Bug#522813: marked as done (multipath-tools: CVE-2009-0115 insecure permissions of control socket)
Your message dated Sat, 27 Jun 2009 16:04:40 + with message-id e1mkaoo-000163...@ries.debian.org and subject line Bug#522813: fixed in multipath-tools 0.4.8-14+lenny1 has caused the Debian Bug report #522813, regarding multipath-tools: CVE-2009-0115 insecure permissions of control socket to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 522813: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522813 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: multipath-tools Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for multipath-tools. CVE-2009-0115[0]: | multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux | Enterprise Server (SLES) 10 uses world-writable permissions for the | socket file (aka /var/run/multipathd.sock), which allows local users | to send arbitrary commands to the multipath daemon. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115 http://security-tracker.debian.net/tracker/CVE-2009-0115 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpNJ5YVaVsx0.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: multipath-tools Source-Version: 0.4.8-14+lenny1 We believe that the bug you reported is fixed in the latest version of multipath-tools, which is due to be installed in the Debian FTP archive: kpartx_0.4.8-14+lenny1_powerpc.deb to pool/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_powerpc.deb multipath-tools-boot_0.4.8-14+lenny1_all.deb to pool/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb multipath-tools_0.4.8-14+lenny1.diff.gz to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz multipath-tools_0.4.8-14+lenny1.dsc to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc multipath-tools_0.4.8-14+lenny1_powerpc.deb to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_powerpc.deb multipath-udeb_0.4.8-14+lenny1_powerpc.udeb to pool/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_powerpc.udeb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 522...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guido Günther a...@sigxcpu.org (supplier of updated multipath-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 06 Apr 2009 20:03:48 +0200 Source: multipath-tools Binary: multipath-tools kpartx multipath-tools-boot multipath-udeb Architecture: source powerpc all Version: 0.4.8-14+lenny1 Distribution: stable-security Urgency: low Maintainer: Debian LVM Team pkg-lvm-maintain...@lists.alioth.debian.org Changed-By: Guido Günther a...@sigxcpu.org Description: kpartx - create device mappings for partitions multipath-tools - maintain multipath block device access multipath-tools-boot - Support booting from multipath devices multipath-udeb - maintain multipath block device access (udeb) Closes: 522813 Changes: multipath-tools (0.4.8-14+lenny1) stable-security; urgency=low . * [3d76714] fix umask of multipathd socket (CVE-2009-0115). Upstream commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813) Checksums-Sha1: 182770d7d7c3d81b2b469e47c4478b48e44d2e14 1375 multipath-tools_0.4.8-14+lenny1.dsc e538c62b14c993d392e3dddb823b06720378a8d0 202446 multipath-tools_0.4.8.orig.tar.gz d95402d28b8327db358e4ca0b7b2a12f3aa63b29 22746 multipath-tools_0.4.8-14+lenny1.diff.gz cfcbb73941a3814fd0600d244ffad446e4a742c8 182596 multipath-tools_0.4.8-14+lenny1_powerpc.deb 644a779e53f68dce150e64a193bdf9d90c4d384a 29824 kpartx_0.4.8-14+lenny1_powerpc.deb e077c217967baaf8161607dc57379e633b623e37 10886 multipath-tools-boot_0.4.8-14+lenny1_all.deb 9a0489582e4467682fff8ab9b320749c3c9abe25 98676 multipath-udeb_0.4.8-14+lenny1_powerpc.udeb Checksums-Sha256: 876eb1ce2f00894c982ef269879a39e54d1c2bef105c8d5b4c8be931b083e751 1375 multipath-tools_0.4.8-14+lenny1.dsc
Bug#522813: marked as done (multipath-tools: CVE-2009-0115 insecure permissions of control socket)
Your message dated Sat, 20 Jun 2009 12:44:20 + with message-id e1mhzvg-0003kb...@ries.debian.org and subject line Bug#522813: fixed in multipath-tools 0.4.7-1.1etch2 has caused the Debian Bug report #522813, regarding multipath-tools: CVE-2009-0115 insecure permissions of control socket to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 522813: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522813 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: multipath-tools Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for multipath-tools. CVE-2009-0115[0]: | multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux | Enterprise Server (SLES) 10 uses world-writable permissions for the | socket file (aka /var/run/multipathd.sock), which allows local users | to send arbitrary commands to the multipath daemon. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115 http://security-tracker.debian.net/tracker/CVE-2009-0115 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpgZSLGuNoSa.