Your message dated Fri, 16 Sep 2005 19:32:13 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#327039: fixed in kdebase 4:3.4.2-3 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 7 Sep 2005 08:23:16 +0000 >From [EMAIL PROTECTED] Wed Sep 07 01:23:16 2005 Return-path: <[EMAIL PROTECTED]> Received: from (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1ECvD9-0002QK-00; Wed, 07 Sep 2005 01:23:16 -0700 Received: from wlan-client-281.informatik.uni-bremen.de ([134.102.117.31] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1ECvD5-000371-6n for [EMAIL PROTECTED]; Wed, 07 Sep 2005 10:23:11 +0200 Received: from jmm by localhost.localdomain with local (Exim 4.52) id 1ECvDm-0001Zz-W9; Wed, 07 Sep 2005 10:23:55 +0200 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: CAN-2005-2494: Insecure lockfile handling permits potential local root privilege escalation X-Mailer: reportbug 3.17 Date: Wed, 07 Sep 2005 10:23:54 +0200 X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]> Message-Id: <[EMAIL PROTECTED]> X-SA-Exim-Connect-IP: 134.102.117.31 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: kdebase-bin Version: 3.4.2-2 Severity: grave Tags: security Justification: user security hole Please see http://www.kde.org/info/security/advisory-20050905-1.txt for details and a patch. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc5 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --------------------------------------- Received: (at 327039-close) by bugs.debian.org; 17 Sep 2005 02:38:24 +0000 >From [EMAIL PROTECTED] Fri Sep 16 19:38:24 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1EGSUv-0003N2-00; Fri, 16 Sep 2005 19:32:13 -0700 From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#327039: fixed in kdebase 4:3.4.2-3 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Fri, 16 Sep 2005 19:32:13 -0700 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 2 Source: kdebase Source-Version: 4:3.4.2-3 We believe that the bug you reported is fixed in the latest version of kdebase, which is due to be installed in the Debian FTP archive: kappfinder_3.4.2-3_i386.deb to pool/main/k/kdebase/kappfinder_3.4.2-3_i386.deb kate_3.4.2-3_i386.deb to pool/main/k/kdebase/kate_3.4.2-3_i386.deb kcontrol_3.4.2-3_i386.deb to pool/main/k/kdebase/kcontrol_3.4.2-3_i386.deb kdebase-bin_3.4.2-3_i386.deb to pool/main/k/kdebase/kdebase-bin_3.4.2-3_i386.deb kdebase-data_3.4.2-3_all.deb to pool/main/k/kdebase/kdebase-data_3.4.2-3_all.deb kdebase-dev_3.4.2-3_i386.deb to pool/main/k/kdebase/kdebase-dev_3.4.2-3_i386.deb kdebase-doc-html_3.4.2-3_all.deb to pool/main/k/kdebase/kdebase-doc-html_3.4.2-3_all.deb kdebase-doc_3.4.2-3_all.deb to pool/main/k/kdebase/kdebase-doc_3.4.2-3_all.deb kdebase-kio-plugins_3.4.2-3_i386.deb to pool/main/k/kdebase/kdebase-kio-plugins_3.4.2-3_i386.deb kdebase_3.4.2-3.diff.gz to pool/main/k/kdebase/kdebase_3.4.2-3.diff.gz kdebase_3.4.2-3.dsc to pool/main/k/kdebase/kdebase_3.4.2-3.dsc kdebase_3.4.2-3_all.deb to pool/main/k/kdebase/kdebase_3.4.2-3_all.deb kdepasswd_3.4.2-3_i386.deb to pool/main/k/kdebase/kdepasswd_3.4.2-3_i386.deb kdeprint_3.4.2-3_i386.deb to pool/main/k/kdebase/kdeprint_3.4.2-3_i386.deb kdesktop_3.4.2-3_i386.deb to pool/main/k/kdebase/kdesktop_3.4.2-3_i386.deb kdm_3.4.2-3_i386.deb to pool/main/k/kdebase/kdm_3.4.2-3_i386.deb kfind_3.4.2-3_i386.deb to pool/main/k/kdebase/kfind_3.4.2-3_i386.deb khelpcenter_3.4.2-3_i386.deb to pool/main/k/kdebase/khelpcenter_3.4.2-3_i386.deb kicker_3.4.2-3_i386.deb to pool/main/k/kdebase/kicker_3.4.2-3_i386.deb klipper_3.4.2-3_i386.deb to pool/main/k/kdebase/klipper_3.4.2-3_i386.deb