Your message dated Tue, 22 Jan 2013 20:47:05 +0000
with message-id <[email protected]>
and subject line Bug#683584: fixed in ganglia 3.1.7-1+squeeze1
has caused the Debian Bug report #683584,
regarding ganglia: [Debian RT] CVE-2012-3448: arbitrary script execution
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
683584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683584
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ganglia
Severity: grave
Tags: security
Justification: user security hole
Hi,
recently released Ganglia Web fixes a remote script execution
vulnerability. It has been allocated CVE-2012-3348.
More info on http://ganglia.info/?p=549 and
https://bugzilla.redhat.com/show_bug.cgi?id=845124
Can you prepare packages with isolated fixes for Squeeze and unstable
(since we are in freeze)?
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: ganglia
Source-Version: 3.1.7-1+squeeze1
We believe that the bug you reported is fixed in the latest version of
ganglia, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated ganglia package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 19 Jan 2013 10:04:17 +0100
Source: ganglia
Binary: ganglia-monitor gmetad libganglia1 libganglia1-dev ganglia-webfrontend
Architecture: source all amd64
Version: 3.1.7-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Stuart Teasdale <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
ganglia-monitor - cluster monitoring toolkit - node daemon
ganglia-webfrontend - cluster monitoring toolkit - web front-end
gmetad - cluster monitoring toolkit - Ganglia Meta-Daemon
libganglia1 - cluster monitoring toolkit - shared libraries
libganglia1-dev - cluster monitoring toolkit - development libraries
Closes: 683584
Changes:
ganglia (3.1.7-1+squeeze1) stable-security; urgency=high
.
* Non-maintainer upload.
* Fix for path traversal issue when supplying name of a graph
web/graph.php: Check for path traversal issues by making sure real path
is actually in graphdir. Fixes CVE-2012-3448.
Fix backported from ganglia 3.1.8. (Closes: #683584)
Checksums-Sha1:
2290ba128ab210741321cad251f4b92e97c1f020 1885 ganglia_3.1.7-1+squeeze1.dsc
e234d64814af1c9f55f1cd039a5840039d175f85 1278023 ganglia_3.1.7.orig.tar.gz
b4b08eb9fa601be74015c76e97a1d4e56928567b 46695 ganglia_3.1.7-1+squeeze1.diff.gz
5a52ac3eebab113e5ae57c85a6acb3beaa0e22a3 112074
ganglia-webfrontend_3.1.7-1+squeeze1_all.deb
05475510eb0e007b0b2823642ec7c6b7a2773daa 59890
ganglia-monitor_3.1.7-1+squeeze1_amd64.deb
ecf312800807aecf3afa8c20b672edfb712fd9b6 32748
gmetad_3.1.7-1+squeeze1_amd64.deb
04f9f2bff6cb9cf5819c5279f05f7766ebf2b137 139724
libganglia1_3.1.7-1+squeeze1_amd64.deb
0334031631d65137aee62fbaa025fec0337b9882 45238
libganglia1-dev_3.1.7-1+squeeze1_amd64.deb
Checksums-Sha256:
a0a84c993ebfec6956ce02db64997d7b5a08ba592f527cba4e26139c74960998 1885
ganglia_3.1.7-1+squeeze1.dsc
bb1a4953d72e7dace76010a30d6d332e4ac0991d1371dbbcbcc7b048e0a7e4bf 1278023
ganglia_3.1.7.orig.tar.gz
f76eddf43497a757a4b578d1dea15bafe76a0f4b9dd310f12baafa856b74d62e 46695
ganglia_3.1.7-1+squeeze1.diff.gz
4ac04256a2ed381f64c82ba156ade367ccda7a062706fd5a95dd9f59bae9676e 112074
ganglia-webfrontend_3.1.7-1+squeeze1_all.deb
be608229b61f94517638600f495388bf6b7d0e482ad39ec88deca45f0dcf9da1 59890
ganglia-monitor_3.1.7-1+squeeze1_amd64.deb
ed9a7527a0c8a479f6d8d3b2c12aa7edbc9fd057d72eab553ceae259eddf6442 32748
gmetad_3.1.7-1+squeeze1_amd64.deb
ec93fca0ae717dd040baa5125942506bc450e6aa41060d3ec9c35045c79bea87 139724
libganglia1_3.1.7-1+squeeze1_amd64.deb
a467dd94f95011339a0691af9204eb84585047fb410dd6ceb2183b532a0fa14d 45238
libganglia1-dev_3.1.7-1+squeeze1_amd64.deb
Files:
1cd1fead68bce729e79f7659e442d307 1885 net optional ganglia_3.1.7-1+squeeze1.dsc
6aa5e2109c2cc8007a6def0799cf1b4c 1278023 net optional ganglia_3.1.7.orig.tar.gz
0fa8ec30db2351361d1c7a2b5dfb418f 46695 net optional
ganglia_3.1.7-1+squeeze1.diff.gz
208bbe2bb0992d46f2888e5514b9f04e 112074 net optional
ganglia-webfrontend_3.1.7-1+squeeze1_all.deb
945ce005e3454ddb8aed97124b3406da 59890 net optional
ganglia-monitor_3.1.7-1+squeeze1_amd64.deb
c372abd5f0aca9f8354b5db5effc99e7 32748 net optional
gmetad_3.1.7-1+squeeze1_amd64.deb
739a8ccd75baac723283627b2d368a24 139724 libs optional
libganglia1_3.1.7-1+squeeze1_amd64.deb
bcf088ceeee590747d252071c2d24f08 45238 libdevel optional
libganglia1-dev_3.1.7-1+squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ/Cz2AAoJEHidbwV/2GP+7FQP/2QofWECUuXSyKAgl+XCRGBI
0M4A8MkwmANoDbXL6e6UELoKxnkR3c2iruwceWJc547TZpaK1HRL85u8gg6gVmNH
JDtecfim9R4kRVB5zCbOjtvByDsFr9eLZgTW+SHyjPBTHfoNnT5wvjmaRSMpbT6U
ECmgle/Cfh8XRyMwLH3DHF3PkZL+ye6pS9hvaO7kssXGS5kQxrShdMXNLj1HIB+Z
6JAGpDKj8cqpxmWTVLVCgp+Shu/zsEfwCoaojOYOCX5PhCavFn/z3LItPmFHp9sE
4lps34dL4B38ApYjwyRKW6bpsiiMIM5U7KIQDbe+2UyY2cpUO/0IXgvVq1RCIJ/Q
CfNvXNmGFs8dvqKwpGlt3rHFm/hC7kNTPwiQoekuLe4oWXK5UzQuKoP3tRdh2/S2
iFzTaSRGFzod1tPiu7DOhpbMIze/AtDgfC6kLr2Awrk94QGkehwrPqEKZb9AWEve
wr4lf0U1e66i1oZA7WAsMeWgIzh9C+C0Tgs6ZXX26TmR7avJ/dAayxPHvaJb8ka3
juP3MEMhIuaJ4IE1Fi+SpQ3HTZe3vhb2zErxp5MxyBty2FFkYDOcW/IgszUobwpJ
CjZA0IbTBuefYopSOlVba7X3SLWDuRw/HE2ZHwX/XmvjcQThGaPHbxrxQVPU6oFI
uSxlYwzM+lehXvke8iq2
=MTNi
-----END PGP SIGNATURE-----
--- End Message ---