Your message dated Sat, 10 May 2008 09:17:03 +
with message-id [EMAIL PROTECTED]
and subject line Bug#475431: fixed in suphp 0.6.2-2.1
has caused the Debian Bug report #475431,
regarding suphp: CVE-2008-1614 privilege escalation due to race condition
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
475431: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475431
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Source: suphp
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for suphp.
CVE-2008-1614[0]:
| suPHP before 0.6.3 allows local users to gain privileges via (1) a
| race condition that involves multiple symlink changes to point a file
| owned by a different user, or (2) a symlink to the directory of a
| different user, which is used to determine privileges.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1614
http://security-tracker.debian.net/tracker/CVE-2008-1614
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp9rrDLj0qOp.pgp
Description: PGP signature
---End Message---
---BeginMessage---
Source: suphp
Source-Version: 0.6.2-2.1
We believe that the bug you reported is fixed in the latest version of
suphp, which is due to be installed in the Debian FTP archive:
libapache2-mod-suphp_0.6.2-2.1_i386.deb
to pool/main/s/suphp/libapache2-mod-suphp_0.6.2-2.1_i386.deb
suphp-common_0.6.2-2.1_i386.deb
to pool/main/s/suphp/suphp-common_0.6.2-2.1_i386.deb
suphp_0.6.2-2.1.diff.gz
to pool/main/s/suphp/suphp_0.6.2-2.1.diff.gz
suphp_0.6.2-2.1.dsc
to pool/main/s/suphp/suphp_0.6.2-2.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris [EMAIL PROTECTED] (supplier of updated suphp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Sat, 10 May 2008 08:48:45 +
Source: suphp
Binary: suphp-common libapache2-mod-suphp
Architecture: source i386
Version: 0.6.2-2.1
Distribution: unstable
Urgency: high
Maintainer: Emmanuel Lacour [EMAIL PROTECTED]
Changed-By: Steffen Joeris [EMAIL PROTECTED]
Description:
libapache2-mod-suphp - Apache2 module to run php scripts with the owner
permissions
suphp-common - Common files for mod suphp
Closes: 475431
Changes:
suphp (0.6.2-2.1) unstable; urgency=high
.
* Non-maintainer upload by the security team
* Fix race condition in symlink handling by adding
04_CVE-2008-1614.dpatch (Closes: #475431) Fixes: CVE-2008-1614
Checksums-Sha1:
d791d701c151c5b4d82afcd88147b022d6498cee suphp_0.6.2-2.1.dsc
37b948887f18f04f3071c25f7b7c30f911ad9ddb 84191 suphp_0.6.2-2.1.diff.gz
c03add33f74423e78afef2d320192e2ff6613050 73144 suphp-common_0.6.2-2.1_i386.deb
373782c15adf5af147633120dcf18007785419fc 16836
libapache2-mod-suphp_0.6.2-2.1_i386.deb
Checksums-Sha256:
8a52bd47531ddd56680e520780b34b43bb0f86b73dce1fc6836054159a141f7c
suphp_0.6.2-2.1.dsc
742d6677be8e948ef0067644fd09e3b200ceb937f5418b390c5569f836b6ebf3 84191
suphp_0.6.2-2.1.diff.gz
3936c1ed8edbe094e7b74175df7532d9c1de7d75d0513c8addb6eb63690227aa 73144
suphp-common_0.6.2-2.1_i386.deb
b7c77ad39d5564a1f78b2952436262384b3e97b687db06ab5dbf719585bab0e7 16836
libapache2-mod-suphp_0.6.2-2.1_i386.deb
Files:
476ce3e48c4a799382cfc060e141f1a3 web optional suphp_0.6.2-2.1.dsc
45703891e4ce4f14b9edaeecad15d306 84191 web optional suphp_0.6.2-2.1.diff.gz
09e821d65ba60c33b5d950ff11085d8d 73144 web optional
suphp-common_0.6.2-2.1_i386.deb
dc62b5736fced691e3d1ca454fa360a3 16836 web optional
libapache2-mod-suphp_0.6.2-2.1_i386.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIJWc562zWxYk/rQcRAh2JAJ9XYfMgPsPwjsZzcf+pHDcZ3NTNsQCfTI+0
YOn2c3fM2mRPBYwdSTtwqL8=
=OpzX
-END PGP SIGNATURE-
---End Message---