kmenuedit_3.4.2-3_i386.deb to pool/main/k/kdebase/kmenuedit_3.4.2-3_i386.deb konqueror-nsplugins_3.4.2-3_i386.deb to pool/main/k/kdebase/konqueror-nsplugins_3.4.2-3_i386.deb konqueror_3.4.2-3_i386.deb to pool/main/k/kdebase/konqueror_3.4.2-3_i386.deb konsole_3.4.2-3_i386.deb to pool/main/k/kdebase/konsole_3.4.2-3_i386.deb kpager_3.4.2-3_i386.deb to pool/main/k/kdebase/kpager_3.4.2-3_i386.deb kpersonalizer_3.4.2-3_i386.deb to pool/main/k/kdebase/kpersonalizer_3.4.2-3_i386.deb ksmserver_3.4.2-3_i386.deb to pool/main/k/kdebase/ksmserver_3.4.2-3_i386.deb ksplash_3.4.2-3_i386.deb to pool/main/k/kdebase/ksplash_3.4.2-3_i386.deb ksysguard_3.4.2-3_i386.deb to pool/main/k/kdebase/ksysguard_3.4.2-3_i386.deb ksysguardd_3.4.2-3_i386.deb to pool/main/k/kdebase/ksysguardd_3.4.2-3_i386.deb ktip_3.4.2-3_i386.deb to pool/main/k/kdebase/ktip_3.4.2-3_i386.deb kwin_3.4.2-3_i386.deb to pool/main/k/kdebase/kwin_3.4.2-3_i386.deb libkonq4-dev_3.4.2-3_i386.deb to pool/main/k/kdebase/libkonq4-dev_3.4.2-3_i386.deb libkonq4_3.4.2-3_i386.deb to pool/main/k/kdebase/libkonq4_3.4.2-3_i386.deb xfonts-konsole_3.4.2-3_all.deb to pool/main/k/kdebase/xfonts-konsole_3.4.2-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdebase package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 16 Sep 2005 16:59:45 -0400 Source: kdebase Binary: kdesktop kcontrol kpersonalizer kdm kdebase-doc-html klipper kappfinder kdebase-doc kdebase kmenuedit kicker libkonq4 konqueror-nsplugins kdebase-bin kdebase-dev ksplash kdeprint libkonq4-dev kwin kdepasswd ksmserver kfind kdebase-kio-plugins kpager khelpcenter xfonts-konsole kate ksysguard konqueror ktip ksysguardd kdebase-data konsole Architecture: source i386 all Version: 4:3.4.2-3 Distribution: unstable Urgency: low Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Description: kappfinder - non-KDE application finder for KDE kate - advanced text editor for KDE kcontrol - control center for KDE kdebase - base components from the official KDE release kdebase-bin - core binaries for the KDE base module kdebase-data - shared data files for the KDE base module kdebase-dev - development files for the KDE base module kdebase-doc - developer documentation for the KDE base module kdebase-doc-html - KDE base documentation in HTML format kdebase-kio-plugins - core I/O slaves for KDE kdepasswd - password changer for KDE kdeprint - print system for KDE kdesktop - miscellaneous binaries and files for the KDE desktop kdm - X display manager for KDE kfind - file-find utility for KDE khelpcenter - help center for KDE kicker - desktop panel for KDE klipper - clipboard utility for KDE kmenuedit - menu editor for KDE konqueror - KDE's advanced file manager, web browser and document viewer konqueror-nsplugins - Netscape plugin support for Konqueror konsole - X terminal emulator for KDE kpager - desktop pager for KDE kpersonalizer - installation personalizer for KDE ksmserver - session manager for KDE ksplash - the KDE splash screen ksysguard - system guard for KDE ksysguardd - system guard daemon for KDE ktip - useful tips for KDE kwin - the KDE window manager libkonq4 - core libraries for Konqueror libkonq4-dev - development files for Konqueror's core libraries xfonts-konsole - fonts used by the KDE's Konsole Closes: 326542 327039 327191 Changes: kdebase (4:3.4.2-3) unstable; urgency=low . * KDE_3_4_BRANCH update (up to r458655). This includes a fix for a local root exploit, CAN-2005-2494, in the kcheckpass binary (Closes: #327039) . +++ Changes by Christopher Martin: . * Add a NEWS entry that explains the KDM upgrade process for users