
   * Adjust various bits of packaging to account for changed ownership and
     permissions of /usr/bin/man, /usr/bin/mandb, and /var/cache/man.
   * SECURITY: Remove recursive chown of /var/cache/man from cron.daily job,
     which introduced a vulnerability and is no longer needed now that man-db
     is more careful about ensuring appropriate ownership of its cache files
     (closes: #840357, LP: #1482786).
Checksums-Sha1:
 9506519ae5b29f353f1b230c249146b93018e984 2012 man-db_2.7.6-1.dsc
 35a10f80d5cf6411d5c73376fcddcec1539e788a 1541288 man-db_2.7.6.orig.tar.xz
 6e7f67a37e208da9e63d319a289f0ff56eace11d 257884 man-db_2.7.6-1.debian.tar.xz
Checksums-Sha256:
 0ed464a4bbcab998150dea9ae2cc08740787059088af850f15d2b4446b732251 2012 
man-db_2.7.6-1.dsc
 c68cffa6b93f6362beb1d1259f9ad5b65af2aee9a7d9910086082ea4b75f5da2 1541288 
man-db_2.7.6.orig.tar.xz
 142f09add127f9b6ff1373c18c2ed7c5ab085734a7b02a950d0237aa387932bd 257884 
man-db_2.7.6-1.debian.tar.xz
Files:
 2240affefb0adec02af793c6bc7d60f7 2012 doc important man-db_2.7.6-1.dsc
 e0aa460ab00b047f3784d70ae8ccfcab 1541288 doc important man-db_2.7.6.orig.tar.xz
 1e506856b4d35ca013e5e70051442d7d 257884 doc important 
man-db_2.7.6-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Comment: Colin Watson <[email protected]> -- Debian developer

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlhNgSAACgkQOTWH2X2G
UAt4ow//avGdgedG/34/fxBaEQrxFPXlvv2sq03Tq1qQCm3Z19DY3sDlp6/LMl06
4XXDrM7B/sxk/tDUy3djidyrEXNDNC+d2YYOWlF4CN/+7zPt6Gg5FzJg4lBFawOy
l7WL8QUB7qRtXao7Vdsub1hVZVj/l7jge6vYbkJ+4+NfZ2XXs1s5ITtbKJrq7jI+
UCpgNDJIs+B1AlAB3CYyAuJZl+dJudi2S4OCcSsE8eLxRQsDi2tsjCyXS0qGiPPf
ClWMXELByhXzetQraRt3vjsWmQY3KfXo5GScZ9ZdOmI2eSt42L4yVcCto43hAgL3
XmsGfJPtgHxkuKJq5935uOuF01zooK3ETuDWvZRYMkJdOP8gtBK6yc+olahJq7Ky
cQyOUdK767Ofal7IP4xLVnpTyJ/X7EJmvJyHUGuXNU4DmuauwRFvmpfChTKz2HMW
yGcbmdXpnCnsUVe2D9U0jsI3cFpriPJM0nDABiwCkZTlM0e+X/yrnzJWZk1ywoiK
ouvknT31hV9c+wpz1lGg56tcFskgszTWZq5XoEJrZfqwY6/3e2FzD71yp5NePbYJ
iTn3FW1JiuT4WslDYA9GTMYWVRqIFxLEUAVgM0+OgoYpy2nFXuGRUTLKpXk6wnN8
jw9X7pM7S1BSOw63FrcD6K/FHhyoLzG8PE51j3C67N+6k8vCQAI=
=xHt8
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to