Your message dated Thu, 28 Nov 2013 22:17:25 +0000 with message-id <e1vm9tl-0001dr...@franck.debian.org> and subject line Bug#722306: fixed in torque 2.4.16+dfsg-1+deb7u1 has caused the Debian Bug report #722306, regarding torque: CVE-2013-4319: privilege escalation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 722306: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722306 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: torque Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for torque. CVE-2013-4319[0]: Torque privilege escalation Upstream announce[1] contains also a patch. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [1] http://security-tracker.debian.org/tracker/CVE-2013-4319 [1] http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: torque Source-Version: 2.4.16+dfsg-1+deb7u1 We believe that the bug you reported is fixed in the latest version of torque, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 722...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated torque package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 08 Oct 2013 20:23:30 +0200 Source: torque Binary: torque-common torque-server torque-pam torque-scheduler torque-client torque-mom torque-client-x11 libtorque2 libtorque2-dev Architecture: source amd64 Version: 2.4.16+dfsg-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Morten Kjeldgaard <m...@bioxray.au.dk> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libtorque2 - shared library for Torque client and server libtorque2-dev - header files for libtorque2 torque-client - command line interface to Torque server torque-client-x11 - GUI for torque clients torque-common - Torque Queueing System shared files torque-mom - job execution engine for Torque batch system torque-pam - PAM module for PBS MOM nodes torque-scheduler - scheduler part of Torque torque-server - PBS-derived batch processing server Closes: 722306 Changes: torque (2.4.16+dfsg-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2013-4319.patch. CVE-2013-4319: remote arbitrary command execution as root on cluster by a non-priviledged user who is able to run jobs or login to a node which runs pbs_server or pbs_mon. (Closes: #722306) Checksums-Sha1: 68777005c2d508e6a98b1ced5d6f260553f1f823 2629 torque_2.4.16+dfsg-1+deb7u1.dsc 794273109ce7af072761b85e21a6f8925319ab5a 3296401 torque_2.4.16+dfsg.orig.tar.gz 468b8c3f8d35c31ab788717d1c646701e4267d04 17948 torque_2.4.16+dfsg-1+deb7u1.debian.tar.gz 0c66ae4fdf4611d20d69c067974d330df39e211a 41678 torque-common_2.4.16+dfsg-1+deb7u1_amd64.deb c5102b374fca7b505a222349fcfc01f68bb481a1 195720 torque-server_2.4.16+dfsg-1+deb7u1_amd64.deb 159a050766a18a65234a5a542595ec6d12ad7694 38178 torque-pam_2.4.16+dfsg-1+deb7u1_amd64.deb 692da472ffd391e965af32b098ddb93802c20600 96712 torque-scheduler_2.4.16+dfsg-1+deb7u1_amd64.deb b5fe43c09637f88d71f934d6ee85be06dbcc6396 398522 torque-client_2.4.16+dfsg-1+deb7u1_amd64.deb db3ff35428d37c8d20d361528cb025d9dcc4fb35 200370 torque-mom_2.4.16+dfsg-1+deb7u1_amd64.deb 5225aa59444177ab0f6ff970bbde53e3c516af70 647864 torque-client-x11_2.4.16+dfsg-1+deb7u1_amd64.deb 6fc188e488ae196d75f143869020a3be5f2dc239 120310 libtorque2_2.4.16+dfsg-1+deb7u1_amd64.deb e1f4e7b7009f3049a838f387e2631b6f571d1f55 49582 libtorque2-dev_2.4.16+dfsg-1+deb7u1_amd64.deb Checksums-Sha256: