Your message dated Thu, 28 Nov 2013 22:17:25 +0000
with message-id <e1vm9tl-0001dr...@franck.debian.org>
and subject line Bug#722306: fixed in torque 2.4.16+dfsg-1+deb7u1
has caused the Debian Bug report #722306,
regarding torque: CVE-2013-4319: privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
722306: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722306
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: torque
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for torque.
CVE-2013-4319[0]:
Torque privilege escalation
Upstream announce[1] contains also a patch.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[1] http://security-tracker.debian.org/tracker/CVE-2013-4319
[1] http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: torque
Source-Version: 2.4.16+dfsg-1+deb7u1
We believe that the bug you reported is fixed in the latest version of
torque, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 722...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated torque package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 08 Oct 2013 20:23:30 +0200
Source: torque
Binary: torque-common torque-server torque-pam torque-scheduler torque-client
torque-mom torque-client-x11 libtorque2 libtorque2-dev
Architecture: source amd64
Version: 2.4.16+dfsg-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Morten Kjeldgaard <m...@bioxray.au.dk>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description:
libtorque2 - shared library for Torque client and server
libtorque2-dev - header files for libtorque2
torque-client - command line interface to Torque server
torque-client-x11 - GUI for torque clients
torque-common - Torque Queueing System shared files
torque-mom - job execution engine for Torque batch system
torque-pam - PAM module for PBS MOM nodes
torque-scheduler - scheduler part of Torque
torque-server - PBS-derived batch processing server
Closes: 722306
Changes:
torque (2.4.16+dfsg-1+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add CVE-2013-4319.patch.
CVE-2013-4319: remote arbitrary command execution as root on cluster
by a non-priviledged user who is able to run jobs or login to a node
which runs pbs_server or pbs_mon. (Closes: #722306)
Checksums-Sha1:
68777005c2d508e6a98b1ced5d6f260553f1f823 2629 torque_2.4.16+dfsg-1+deb7u1.dsc
794273109ce7af072761b85e21a6f8925319ab5a 3296401 torque_2.4.16+dfsg.orig.tar.gz
468b8c3f8d35c31ab788717d1c646701e4267d04 17948
torque_2.4.16+dfsg-1+deb7u1.debian.tar.gz
0c66ae4fdf4611d20d69c067974d330df39e211a 41678
torque-common_2.4.16+dfsg-1+deb7u1_amd64.deb
c5102b374fca7b505a222349fcfc01f68bb481a1 195720
torque-server_2.4.16+dfsg-1+deb7u1_amd64.deb
159a050766a18a65234a5a542595ec6d12ad7694 38178
torque-pam_2.4.16+dfsg-1+deb7u1_amd64.deb
692da472ffd391e965af32b098ddb93802c20600 96712
torque-scheduler_2.4.16+dfsg-1+deb7u1_amd64.deb
b5fe43c09637f88d71f934d6ee85be06dbcc6396 398522
torque-client_2.4.16+dfsg-1+deb7u1_amd64.deb
db3ff35428d37c8d20d361528cb025d9dcc4fb35 200370
torque-mom_2.4.16+dfsg-1+deb7u1_amd64.deb
5225aa59444177ab0f6ff970bbde53e3c516af70 647864
torque-client-x11_2.4.16+dfsg-1+deb7u1_amd64.deb
6fc188e488ae196d75f143869020a3be5f2dc239 120310
libtorque2_2.4.16+dfsg-1+deb7u1_amd64.deb
e1f4e7b7009f3049a838f387e2631b6f571d1f55 49582
libtorque2-dev_2.4.16+dfsg-1+deb7u1_amd64.deb
Checksums-Sha256:
