Bug#697936: condor: CVE-2012-5390: possible privilege escalation
Package: condor Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, the following vulnerability was published for condor. CVE-2012-5390[0]: Possible privilege escalation This is mentioned on the stable release series notes[1] as well as the development release series[2]. Should be fixed in 7.8.6 and 7.9.1, so wheezy and unstable might be affected. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2012-5390 [1] http://research.cs.wisc.edu/htcondor/manual/v7.8/9_3Stable_Release.html [2] http://research.cs.wisc.edu/htcondor/manual/v7.9/9_3Development_Release.html [3] https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3268 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ8CLbAAoJEHidbwV/2GP+rMMP/2LDnVx6ZrxE7Tqf6rEVs/GD uz0e6LarP8uJRhEqBoyBjiMtVukyLdRtVY3yCvY/CnpA6rl4eyGAjb69nJHesXiA Tbj0j4txv61lak4VlDEqeP+ZtGo+bl+VSM1RKIpYcMNMS5niHDMUiaPGY6r+d3xP f9whMv6lHk+S9n24crohL7jH3S8S6Sir+/fQutPXfBeHPw48r2zSAL8M1mTYLD1L cJLw88lomP8WdJm/i8Ox/d8jkb9rynpFtWVa116XI/2KWyIIHLlvdCxXVKcrHCGm dL3Wid1Cn5xeGpj9q5QbRqCPbWgJKcO5paxqH3e8uKR79gtWYXrPCMWRzKIe0O4k BYP2b6REGBu3ZYoroqtZZcRe4qCbWzVDnjWM1uxEcxDNfnQhxSrq0MjU5ks/Jpdk /eIAZU0PBcLdck2tHNkhwsgXts6j0XH6ggOUDUvXU1BC4bfPI8+4qphiPpcJySbl a6A07LvMwKakq96xAgaA6LN0gFuvzqhb+ZpTNV0k/qJxX1YelN6aEpBMHnpb+WfI eO65hpEKtvr3tEA7SKVwn+Ci4jTbXebWTVMMGr5OqIddpDYEW161CD0/6ojnxZH6 zoqZ3E2Z/7y44JFv2+bhCqbUf1MjS1E2npa/OdajQb0mf+WcBw3EIHyAnqyuNOiy 9o9zaQ6vrdGInUONlw1C =jnzW -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697936: condor: CVE-2012-5390: possible privilege escalation
Hi I have submitted this as grave severity, but could you double check if this is actually a problem for condor in Debian? [1]: http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697936: [htcondor-debian] Bug#697936: condor: CVE-2012-5390: possible privilege escalation
On Jan 11, 2013, at 8:45 AM, Salvatore Bonaccorso car...@debian.org wrote: Hi I have submitted this as grave severity, but could you double check if this is actually a problem for condor in Debian? [1]: http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html Regards, Salvatore This security vulnerability only affects Condor's standard universe, which is disabled in the Debian package. Thus, the Debian package of Condor is unaffected. Thanks and regards, Jaime Frey UW-Madison HTCondor Project -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org