Your message dated Tue, 19 May 2015 13:34:21 +0000 with message-id <e1yuhf3-0003a1...@franck.debian.org> and subject line Bug#781179: fixed in realmd 0.16.0-1 has caused the Debian Bug report #781179, regarding realmd: code execution/auth bypass to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781179: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781179 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: realmd Severity: grave Tags: security upstream Hi The following two bugs were pointed out on oss-security list mentioning a code execution and auth bypass issue in realmd: http://www.openwall.com/lists/oss-security/2015/03/25/4 https://bugs.freedesktop.org/show_bug.cgi?id=89205 https://bugs.freedesktop.org/show_bug.cgi?id=89207 Could you please evaluate this? Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: realmd Source-Version: 0.16.0-1 We believe that the bug you reported is fixed in the latest version of realmd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 781...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <bi...@debian.org> (supplier of updated realmd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 19 May 2015 15:17:53 +0200 Source: realmd Binary: realmd Architecture: source amd64 Version: 0.16.0-1 Distribution: unstable Urgency: medium Maintainer: Utopia Maintenance Team <pkg-utopia-maintain...@lists.alioth.debian.org> Changed-By: Michael Biebl <bi...@debian.org> Description: realmd - DBus service for configuring kerberos and other online identities Closes: 779774 781179 Changes: realmd (0.16.0-1) unstable; urgency=medium . * Team upload. * New uptream release. - Strictly validate info destined for config files and don't try to do AD joins without authentication unless explicitly requested. (Closes: #781179) * Drop Build-Depends on libpackagekit-glib2-dev since PackageKit is used directly via its D-Bus interface now. * Build against libsystemd. (Closes: #779774) * Use dh-autoreconf to update the build system. * Bump Standards-Version to 3.9.6. * Fix license names in debian/copyright to comply with the machine-readable copyright spec 1.0. Checksums-Sha1: 41c01d8753c82a78daba55426bd4fa4a451332b2 2098 realmd_0.16.0-1.dsc 38195fbdbf6ef85a6b3ebb6ae128a13ba7fcc70c 459909 realmd_0.16.0.orig.tar.gz 9c13306f68ef8f90ef2059dc5ace2250e322a9fd 3548 realmd_0.16.0-1.debian.tar.xz a546428a72106bee3aa2b6f26acdff9ef645d6f1 177736 realmd_0.16.0-1_amd64.deb Checksums-Sha256: 8332f5ed1e56e74084144175e65eac9ba01bc5b7c006f839b01d032b46552a4b 2098 realmd_0.16.0-1.dsc 93c30df28c4c49ef86bc4bcf448999d6f7b8a2c32955020aa6776b5ebcb7a1b8 459909 realmd_0.16.0.orig.tar.gz 7a45bff7dbfd2698a91802a773dd15cd4abe69bc60390fe8c9c07abe437671a2 3548 realmd_0.16.0-1.debian.tar.xz 832da7427f23bc0f49857c2e6da8f9cdcb1c74ade32697d8330853e22839ebeb 177736 realmd_0.16.0-1_amd64.deb Files: 363bc0ae48a5a210b626a222c4d25abd 2098 admin optional realmd_0.16.0-1.dsc 0978c8021c865a6e6c7e7e71eb426484 459909 admin optional realmd_0.16.0.orig.tar.gz 06eccbcc905f7d13005361c5a8c65a04 3548 admin optional realmd_0.16.0-1.debian.tar.xz ee0020d1c8534bb92726849867eb29eb 177736 admin optional realmd_0.16.0-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVWziNAAoJEGrh3w1gjyLcNxYP+QGeMUbEke+/xpQdYX9Vol7L MrxUJA6n0GD/UqJ7JquqZnL+CCBNs8GJGUPCocBgDSX1F/pdZlH0VYWJfrwdAZu6 N/ZVca15ssAANhwe74SObOR6n2L0NCbE3eDAgZfiswD7g9C/3FNtgMBYa2NrFqyX Dq5sZev5+QTJDsDd9NAGQ7Xh67ol1l+pYbxccVjJfflpayuBKOwokHDLzetkgORw JgMO7gMyMFb6puNUJsdrA3QELkNEkuRc4+0SYYYMdLAfxSp6Cz1uGcFUY6W+ZrdV E7gD59IOhQTt1TvE9MIvCihat7Bt2rH19hPmT0GJeez0JqbXZB5+PPDBCIEw1PSV Pd8eEO8VTCUx1yCkyCUYOujzjhQwRXkyDpAbsyEPzYwjkrt12IlY74Sbb7ORBPwS Zm5AsMUWVEJV6aAaITS60sQUKbGBkYDQGXyq4r3sfeAaaA9a/Ubj+R+vXUbgulkV p5k0dC7Svvuf9pU/IwnIv/VcC2AXA80JQClpCLSOpjifcuYKRxYGDJtQoEK/4E6w MJqKbyR7Z9Dvu5yM+XF1ade/kTl9SVKdVgKYF1QEq3QAqTcQn0X7nrQfYD0jaNaM AtTRQgZ9eceGNIjjvysuuAEap2eW2DE2ML+vJNzT7egf7yTy6PvzXfKO0ohcJagp vjp5UVldWZf75FuH7oVm =ZnTV -----END PGP SIGNATURE-----
--- End Message ---
