Your message dated Mon, 08 Jun 2009 22:19:17 +0000 with message-id <e1mdnbv-0005t4...@ries.debian.org> and subject line Bug#527952: fixed in system-tools-backends 2.6.0-2lenny3 has caused the Debian Bug report #527952, regarding system-tools-backends: CVE-2008-6792 limiting effective password length to 8 characters to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 527952: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527952 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: system-tools-backends Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for system-tools-backends. CVE-2008-6792[0]: | system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used | by "Users and Groups" in GNOME System Tools, hashes account passwords | with 3DES and consequently limits effective password lengths to eight | characters, which makes it easier for context-dependent attackers to | successfully conduct brute-force password attacks. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Patch: http://launchpadlibrarian.net/19037678/system-tools-backends_2.6.0-1ubuntu1.1.diff For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6792 http://security-tracker.debian.net/tracker/CVE-2008-6792 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgpzCqLQTdvV6.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: system-tools-backends Source-Version: 2.6.0-2lenny3 We believe that the bug you reported is fixed in the latest version of system-tools-backends, which is due to be installed in the Debian FTP archive: system-tools-backends-dev_2.6.0-2lenny3_all.deb to pool/main/s/system-tools-backends/system-tools-backends-dev_2.6.0-2lenny3_all.deb system-tools-backends_2.6.0-2lenny3.diff.gz to pool/main/s/system-tools-backends/system-tools-backends_2.6.0-2lenny3.diff.gz system-tools-backends_2.6.0-2lenny3.dsc to pool/main/s/system-tools-backends/system-tools-backends_2.6.0-2lenny3.dsc system-tools-backends_2.6.0-2lenny3_i386.deb to pool/main/s/system-tools-backends/system-tools-backends_2.6.0-2lenny3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 527...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jan Christoph Nordholz <he...@pool.math.tu-berlin.de> (supplier of updated system-tools-backends package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 18 May 2009 21:29:21 +0200 Source: system-tools-backends Binary: system-tools-backends system-tools-backends-dev Architecture: source all i386 Version: 2.6.0-2lenny3 Distribution: stable Urgency: high Maintainer: Jose Carlos Garcia Sogo <js...@debian.org> Changed-By: Jan Christoph Nordholz <he...@pool.math.tu-berlin.de> Description: system-tools-backends - System Tools to manage computer configuration -- scripts system-tools-backends-dev - System Tools to manage computer configuration -- development file Closes: 527952 Changes: system-tools-backends (2.6.0-2lenny3) stable; urgency=high . * NMU. * Fix CVE-2008-6792 "limiting effective password length to 8 characters" and another related bug in do_get_use_md5(). Closes: #527952. Checksums-Sha1: 4513a65c132a7ad299d23ccd261b90d313bb5377 1452 system-tools-backends_2.6.0-2lenny3.dsc 22bcdd28f1115b979e91ce853777c1ce406525a4 11344 system-tools-backends_2.6.0-2lenny3.diff.gz f0a1412e1f4656a6b3c309890aaeae404822a830 77466 system-tools-backends-dev_2.6.0-2lenny3_all.deb a17466f7eb852888afda9804241995b67c84c4f2 174382 system-tools-backends_2.6.0-2lenny3_i386.deb Checksums-Sha256: 3b2e94be5bfb008e0dff7634b842a503e4b909dd10c23e1cda07889918c8e53c 1452 system-tools-backends_2.6.0-2lenny3.dsc 03dd57fd9f135b8b14aa612d3c89343f5c98db645d6f1c709555fea615ee2300 11344 system-tools-backends_2.6.0-2lenny3.diff.gz 12dc12442b1a08ab8f41af2cfdb25e64520206492b41d48fdc894ef31417f813 77466 system-tools-backends-dev_2.6.0-2lenny3_all.deb 8aec0d951fb383e4e6fc89c089f41b6feeaf660c9f981a1eab28d850005a893b 174382 system-tools-backends_2.6.0-2lenny3_i386.deb Files: c8088c6d2fa6e7e22d074002115711d2 1452 admin optional system-tools-backends_2.6.0-2lenny3.dsc d2c8fe0545eba944c4be1661f959b4bc 11344 admin optional system-tools-backends_2.6.0-2lenny3.diff.gz db49df2a3d6388c4e2c336f8321e0b8b 77466 devel optional system-tools-backends-dev_2.6.0-2lenny3_all.deb 19cd725d4bcd2ee1008c7ed3ed712afe 174382 admin optional system-tools-backends_2.6.0-2lenny3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoRwEgACgkQHYflSXNkfP+aYgCgmzzexmoj9QJnpXexD+6CBCLK kvQAn0b3L5YJembCkVEhsiyVTrSqC0dp =1TNl -----END PGP SIGNATURE-----
--- End Message ---