Your message dated Sat, 27 Jun 2009 16:04:40 +0000 with message-id <e1mkaoo-000163...@ries.debian.org> and subject line Bug#522813: fixed in multipath-tools 0.4.8-14+lenny1 has caused the Debian Bug report #522813, regarding multipath-tools: CVE-2009-0115 insecure permissions of control socket to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 522813: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522813 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: multipath-tools Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for multipath-tools. CVE-2009-0115[0]: | multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux | Enterprise Server (SLES) 10 uses world-writable permissions for the | socket file (aka /var/run/multipathd.sock), which allows local users | to send arbitrary commands to the multipath daemon. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115 http://security-tracker.debian.net/tracker/CVE-2009-0115 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgpNJ5YVaVsx0.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: multipath-tools Source-Version: 0.4.8-14+lenny1 We believe that the bug you reported is fixed in the latest version of multipath-tools, which is due to be installed in the Debian FTP archive: kpartx_0.4.8-14+lenny1_powerpc.deb to pool/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_powerpc.deb multipath-tools-boot_0.4.8-14+lenny1_all.deb to pool/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb multipath-tools_0.4.8-14+lenny1.diff.gz to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz multipath-tools_0.4.8-14+lenny1.dsc to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc multipath-tools_0.4.8-14+lenny1_powerpc.deb to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_powerpc.deb multipath-udeb_0.4.8-14+lenny1_powerpc.udeb to pool/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_powerpc.udeb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 522...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guido Günther <a...@sigxcpu.org> (supplier of updated multipath-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 06 Apr 2009 20:03:48 +0200 Source: multipath-tools Binary: multipath-tools kpartx multipath-tools-boot multipath-udeb Architecture: source powerpc all Version: 0.4.8-14+lenny1 Distribution: stable-security Urgency: low Maintainer: Debian LVM Team <pkg-lvm-maintain...@lists.alioth.debian.org> Changed-By: Guido Günther <a...@sigxcpu.org> Description: kpartx - create device mappings for partitions multipath-tools - maintain multipath block device access multipath-tools-boot - Support booting from multipath devices multipath-udeb - maintain multipath block device access (udeb) Closes: 522813 Changes: multipath-tools (0.4.8-14+lenny1) stable-security; urgency=low . * [3d76714] fix umask of multipathd socket (CVE-2009-0115). Upstream commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813) Checksums-Sha1: 182770d7d7c3d81b2b469e47c4478b48e44d2e14 1375 multipath-tools_0.4.8-14+lenny1.dsc e538c62b14c993d392e3dddb823b06720378a8d0 202446 multipath-tools_0.4.8.orig.tar.gz d95402d28b8327db358e4ca0b7b2a12f3aa63b29 22746 multipath-tools_0.4.8-14+lenny1.diff.gz cfcbb73941a3814fd0600d244ffad446e4a742c8 182596 multipath-tools_0.4.8-14+lenny1_powerpc.deb 644a779e53f68dce150e64a193bdf9d90c4d384a 29824 kpartx_0.4.8-14+lenny1_powerpc.deb e077c217967baaf8161607dc57379e633b623e37 10886 multipath-tools-boot_0.4.8-14+lenny1_all.deb 9a0489582e4467682fff8ab9b320749c3c9abe25 98676 multipath-udeb_0.4.8-14+lenny1_powerpc.udeb Checksums-Sha256: 876eb1ce2f00894c982ef269879a39e54d1c2bef105c8d5b4c8be931b083e751 1375 multipath-tools_0.4.8-14+lenny1.dsc a3cb242717c907e287088df2b1f161b78bfd40193d0c3faf20c65825bb84a2a4 202446 multipath-tools_0.4.8.orig.tar.gz 7255436c00c9874eada1ec6b4b629a7558898f439578e7905cd9a94eccdaf226 22746 multipath-tools_0.4.8-14+lenny1.diff.gz 0ac4a1cc5c82439bdbad7f543afb2f38d88850c5694c17f6fa9b896f3b3d36d0 182596 multipath-tools_0.4.8-14+lenny1_powerpc.deb de9382c2e978de1c27ad08cf2fed24f8ce3baeb42fadfe5fc2857197ac6392cf 29824 kpartx_0.4.8-14+lenny1_powerpc.deb 4d1859fbab603768612f534edb881b43a05f9fbd0ee87e9b8458cc93433a8cbd 10886 multipath-tools-boot_0.4.8-14+lenny1_all.deb 3b1ee24bd857d21656609045c4fe6d10f5f544b9155b38577039791fcc122a23 98676 multipath-udeb_0.4.8-14+lenny1_powerpc.udeb Files: 04c428b50412dcfe7cefecce779bdd82 1375 admin extra multipath-tools_0.4.8-14+lenny1.dsc bf67b278e4b23da0c8ad21a278c04cb3 202446 admin extra multipath-tools_0.4.8.orig.tar.gz ec09a8b773c890812f68c431024b89b2 22746 admin extra multipath-tools_0.4.8-14+lenny1.diff.gz c06e48ff7f1667d250ba3ebf96139b17 182596 admin extra multipath-tools_0.4.8-14+lenny1_powerpc.deb 6a02f47ebab83955f5ad7e368bb05a7b 29824 admin extra kpartx_0.4.8-14+lenny1_powerpc.deb 3d518147b5389246bb18904f9f77bc83 10886 admin extra multipath-tools-boot_0.4.8-14+lenny1_all.deb cab3a7acabbf1538a4b028cf3f6b3ea4 98676 debian-installer extra multipath-udeb_0.4.8-14+lenny1_powerpc.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ3KW2n88szT8+ZCYRAidKAJ41pTFitK3v0z+IUU6MKXXsFivYmwCfXHiT qc6DyHjO09X1oKMiQj/jf1I= =vx+2 -----END PGP SIGNATURE-----
--- End Message ---