Your message dated Mon, 26 Apr 2010 19:52:49 +0000
with message-id <e1o6uml-0006yv...@ries.debian.org>
and subject line Bug#574935: fixed in iscsitarget 0.4.16+svn162-3+lenny1
has caused the Debian Bug report #574935,
regarding iscsitarget: Format string vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
574935: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: iscsitarget
Version: 0.4.16+svn162-3
Severity: critical
Tags: security
Justification: root security hole
There is at least two remotely exploitable format string vulnerabilities in the
debian stable package... which have been fixed upstream.
isns.c:302
isns.c:690
The default init script encourage users to run ietd as root (see the following
bugs)
#545536 iscsitarget: allow running as non-root
#566509 New upstream version
Please fix it.
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages iscsitarget depends on:
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libssl0.9.8 0.9.8g-15+lenny6 SSL shared libraries
Versions of packages iscsitarget recommends:
pn iscsitarget-module <none> (no description available)
Versions of packages iscsitarget suggests:
pn iscsitarget-source <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: iscsitarget
Source-Version: 0.4.16+svn162-3+lenny1
We believe that the bug you reported is fixed in the latest version of
iscsitarget, which is due to be installed in the Debian FTP archive:
iscsitarget-source_0.4.16+svn162-3+lenny1_all.deb
to main/i/iscsitarget/iscsitarget-source_0.4.16+svn162-3+lenny1_all.deb
iscsitarget_0.4.16+svn162-3+lenny1.diff.gz
to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3+lenny1.diff.gz
iscsitarget_0.4.16+svn162-3+lenny1.dsc
to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3+lenny1.dsc
iscsitarget_0.4.16+svn162-3+lenny1_amd64.deb
to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3+lenny1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 574...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ritesh Raj Sarraf <r...@researchut.com> (supplier of updated iscsitarget
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 26 Apr 2010 18:33:53 +0530
Source: iscsitarget
Binary: iscsitarget iscsitarget-source
Architecture: source amd64 all
Version: 0.4.16+svn162-3+lenny1
Distribution: stable
Urgency: low
Maintainer: Philipp Hug <deb...@hug.cx>
Changed-By: Ritesh Raj Sarraf <r...@researchut.com>
Description:
iscsitarget - iSCSI Enterprise Target userland tools
iscsitarget-source - iSCSI Enterprise Target kernel module source
Closes: 574935
Changes:
iscsitarget (0.4.16+svn162-3+lenny1) stable; urgency=low
.
* Fix CVE-2010-0743 (Closes: #574935)
Checksums-Sha1:
75162dd32a547571ec5b6b077c816ede250cb64f 1826
iscsitarget_0.4.16+svn162-3+lenny1.dsc
8d620242f1e33447ed16d38ca3052678b2cfdfb4 6663
iscsitarget_0.4.16+svn162-3+lenny1.diff.gz
1ba4e05c2786dd5aba9fb6f7945d74affb2de746 61018
iscsitarget_0.4.16+svn162-3+lenny1_amd64.deb
1ac6622fbff142e197272c65c476a81173274d5b 42844
iscsitarget-source_0.4.16+svn162-3+lenny1_all.deb
Checksums-Sha256:
96f006a7c9046006d527e197f9f0fe6448faf3f5f68c1c03e04df53af292d00a 1826
iscsitarget_0.4.16+svn162-3+lenny1.dsc
c5e3a2e7c1e3d729b1ed2a70df73f3cd27094955a5598ce22fdf7b52ef3edb77 6663
iscsitarget_0.4.16+svn162-3+lenny1.diff.gz
32c618806c910718a32371fcba8f095274eb63201493da836c858123efe40f84 61018
iscsitarget_0.4.16+svn162-3+lenny1_amd64.deb
ae019812d3faa23ab5f2d5ad69917055b0f70c24d117484a99abc889ffc58cfd 42844
iscsitarget-source_0.4.16+svn162-3+lenny1_all.deb
Files:
c810486168f23a509b9bef03b4f0a9e1 1826 net optional
iscsitarget_0.4.16+svn162-3+lenny1.dsc
1392eeb5371655f9b6e8e7ba94ae4bcb 6663 net optional
iscsitarget_0.4.16+svn162-3+lenny1.diff.gz
a5947f4a7ff798186a54ec4f7bc4f7b7 61018 net optional
iscsitarget_0.4.16+svn162-3+lenny1_amd64.deb
961b38b1de54426559f63781067b75af 42844 net optional
iscsitarget-source_0.4.16+svn162-3+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCgAGBQJL1ZAjAAoJEKY6WKPy4XVpEAEQAINGlZ1aevrkhdhcuRODqfvW
OWziGHAeHR9XFNoJNR776+8ISymA1yk1Qo8yRsfQG9IXle7H8zq6IbxaDnS8Tk+Y
tAF2/dWCgV29e7HcnN0usWcLoERgIDvIb8IsXhh54LQMSohDg8r1l4q3Jxn3EtdV
yRe977+D6g2cfgpka5B2fGLqFXcHntOWv2IBGQpVw/TKBuiw0HCG0QLzvDS/5b4F
d58tbgzX4LK5EyWxwtdEgbQk6Fhr8piyYkf0ZWWXjyxIcL+4wOfBJMRlH3CxhTWp
i7W+0dzpkwKw+c09UYO3pGvZRkl0tJP+FHI1Tr6KjlQE011Tnq8WDfihePG8tUKL
Y2efkmCU3BsrUiJy3Yj7T2WZweL3QMy8jQJGkq7jB8wI4nCYzBKIX5jKab5Z63ze
w2xJnlDIiieqBMgI3EJX0rSo6TvZrscbba5imuqWv9S/un2HWiOHHZXP2QXeiIYi
ygfpwGwnOW6vQ5l+TMS/Y6fT3ZHJuqSlCVrDsEkq0BdkQucUfgY+4xGs42CgJ4nE
C/PAz+gy+6LaxpajVOnDfUi7u2h3yquLQ60IIR2bBowLCKijxor9sSgy5QwveV0V
SZFfsruTdoWx1i5lNcnvWTXn4gi/kNacOOilB5rTxDF0SehOK9oEnnnrr2mXNMhn
gotRFY+SdwALco8JkeJh
=liZW
-----END PGP SIGNATURE-----
--- End Message ---