fa5f5e5b4cd0986c29b58551c943dada78ef075a7f21a997379b3614d8b9c0ac 2629 torque_2.4.16+dfsg-1+deb7u1.dsc c3607ab17018180d0570c62c596c56449dc907875c84cd58ef5b46623d80add3 3296401 torque_2.4.16+dfsg.orig.tar.gz 249179648e71d5385ff7065ee6f406af0834a5054bd5e56455279bdc598fb64e 17948 torque_2.4.16+dfsg-1+deb7u1.debian.tar.gz 7a8e86444b9d42fb8e7faf0e995619131eae143c61ac9f229807eea1ca7019f5 41678 torque-common_2.4.16+dfsg-1+deb7u1_amd64.deb 0336811f3d4f835601dd1c91f6778f5de6d505721655d45ebcd1078b2dc38e37 195720 torque-server_2.4.16+dfsg-1+deb7u1_amd64.deb 06fcd0c83862f8080c2e7775793e5b9cc2332f259058d1ab12bca15970058027 38178 torque-pam_2.4.16+dfsg-1+deb7u1_amd64.deb dc5662a2e4b4cae17441c717eaf7f689729d32f467752e80a78907e56b65858d 96712 torque-scheduler_2.4.16+dfsg-1+deb7u1_amd64.deb b6939f5aed84af19801d70f3e75888d688d5c8238d6038e8c9bf03749228b0a1 398522 torque-client_2.4.16+dfsg-1+deb7u1_amd64.deb e48436c0db2ba7ac74fb844953452cc9bcb2ab971d3e368c62efad2a8a495cc8 200370 torque-mom_2.4.16+dfsg-1+deb7u1_amd64.deb e7fe97e1a407c084eaf898c892f2dae20b0b0aae6a32cffce3c0d9b12aeb0ae8 647864 torque-client-x11_2.4.16+dfsg-1+deb7u1_amd64.deb b7639ec3d9f093e0967c78a37f7a2a6c835b8c714c722ef07a2a7f6399e4b37a 120310 libtorque2_2.4.16+dfsg-1+deb7u1_amd64.deb 34a454e4f9d160b72f61cac2b1dd5db35da0562334df73469f8f01061e913031 49582 libtorque2-dev_2.4.16+dfsg-1+deb7u1_amd64.deb Files: 0670bdfd941852431c806b3de12ced52 2629 net optional torque_2.4.16+dfsg-1+deb7u1.dsc b9432930c92d36872330336665ce9b66 3296401 net optional torque_2.4.16+dfsg.orig.tar.gz 0db1a98733eeeaa667b21add4edccb50 17948 net optional torque_2.4.16+dfsg-1+deb7u1.debian.tar.gz 19e42977dcdaa89369aff41cb51697d1 41678 utils optional torque-common_2.4.16+dfsg-1+deb7u1_amd64.deb 19f8459a9d9af72511015331b44faca0 195720 utils optional torque-server_2.4.16+dfsg-1+deb7u1_amd64.deb 236731a26b463ba68d852479f4170792 38178 utils optional torque-pam_2.4.16+dfsg-1+deb7u1_amd64.deb 8a32c8115b7c01da57975539b90579cf 96712 net optional torque-scheduler_2.4.16+dfsg-1+deb7u1_amd64.deb 345383cf801c8d3315b0300ef37dc757 398522 utils optional torque-client_2.4.16+dfsg-1+deb7u1_amd64.deb a3399987caf78ebd4f8b67d4e712fc13 200370 utils optional torque-mom_2.4.16+dfsg-1+deb7u1_amd64.deb 49d6440d7c8750f11890d8a315d918d8 647864 x11 optional torque-client-x11_2.4.16+dfsg-1+deb7u1_amd64.deb 7a94bbd6d026e2a08a92135ebc09f113 120310 libs optional libtorque2_2.4.16+dfsg-1+deb7u1_amd64.deb c72d4cb55ac5b102aa200cf5dfb84b5f 49582 libdevel optional libtorque2-dev_2.4.16+dfsg-1+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBCgAGBQJSVE9uAAoJEAVMuPMTQ89EKgcP/3onTflro2qI8CAgd+Doi61Y J2W6NIJl8F4caaNo6ByOym0owDPfEfLy8Ze43U0iqwjXxzEgigYbKnTG9P3L2R6x sQyEAls3HGtqjHG/pGLfF6omMDXP09wTlzOpPQ0KDfJEoyD41Pot2fsqTULTKovT 4dobkCP8iizwb9gu/CqL7gj1ye3rDqzHHC3OVcvZW6eX8njF1UK5HkADCB2EngrL rtKEA7bZRWhEvDsDqr/nNj2KglqXMZHc6vQSgt6YjE6L60fQbFLYEyg1W5z5/ukO wzpdRyfOJtDS7kDjl/A5lYLn1RZYIce1KNJrDrVHKXLtyvRmE3FovrqWG0FFavpT oiflfMcP4n8pYZccTzMavCpn51TrCfcS0hCL3RFl+NyD+pcnGu3/5Jn1HpQkW25g GBn26u4rTArtZ3Evo5Q7nJNVYz4GOhKNtZ1yWcOdj/Y4f5I7e4kv7bk5hJX2fCGx 9kE+ee+UoGGmAJdmSDAxqBF/Hh6k/EbZneHrasihJaDUwXdHrhM0s3ld5pln97e6 xU60EB/Y8H2ClJ4oFzPmKExgNySGT2/WAxcv8ZXoTtr8DRFey0rML+Wt6lw8Rb8+ rD4NZiqxoulL2gLdeNBOLNT692oMOywgAby+OGi6GHCmtEbLfrbBiu/OsDvlLMRf WwQ3Kl4Ms8Z0pwb3W6p/ =fEh+ -----END PGP SIGNATURE-----
--- End Message ---
