Your message dated Mon, 07 Dec 2009 18:51:17 +0000
with message-id <e1nhig1-00036b...@ries.debian.org>
and subject line Bug#559834: fixed in hypre 2.4.0b-5
has caused the Debian Bug report #559834,
regarding CVE-2009-3736 local privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
559834: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559834
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: hypre
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for libtool. I have determined that this package embeds a
vulnerable copy of the libtool source code. However, since this is a
mass bug filing (due to so many packages embedding libtool), I have not
had time to determine whether the vulnerable code is actually present
in any of the binary packages. Please determine whether this is the
case. If the binary packages are not affected, please feel free to close
the bug with a message containing the details of what you did to check.
CVE-2009-3736[0]:
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
| attempts to open a .la file in the current working directory, which
| allows local users to gain privileges via a Trojan horse file.
Note that this problem also affects etch and lenny, so if your package
is affected, please coordinate with the security team to release the
DSA for the affected packages.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
http://security-tracker.debian.org/tracker/CVE-2009-3736
--- End Message ---
--- Begin Message ---
Source: hypre
Source-Version: 2.4.0b-5
We believe that the bug you reported is fixed in the latest version of
hypre, which is due to be installed in the Debian FTP archive:
hypre_2.4.0b-5.diff.gz
to main/h/hypre/hypre_2.4.0b-5.diff.gz
hypre_2.4.0b-5.dsc
to main/h/hypre/hypre_2.4.0b-5.dsc
libhypre-2.4.0_2.4.0b-5_amd64.deb
to main/h/hypre/libhypre-2.4.0_2.4.0b-5_amd64.deb
libhypre-dev_2.4.0b-5_all.deb
to main/h/hypre/libhypre-dev_2.4.0b-5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 559...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam C. Powell, IV <hazel...@debian.org> (supplier of updated hypre package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 07 Dec 2009 13:29:30 -0500
Source: hypre
Binary: libhypre-2.4.0 libhypre-dev
Architecture: source amd64 all
Version: 2.4.0b-5
Distribution: unstable
Urgency: low
Maintainer: Adam C. Powell, IV <hazel...@debian.org>
Changed-By: Adam C. Powell, IV <hazel...@debian.org>
Description:
libhypre-2.4.0 - High Performance Matrix Preconditioners - Shared Library
libhypre-dev - High Performance Matrix Preconditioners - Development Files
Closes: 559484 559834
Changes:
hypre (2.4.0b-5) unstable; urgency=low
.
* Added libtool to Build-Depends, run libtoolize, and copy ltdl.{c,h} into
src/babel-runtime/sidl (closes: #559834).
* Copy new config.{sub,guess} into config dir (closes: #559484).
Checksums-Sha1:
c500d66708ba4825820303281b5cfd791d646721 1155 hypre_2.4.0b-5.dsc
d01cce9cef8658f00ffd6c5cc7e050cafd25bced 10260 hypre_2.4.0b-5.diff.gz
09b39744684542775b439929b3ab55575ec73bf4 1698108
libhypre-2.4.0_2.4.0b-5_amd64.deb
5155f182ceea4f971881e0c7205a95714460678b 151376 libhypre-dev_2.4.0b-5_all.deb
Checksums-Sha256:
fb9fcefb8c167dc6c7f2faf7e8ddbbcb0108ccc73cdb6eb5dc5df82803df5e8f 1155
hypre_2.4.0b-5.dsc
633f6e135ea399b17380d6ed850ab464422b5650d6f7d7b1dd2fe2210ffacfec 10260
hypre_2.4.0b-5.diff.gz
ad0dba11046a4a0390d8e6f43fc5b62aad4f9db25b57072936f6375dad473c50 1698108
libhypre-2.4.0_2.4.0b-5_amd64.deb
3fb043d6a45ccf2639cabc9ffc1c32fc4a869428eefec89a065c02141db703ed 151376
libhypre-dev_2.4.0b-5_all.deb
Files:
aaba8bf376300fba62fc2a690279faca 1155 math extra hypre_2.4.0b-5.dsc
289aef65fa31c38f9b2bf7876b8aea0d 10260 math extra hypre_2.4.0b-5.diff.gz
b131eaf04a9a168b37653884857885c6 1698108 libs extra
libhypre-2.4.0_2.4.0b-5_amd64.deb
9e709c058062a74af0cf1722e427cd61 151376 libdevel extra
libhypre-dev_2.4.0b-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksdSr4ACgkQUm8B6FZO5LZbfwCdHefm+twSg6omNKSDdRnJSonW
/s4An2zgDKrOPVQNgiVtI3QQR4QULE3c
=/+aR
-----END PGP SIGNATURE-----
--- End Message ---