moving from KDM 3.3.x, as well as KDM's new behaviour regarding login scripts. (Closes: #326542, #327191) . * Add a patch from the "Improving KDE" set that eliminates a superfluous border around kicker's systray that appeared on mouseover. . * Add another "Improving KDE" patch that allows the selection of a special tranparent selection rectangle (off by default) to be made from the Control Center's Style module. Temporarily bump our kdelibs build-depends, to ensure that we build against a similarly patched Qt and kdelibs. Files: d506c8221901f45ad5a5935df36b85a9 1720 kde optional kdebase_3.4.2-3.dsc c6c8a30a44557d9a1f40bf91d4cf0d40 1622488 kde optional kdebase_3.4.2-3.diff.gz 7a60627b7737bec1de3d101c26a0e476 31752 kde optional kdebase_3.4.2-3_all.deb 2b04fe1e575bb4a600a3e7bbc3e474cb 5729692 kde optional kdebase-data_3.4.2-3_all.deb 793f0ad80122ab1458136360eed19e6a 3806652 doc optional kdebase-doc_3.4.2-3_all.deb 32fce2255896a2606df54ff1b3dd33f0 339204 doc optional kdebase-doc-html_3.4.2-3_all.deb 47c1dd177bdc43480be241dd31c4b37a 47966 x11 optional xfonts-konsole_3.4.2-3_all.deb c49e3d2a9784fcddefac4df68ef7ddfb 261086 kde optional kappfinder_3.4.2-3_i386.deb 690941b2ea2364748927d6012034fa00 628406 editors optional kate_3.4.2-3_i386.deb cc15a0ef37bfc1d15270b83dbfc8c459 7835498 kde optional kcontrol_3.4.2-3_i386.deb 4d3c108e8585a3a61237c10505d60cdc 1056382 kde optional kdebase-bin_3.4.2-3_i386.deb bc213321a770e406a4faa02167f2744d 71122 devel optional kdebase-dev_3.4.2-3_i386.deb bc7d598ef6b3ec2fb5a04b55c07c14e5 737204 kde optional kdebase-kio-plugins_3.4.2-3_i386.deb 4734d40233085d1fdd3e2c289177b468 231602 utils optional kdepasswd_3.4.2-3_i386.deb 423b28034c0f8b50b99a1b12dc5ef7ca 1107464 utils optional kdeprint_3.4.2-3_i386.deb cb3f144d1c00a578c098c5ac08ab94ff 737524 kde optional kdesktop_3.4.2-3_i386.deb 3c87f91a17b3cee06c505375e26b9c44 607444 kde optional kdm_3.4.2-3_i386.deb 33d7a6ee475ee4828054e6bc771dc281 187322 utils optional kfind_3.4.2-3_i386.deb 8ec428014c875c22e6841d278d3c8bac 1787512 kde optional khelpcenter_3.4.2-3_i386.deb 66d437cf78c7711c6a69643919819397 1710388 kde optional kicker_3.4.2-3_i386.deb 463f42a3d1df02bf8b060fadabf653b3 243910 kde optional klipper_3.4.2-3_i386.deb 96b629d36a362fd85552ab53800b9d2b 211488 kde optional kmenuedit_3.4.2-3_i386.deb 4783f62922a27dd6b44ac3d6d8449a07 2013460 web optional konqueror_3.4.2-3_i386.deb 7da64cd0989fde7d1dbdddcc87db14fb 131852 utils optional konqueror-nsplugins_3.4.2-3_i386.deb 25f101b1807c9959b312e02c76e5b4f7 581260 kde optional konsole_3.4.2-3_i386.deb 6d97ed73441b48c81bdfc2543af1738c 105530 kde optional kpager_3.4.2-3_i386.deb 978fc89536fd000fe670289bafa6930f 479826 kde optional kpersonalizer_3.4.2-3_i386.deb 9e6688bfb6782b931c70f5d86e51c003 145780 kde optional ksmserver_3.4.2-3_i386.deb 5fa7eee0c31cfb25374fc3e7edc56352 810868 kde optional ksplash_3.4.2-3_i386.deb e4586a00c30998a949f4f7ea645bc527 467562 utils optional ksysguard_3.4.2-3_i386.deb dca7e705693412cdbba56ff764243cc9 58682 utils optional ksysguardd_3.4.2-3_i386.deb 28889874155250444046c79c69b2bddd 91270 kde optional ktip_3.4.2-3_i386.deb 6bdae5953cc6b583227f4076ed902ef1 968090 kde optional kwin_3.4.2-3_i386.deb 4de2a76041e30a39eead3d1d39220baf 252994 libs optional libkonq4_3.4.2-3_i386.deb 1a66cc3d27d5ae49baf9f4f497d1ff15 58278 libdevel optional libkonq4-dev_3.4.2-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Signed by Christopher Martin <[EMAIL PROTECTED]> iD8DBQFDK279U+gWW+vtsysRAoDWAJ9jjsCGZFC7NJyKC3IFUqM63MIkRQCfenZq YyXHj5h2cW0cI7hC1huAoa0= =IM/J -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]