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: multipath-tools Source-Version: 0.4.7-1.1etch2 We believe that the bug you reported is fixed in the latest version of multipath-tools, which is due to be installed in the Debian FTP archive: multipath-tools_0.4.7-1.1etch2.diff.gz to pool/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.diff.gz multipath-tools_0.4.7-1.1etch2.dsc to pool/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.dsc multipath-tools_0.4.7-1.1etch2_powerpc.deb to pool/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_powerpc.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 522...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guido Günther a...@sigxcpu.org (supplier of updated multipath-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Mon, 06 Apr 2009 20:19:17 +0200 Source: multipath-tools Binary: multipath-tools Architecture: source powerpc Version: 0.4.7-1.1etch2 Distribution: oldstable-security Urgency: low Maintainer: Debian LVM Team pkg-lvm-maintain...@lists.alioth.debian.org Changed-By: Guido Günther a...@sigxcpu.org Description: multipath-tools - Command-line utilities for administering multipath disk access Closes: 522813 Changes: multipath-tools (0.4.7-1.1etch2) oldstable-security; urgency=low . * [5c0d036] fix umask of multipathd socket (CVE-2009-0115). Upstream commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813) Files: 96af45800ec71a9fcf8f811416ff90e7 794 admin extra multipath-tools_0.4.7-1.1etch2.dsc b14f35444f6fee34b6be49a79ebe9439 179914 admin extra multipath-tools_0.4.7.orig.tar.gz 971e214f6a43d817da8da4dcc3763443 25941 admin extra multipath-tools_0.4.7-1.1etch2.diff.gz 923e02c8131bbfd298bd2958637fc90b 161776 admin extra multipath-tools_0.4.7-1.1etch2_powerpc.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ3KWrn88szT8+ZCYRAqbZAJ9OHXpvW93J98nMT0jEajuqQBPgcgCfXySz bgLWyevUGa60gIb1lAK553k= =Z8We -END PGP SIGNATURE- ---End Message---
Bug#522813: marked as done (multipath-tools: CVE-2009-0115 insecure permissions of control socket)
Your message dated Tue, 21 Apr 2009 19:54:02 + with message-id e1lwm2c-00050x...@ries.debian.org and subject line Bug#522813: fixed in multipath-tools 0.4.8-14+lenny1 has caused the Debian Bug report #522813, regarding multipath-tools: CVE-2009-0115 insecure permissions of control socket to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 522813: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522813 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: multipath-tools Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for multipath-tools. CVE-2009-0115[0]: | multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux | Enterprise Server (SLES) 10 uses world-writable permissions for the | socket file (aka /var/run/multipathd.sock), which allows local users | to send arbitrary commands to the multipath daemon. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115 http://security-tracker.debian.net/tracker/CVE-2009-0115 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpaZpop8IMrA.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: multipath-tools Source-Version: 0.4.8-14+lenny1 We believe that the bug you reported is fixed in the latest version of multipath-tools, which is due to be installed in the Debian FTP archive: kpartx_0.4.8-14+lenny1_powerpc.deb to pool/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_powerpc.deb multipath-tools-boot_0.4.8-14+lenny1_all.deb to pool/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb multipath-tools_0.4.8-14+lenny1.diff.gz to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz multipath-tools_0.4.8-14+lenny1.dsc to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc multipath-tools_0.4.8-14+lenny1_powerpc.deb to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_powerpc.deb multipath-udeb_0.4.8-14+lenny1_powerpc.udeb to pool/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_powerpc.udeb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 522...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guido Günther a...@sigxcpu.org (supplier of updated multipath-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 06 Apr 2009 20:03:48 +0200 Source: multipath-tools Binary: multipath-tools kpartx multipath-tools-boot multipath-udeb Architecture: source powerpc all Version: 0.4.8-14+lenny1 Distribution: stable-security Urgency: low Maintainer: Debian LVM Team pkg-lvm-maintain...@lists.alioth.debian.org Changed-By: Guido Günther a...