Your message dated Sat, 27 Jun 2009 16:04:52 +0000
with message-id <e1mkaoa-00018i...@ries.debian.org>
and subject line Bug#527952: fixed in system-tools-backends 2.6.0-2lenny3
has caused the Debian Bug report #527952,
regarding system-tools-backends: CVE-2008-6792 limiting effective password
length to 8 characters
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
527952: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: system-tools-backends
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for system-tools-backends.
CVE-2008-6792[0]:
| system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used
| by "Users and Groups" in GNOME System Tools, hashes account passwords
| with 3DES and consequently limits effective password lengths to eight
| characters, which makes it easier for context-dependent attackers to
| successfully conduct brute-force password attacks.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Patch:
http://launchpadlibrarian.net/19037678/system-tools-backends_2.6.0-1ubuntu1.1.diff
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6792
http://security-tracker.debian.net/tracker/CVE-2008-6792
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpfTW1QvuxUs.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: system-tools-backends
Source-Version: 2.6.0-2lenny3
We believe that the bug you reported is fixed in the latest version of
system-tools-backends, which is due to be installed in the Debian FTP archive:
system-tools-backends-dev_2.6.0-2lenny3_all.deb
to
pool/main/s/system-tools-backends/system-tools-backends-dev_2.6.0-2lenny3_all.deb
system-tools-backends_2.6.0-2lenny3.diff.gz
to
pool/main/s/system-tools-backends/system-tools-backends_2.6.0-2lenny3.diff.gz
system-tools-backends_2.6.0-2lenny3.dsc
to pool/main/s/system-tools-backends/system-tools-backends_2.6.0-2lenny3.dsc
system-tools-backends_2.6.0-2lenny3_i386.deb
to
pool/main/s/system-tools-backends/system-tools-backends_2.6.0-2lenny3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 527...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jan Christoph Nordholz <he...@pool.math.tu-berlin.de> (supplier of updated
system-tools-backends package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 18 May 2009 21:29:21 +0200
Source: system-tools-backends
Binary: system-tools-backends system-tools-backends-dev
Architecture: source all i386
Version: 2.6.0-2lenny3
Distribution: stable
Urgency: high
Maintainer: Jose Carlos Garcia Sogo <js...@debian.org>
Changed-By: Jan Christoph Nordholz <he...@pool.math.tu-berlin.de>
Description:
system-tools-backends - System Tools to manage computer configuration --
scripts
system-tools-backends-dev - System Tools to manage computer configuration --
development file
Closes: 527952
Changes:
system-tools-backends (2.6.0-2lenny3) stable; urgency=high
.
* NMU.
* Fix CVE-2008-6792 "limiting effective password length to 8 characters"
and another related bug in do_get_use_md5(). Closes: #527952.
Checksums-Sha1:
4513a65c132a7ad299d23ccd261b90d313bb5377 1452
system-tools-backends_2.6.0-2lenny3.dsc
22bcdd28f1115b979e91ce853777c1ce406525a4 11344
system-tools-backends_2.6.0-2lenny3.diff.gz
f0a1412e1f4656a6b3c309890aaeae404822a830 77466
system-tools-backends-dev_2.6.0-2lenny3_all.deb
a17466f7eb852888afda9804241995b67c84c4f2 174382
system-tools-backends_2.6.0-2lenny3_i386.deb
Checksums-Sha256:
3b2e94be5bfb008e0dff7634b842a503e4b909dd10c23e1cda07889918c8e53c 1452
system-tools-backends_2.6.0-2lenny3.dsc
03dd57fd9f135b8b14aa612d3c89343f5c98db645d6f1c709555fea615ee2300 11344
system-tools-backends_2.6.0-2lenny3.diff.gz
12dc12442b1a08ab8f41af2cfdb25e64520206492b41d48fdc894ef31417f813 77466
system-tools-backends-dev_2.6.0-2lenny3_all.deb
8aec0d951fb383e4e6fc89c089f41b6feeaf660c9f981a1eab28d850005a893b 174382
system-tools-backends_2.6.0-2lenny3_i386.deb
Files:
c8088c6d2fa6e7e22d074002115711d2 1452 admin optional
system-tools-backends_2.6.0-2lenny3.dsc
d2c8fe0545eba944c4be1661f959b4bc 11344 admin optional
system-tools-backends_2.6.0-2lenny3.diff.gz
db49df2a3d6388c4e2c336f8321e0b8b 77466 devel optional
system-tools-backends-dev_2.6.0-2lenny3_all.deb
19cd725d4bcd2ee1008c7ed3ed712afe 174382 admin optional
system-tools-backends_2.6.0-2lenny3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoRwEgACgkQHYflSXNkfP+aYgCgmzzexmoj9QJnpXexD+6CBCLK
kvQAn0b3L5YJembCkVEhsiyVTrSqC0dp
=1TNl
-----END PGP SIGNATURE-----
--- End Message ---
