Your message dated Sun, 25 Dec 2022 23:49:36 +0000 with message-id <e1p9akk-002tqf...@fasolo.debian.org> and subject line Bug#1022742: fixed in multipath-tools 0.9.4-1 has caused the Debian Bug report #1022742, regarding multipath-tools: CVE-2022-41973 CVE-2022-41974 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1022742: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022742 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: multipath-tools Version: 0.9.0-4 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.7.9-3 Hi, The following vulnerabilities were published for multipath-tools. CVE-2022-41973[0]: | Symlink attack CVE-2022-41974[1]: | Authorization bypass If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-41973 https://www.cve.org/CVERecord?id=CVE-2022-41973 [1] https://security-tracker.debian.org/tracker/CVE-2022-41974 https://www.cve.org/CVERecord?id=CVE-2022-41974 [2] https://www.openwall.com/lists/oss-security/2022/10/24/2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: multipath-tools Source-Version: 0.9.4-1 Done: Chris Hofstaedtler <z...@debian.org> We believe that the bug you reported is fixed in the latest version of multipath-tools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1022...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Hofstaedtler <z...@debian.org> (supplier of updated multipath-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 25 Dec 2022 23:19:21 +0000 Source: multipath-tools Architecture: source Version: 0.9.4-1 Distribution: unstable Urgency: medium Maintainer: Debian DM Multipath Team <team+linux-blo...@tracker.debian.org> Changed-By: Chris Hofstaedtler <z...@debian.org> Closes: 1022742 Changes: multipath-tools (0.9.4-1) unstable; urgency=medium . * [369b812] New upstream version 0.9.4 (Closes: #1022742) * [ee2206e] Refresh patches * [bcb0b07] Rework build steps to follow upstream changes. And install libmpathutil.so. * [f8ef90a] Use upstream-supported way of disabling systemd (for udeb) * [8785eef] Update lintian-overrides Checksums-Sha1: 710ea95f53bc8496ca19c227c23148338bb93973 2572 multipath-tools_0.9.4-1.dsc 1819f3b176c4d224b1820c973bc98a4bdd008164 554381 multipath-tools_0.9.4.orig.tar.gz e3182ffd58ccc6f2a204dfcd700ef07d56feea32 28968 multipath-tools_0.9.4-1.debian.tar.xz 7a9d72482a658abdaa5c7cbafb56a01dce9a1f14 7008 multipath-tools_0.9.4-1_source.buildinfo Checksums-Sha256: 7b6faffb54cc834fb1059c132c20b05ade8f6a399e3e52d250c817d79ea51e74 2572 multipath-tools_0.9.4-1.dsc 6ed3cf6e786da20a451d9747cbd4c5817815388b8fc8022d1074b3018479031d 554381 multipath-tools_0.9.4.orig.tar.gz 9d105621faa16849c9a84b7d3e30635b53ae085c18fc595a5772dbcca2d5834f 28968 multipath-tools_0.9.4-1.debian.tar.xz 02303e514a39846e43ebafe9b71b91ad459b63c3bc9a4217778b1f814c41ab47 7008 multipath-tools_0.9.4-1_source.buildinfo Files: bdc855a8771cb091fb50f45ce2edfc41 2572 admin optional multipath-tools_0.9.4-1.dsc db72eeaabb3859b68c2fdacb38502a52 554381 admin optional multipath-tools_0.9.4.orig.tar.gz 1c7b402fc9959bf52261a7e23a846c59 28968 admin optional multipath-tools_0.9.4-1.debian.tar.xz d419d363beb9f72b90a9ca73a69c7780 7008 admin optional multipath-tools_0.9.4-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmOo29gACgkQXBPW25MF LgPIOQ/+MY0ni2/LOwdCFepUHgueSLs+xgPjhmqn+ey0UaZEOz4nIiCV6/cUg0qS ohJkiHgKcQDYBKlQvlMWubQckVYzc8jMYVFtxpNoB/gkv0NSOSWAebKhaPUF97LP GKO0ZY9/z05ehOJyufwyw9AZIXcVy8VjTf/Za4xey1wH65KYZzTj4pMJ7hx0k9X8 AN5as5Nt8E+6bV631YdY2+CAnFhfn+mIQN76oF7X5o39hw/fyXTG7RG4SvOOmN6p D2Ymc+i+lWoO3V9e5zV/exg39RFuX8Qrcv5no089w5rflHQgkBKTkg2TTJA5/HBY B0RecSJP2GN2sBDgP/mCgzB94t5A3uRTYY/quFujFnTYzYpOQlyQnCYyEVJTrR7e xxNyPU2yiVZmCKqZeiy0DgeOMadkI1uaIEz0HUs8C9OrIJweb2Fd/cpvOtyY8TLz jm+4JzeaeCDrNbfwqTozQU+Rhfc2NMYcipilmJEDpEG8XneReCfMPyyu9DTBcBP0 0uuK+XlJK3/tbuRjQgxdGl3DDJrfQG1NRZ8kyo/kB1xRDDjog1hhIQuAIqZu8aMg EMisxxPjb5fHmSTAOInrGLqbdL//NfoxaGayBmMRLkiqP6nFQaiAqHIOFIvsx8iU hA0sFOhS8Fa5K1lpGU1+EKXNLFh6MgCMH3cQYtX05DbjdR3jr/s= =qjCp -----END PGP SIGNATURE-----
--- End Message ---