@sigxcpu.org Description: kpartx - create device mappings for partitions multipath-tools - maintain multipath block device access multipath-tools-boot - Support booting from multipath devices multipath-udeb - maintain multipath block device access (udeb) Closes: 522813 Changes: multipath-tools (0.4.8-14+lenny1) stable-security; urgency=low . * [3d76714] fix umask of multipathd socket (CVE-2009-0115). Upstream commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813) Checksums-Sha1: 182770d7d7c3d81b2b469e47c4478b48e44d2e14 1375 multipath-tools_0.4.8-14+lenny1.dsc e538c62b14c993d392e3dddb823b06720378a8d0 202446 multipath-tools_0.4.8.orig.tar.gz d95402d28b8327db358e4ca0b7b2a12f3aa63b29 22746 multipath-tools_0.4.8-14+lenny1.diff.gz cfcbb73941a3814fd0600d244ffad446e4a742c8 182596 multipath-tools_0.4.8-14+lenny1_powerpc.deb 644a779e53f68dce150e64a193bdf9d90c4d384a 29824 kpartx_0.4.8-14+lenny1_powerpc.deb e077c217967baaf8161607dc57379e633b623e37 10886 multipath-tools-boot_0.4.8-14+lenny1_all.deb 9a0489582e4467682fff8ab9b320749c3c9abe25 98676 multipath-udeb_0.4.8-14+lenny1_powerpc.udeb Checksums-Sha256: 876eb1ce2f00894c982ef269879a39e54d1c2bef105c8d5b4c8be931b083e751 1375 multipath-tools_0.4.8-14+lenny1.dsc
Bug#522813: marked as done (multipath-tools: CVE-2009-0115 insecure permissions of control socket)
Your message dated Mon, 06 Apr 2009 18:03:10 + with message-id e1lqta6-0001ce...@ries.debian.org and subject line Bug#522813: fixed in multipath-tools 0.4.8-15 has caused the Debian Bug report #522813, regarding multipath-tools: CVE-2009-0115 insecure permissions of control socket to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 522813: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522813 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: multipath-tools Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for multipath-tools. CVE-2009-0115[0]: | multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux | Enterprise Server (SLES) 10 uses world-writable permissions for the | socket file (aka /var/run/multipathd.sock), which allows local users | to send arbitrary commands to the multipath daemon. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115 http://security-tracker.debian.net/tracker/CVE-2009-0115 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpotpDufe5Hf.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: multipath-tools Source-Version: 0.4.8-15 We believe that the bug you reported is fixed in the latest version of multipath-tools, which is due to be installed in the Debian FTP archive: kpartx_0.4.8-15_powerpc.deb to pool/main/m/multipath-tools/kpartx_0.4.8-15_powerpc.deb multipath-tools-boot_0.4.8-15_all.deb to pool/main/m/multipath-tools/multipath-tools-boot_0.4.8-15_all.deb multipath-tools_0.4.8-15.diff.gz to pool/main/m/multipath-tools/multipath-tools_0.4.8-15.diff.gz multipath-tools_0.4.8-15.dsc to pool/main/m/multipath-tools/multipath-tools_0.4.8-15.dsc multipath-tools_0.4.8-15_powerpc.deb to pool/main/m/multipath-tools/multipath-tools_0.4.8-15_powerpc.deb multipath-udeb_0.4.8-15_powerpc.udeb to pool/main/m/multipath-tools/multipath-udeb_0.4.8-15_powerpc.udeb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 522...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guido Günther a...@sigxcpu.org (supplier of updated multipath-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 06 Apr 2009 19:36:25 +0200 Source: multipath-tools Binary: multipath-tools kpartx multipath-tools-boot multipath-udeb Architecture: source powerpc all Version: 0.4.8-15 Distribution: unstable Urgency: low Maintainer: Debian LVM Team pkg-lvm-maintain...@lists.alioth.debian.org Changed-By: Guido Günther a...@sigxcpu.org Description: kpartx - create device mappings for partitions multipath-tools - maintain multipath block device access multipath-tools-boot - Support booting from multipath devices multipath-udeb - maintain multipath block device access (udeb) Closes: 519252 522813 Changes: multipath-tools (0.4.8-15) unstable; urgency=low . * [e3fdd6f] add iscsi as a prereq and add verbose logic from mdadm. * [9299e3d] On shutdown multipathd flushes its internal message queue but we have to check if the messages on the queue are not empty. (Closes: #519252) * [df5ee21] fix umask of multipathd socket (CVE-2009-0115). Upstream commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813) Checksums-Sha1: 8aa14dce9c3ffc8a4d0ce14175303716fa93ed2c 1347 multipath-tools_0.4.8-15.dsc 7a9d7f58646df849c8b0310fba5025ace1bf184a 23364 multipath-tools_0.4.8-15.diff.gz e159f49b879713a0f3ad7c4bf2268362d31f9435 178608 multipath-tools_0.4.8-15_powerpc.deb 84f395240ad3eb2e238c4228a653fa9471fa16d4 29286 kpartx_0.4.8-15_powerpc.deb 33c9ebe597164210854aadbee90cc2df9b85a852 11250 multipath-tools-boot_0.4.8-15_all.deb 861306650b8e175387d4a9479feac6da284a3a15 95890 multipath-udeb_0.4.8-15_powerpc.udeb Checksums-Sha256: 0865d90c6c7eb81cd85f22e1212bfdd2e094276020b7b0dfe446cb99696c4226 1347 multipath-tools_0.4.8-15.dsc cef040f18902427e925fcb50fbacdabbc57ea2cdc99e2a9f6ad11bc5b3910da9 23364