Your message dated Wed, 02 Oct 2024 04:26:24 +0000
with message-id <e1svqws-004aoo...@fasolo.debian.org>
and subject line Bug#1082378: fixed in logiops 0.3.5-1
has caused the Debian Bug report #1082378,
regarding logiops: CVE-2024-45752
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1082378: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082378
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: logiops
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for logiops.
CVE-2024-45752[0]:
| logiops through 0.3.4, in its default configuration, allows any
| unprivileged user to configure its logid daemon via an unrestricted
| D-Bus service, including setting malicious keyboard macros. This
| allows for privilege escalation with minimal user interaction.
https://bugzilla.suse.com/show_bug.cgi?id=1226598
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-45752
https://www.cve.org/CVERecord?id=CVE-2024-45752
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: logiops
Source-Version: 0.3.5-1
Done: Chow Loong Jin <hyper...@debian.org>
We believe that the bug you reported is fixed in the latest version of
logiops, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1082...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chow Loong Jin <hyper...@debian.org> (supplier of updated logiops package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 01 Oct 2024 12:43:13 +0800
Source: logiops
Built-For-Profiles: noudeb
Architecture: source
Version: 0.3.5-1
Distribution: unstable
Urgency: medium
Maintainer: Chow Loong Jin <hyper...@debian.org>
Changed-By: Chow Loong Jin <hyper...@debian.org>
Closes: 1082378
Changes:
logiops (0.3.5-1) unstable; urgency=medium
.
* [ce44b46] New upstream version 0.3.5
- Fix CVE-2024-45752 (Closes: #1082378)
Checksums-Sha1:
c3d22522d6111d89301751bcfd3944355c063b5e 1930 logiops_0.3.5-1.dsc
6ceec64ba799a0ffe0cfa1ff581572c40d98ca25 117562 logiops_0.3.5.orig.tar.gz
57f5353cc9ce749acdab27c4c702c55017b375d4 4716 logiops_0.3.5-1.debian.tar.xz
dfa91b21fec3a622e79639a5ab28bcca3b283196 10241 logiops_0.3.5-1_source.buildinfo
Checksums-Sha256:
a5ce850ddac0a2dfbb3941316025795f642f28e17768252d330cce3b5b7ef8e7 1930
logiops_0.3.5-1.dsc
559ab01b9d6ba0c5e5eae50f94e764c3c7c26e33024815ac8afd2b89083ae998 117562
logiops_0.3.5.orig.tar.gz
cbdf8136673dbd1a968ace37d4c2690ddfbe7147c990bb553a172b0c4bba49fc 4716
logiops_0.3.5-1.debian.tar.xz
84ae57cd621d3fc57adcf32934b760bf1c92f3f2f4494fb376cd9edd6bb1be0f 10241
logiops_0.3.5-1_source.buildinfo
Files:
f1b3cc3cb6a29ac95c1b09b57dd5b95f 1930 misc optional logiops_0.3.5-1.dsc
5a0586a373680cf3f6dc68caa300f3be 117562 misc optional logiops_0.3.5.orig.tar.gz
72d550351de7929e486128ed74616a9e 4716 misc optional
logiops_0.3.5-1.debian.tar.xz
da096b360ed54d39fe3e8fe8cbc45b0e 10241 misc optional
logiops_0.3.5-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEEuDQnfs/9/dZ027Q+9UiW1iHUqEFAmb8upkACgkQ+9UiW1iH
UqHr6A//UqfPv6Gbbjv/01cysSTE7HzcItvY/uJUXtdgdyWOAZ/HM9SJ8zbEvAou
snZ2escxtKAgjZOR/AFHu10uNuVaGOMQECI/G053vzQ0kMH/mHYe2mMEZi6tX/6x
06xXTUM2SHc7nQFP4yPwcrzVFJWVIz8w3xXQQ6jYLoCZAraApeeQrmCzX88klJg+
pqBSTd7/9wpp9ke5BSQRk4Y1BDT/1me6gOrKccN2ObRIfRprICclUtjz6o1Ld1Cl
rAt1nGKf/i8Mp3XoXLL6Zv+OXLg2SFScmYw2ATUq0zu2d4mP66/L21T6JJXZJ4JO
RGfLVxZdT2loIQnSVApwpWCo4tjJznz6stUROQ/+wxLAQTqRhhdr84hkseMDxsyK
chcDZj2W0mupdROlIfSkN8C5PvtCr9mUyULSGcpVZ8dnPLLiW6B44xgTtkpaBbyi
TcKHF3ecu4hIInWr9yN+wlnTb7tsOzXcKKGHaYcZ4yGitCztBxWaZ/i5tIBea9nU
oy76yHQ1AzUshwm+3eam/XnM4DL2n/uK0rH6SP6U3Z7bE5rTN1e/JJEacWzwlDoe
Bia30K17pUgILbi86R/hWXFZbPbVIoSHJYdCbrYXdjMw2HDgD6/HryR/sE0/RpsP
K6gkABneQa+5hmJ8iNxG7gWVbiLlSjoPpbhXmLRxRx9OZCcxjVI=
=BReL
-----END PGP SIGNATURE-----
pgpURYC0Yukfu.pgp
Description: PGP signature
--- End Message ---