fa5f5e5b4cd0986c29b58551c943dada78ef075a7f21a997379b3614d8b9c0ac 2629
torque_2.4.16+dfsg-1+deb7u1.dsc
c3607ab17018180d0570c62c596c56449dc907875c84cd58ef5b46623d80add3 3296401
torque_2.4.16+dfsg.orig.tar.gz
249179648e71d5385ff7065ee6f406af0834a5054bd5e56455279bdc598fb64e 17948
torque_2.4.16+dfsg-1+deb7u1.debian.tar.gz
7a8e86444b9d42fb8e7faf0e995619131eae143c61ac9f229807eea1ca7019f5 41678
torque-common_2.4.16+dfsg-1+deb7u1_amd64.deb
0336811f3d4f835601dd1c91f6778f5de6d505721655d45ebcd1078b2dc38e37 195720
torque-server_2.4.16+dfsg-1+deb7u1_amd64.deb
06fcd0c83862f8080c2e7775793e5b9cc2332f259058d1ab12bca15970058027 38178
torque-pam_2.4.16+dfsg-1+deb7u1_amd64.deb
dc5662a2e4b4cae17441c717eaf7f689729d32f467752e80a78907e56b65858d 96712
torque-scheduler_2.4.16+dfsg-1+deb7u1_amd64.deb
b6939f5aed84af19801d70f3e75888d688d5c8238d6038e8c9bf03749228b0a1 398522
torque-client_2.4.16+dfsg-1+deb7u1_amd64.deb
e48436c0db2ba7ac74fb844953452cc9bcb2ab971d3e368c62efad2a8a495cc8 200370
torque-mom_2.4.16+dfsg-1+deb7u1_amd64.deb
e7fe97e1a407c084eaf898c892f2dae20b0b0aae6a32cffce3c0d9b12aeb0ae8 647864
torque-client-x11_2.4.16+dfsg-1+deb7u1_amd64.deb
b7639ec3d9f093e0967c78a37f7a2a6c835b8c714c722ef07a2a7f6399e4b37a 120310
libtorque2_2.4.16+dfsg-1+deb7u1_amd64.deb
34a454e4f9d160b72f61cac2b1dd5db35da0562334df73469f8f01061e913031 49582
libtorque2-dev_2.4.16+dfsg-1+deb7u1_amd64.deb
Files:
0670bdfd941852431c806b3de12ced52 2629 net optional
torque_2.4.16+dfsg-1+deb7u1.dsc
b9432930c92d36872330336665ce9b66 3296401 net optional
torque_2.4.16+dfsg.orig.tar.gz
0db1a98733eeeaa667b21add4edccb50 17948 net optional
torque_2.4.16+dfsg-1+deb7u1.debian.tar.gz
19e42977dcdaa89369aff41cb51697d1 41678 utils optional
torque-common_2.4.16+dfsg-1+deb7u1_amd64.deb
19f8459a9d9af72511015331b44faca0 195720 utils optional
torque-server_2.4.16+dfsg-1+deb7u1_amd64.deb
236731a26b463ba68d852479f4170792 38178 utils optional
torque-pam_2.4.16+dfsg-1+deb7u1_amd64.deb
8a32c8115b7c01da57975539b90579cf 96712 net optional
torque-scheduler_2.4.16+dfsg-1+deb7u1_amd64.deb
345383cf801c8d3315b0300ef37dc757 398522 utils optional
torque-client_2.4.16+dfsg-1+deb7u1_amd64.deb
a3399987caf78ebd4f8b67d4e712fc13 200370 utils optional
torque-mom_2.4.16+dfsg-1+deb7u1_amd64.deb
49d6440d7c8750f11890d8a315d918d8 647864 x11 optional
torque-client-x11_2.4.16+dfsg-1+deb7u1_amd64.deb
7a94bbd6d026e2a08a92135ebc09f113 120310 libs optional
libtorque2_2.4.16+dfsg-1+deb7u1_amd64.deb
c72d4cb55ac5b102aa200cf5dfb84b5f 49582 libdevel optional
libtorque2-dev_2.4.16+dfsg-1+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBCgAGBQJSVE9uAAoJEAVMuPMTQ89EKgcP/3onTflro2qI8CAgd+Doi61Y
J2W6NIJl8F4caaNo6ByOym0owDPfEfLy8Ze43U0iqwjXxzEgigYbKnTG9P3L2R6x
sQyEAls3HGtqjHG/pGLfF6omMDXP09wTlzOpPQ0KDfJEoyD41Pot2fsqTULTKovT
4dobkCP8iizwb9gu/CqL7gj1ye3rDqzHHC3OVcvZW6eX8njF1UK5HkADCB2EngrL
rtKEA7bZRWhEvDsDqr/nNj2KglqXMZHc6vQSgt6YjE6L60fQbFLYEyg1W5z5/ukO
wzpdRyfOJtDS7kDjl/A5lYLn1RZYIce1KNJrDrVHKXLtyvRmE3FovrqWG0FFavpT
oiflfMcP4n8pYZccTzMavCpn51TrCfcS0hCL3RFl+NyD+pcnGu3/5Jn1HpQkW25g
GBn26u4rTArtZ3Evo5Q7nJNVYz4GOhKNtZ1yWcOdj/Y4f5I7e4kv7bk5hJX2fCGx
9kE+ee+UoGGmAJdmSDAxqBF/Hh6k/EbZneHrasihJaDUwXdHrhM0s3ld5pln97e6
xU60EB/Y8H2ClJ4oFzPmKExgNySGT2/WAxcv8ZXoTtr8DRFey0rML+Wt6lw8Rb8+
rD4NZiqxoulL2gLdeNBOLNT692oMOywgAby+OGi6GHCmtEbLfrbBiu/OsDvlLMRf
WwQ3Kl4Ms8Z0pwb3W6p/
=fEh+
-----END PGP SIGNATURE-----
--- End Message ---