Your message dated Sat, 29 Nov 2014 16:19:16 +0000
with message-id <[email protected]>
and subject line Bug#770689: fixed in pycuda 2014.1-3
has caused the Debian Bug report #770689,
regarding python-pycuda: Insecure temporary file creation for kernel cache
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
770689: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770689
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-pycuda
Severity: grave
Tags: upstream security
Justification: user security hole
Dear Maintainer,
See https://github.com/inducer/pycuda/issues/54 for the upstream report of this
bug, which allows a local attacker to run arbitrary GPU code in the address
space of the victim's application. The link also contains a patch.
I happen to be running Ubuntu Trusty on the machine where I first discovered
this, but it presumably affects any UNIX system with a shared system temporary
directory.
-- System Information:
Debian Release: jessie/sid
APT prefers trusty-updates
APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500,
'trusty'), (100, 'trusty-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13.0-39-generic (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: pycuda
Source-Version: 2014.1-3
We believe that the bug you reported is fixed in the latest version of
pycuda, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tomasz Rybak <[email protected]> (supplier of updated pycuda package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 29 Nov 2014 11:56:04 +0100
Source: pycuda
Binary: python-pycuda python-pycuda-dbg python3-pycuda python3-pycuda-dbg
python-pycuda-doc
Architecture: source amd64 i386 all
Version: 2014.1-3
Distribution: unstable
Urgency: medium
Maintainer: Tomasz Rybak <[email protected]>
Changed-By: Tomasz Rybak <[email protected]>
Description:
python-pycuda - Python module to access Nvidia‘s CUDA parallel computation API
python-pycuda-dbg - Python module to access Nvidia‘s CUDA API (debug
extensions)
python-pycuda-doc - module to access Nvidia‘s CUDA computation API
(documentation)
python3-pycuda - Python 3 module to access Nvidia‘s CUDA parallel computation
API
python3-pycuda-dbg - Python 3 module to access Nvidia‘s CUDA API (debug
extensions)
Closes: 770689
Changes:
pycuda (2014.1-3) unstable; urgency=medium
.
* Add dependency to appdirs and use it to create cache directories
(Closes: #770689).
Checksums-Sha1:
f76b5256426389c1dbbbd215013654d5dfbc9974 2520 pycuda_2014.1-3.dsc
67dfa60c62fa4b47bcf84e76c83a291258f129f1 9068 pycuda_2014.1-3.debian.tar.xz
8951aabf3818022d4ec45c4a1662a43b5ed755ee 304682
python-pycuda_2014.1-3_amd64.deb
7b4b7faa54a373f6aef08fa0da3d0e0b3dc17f77 4466446
python-pycuda-dbg_2014.1-3_amd64.deb
711c5ed5c3aebdb32c077e013c40061f29a82aa9 306638
python3-pycuda_2014.1-3_amd64.deb
756e80e36a914152b6630448a9980ea17dc1c88d 4227392
python3-pycuda-dbg_2014.1-3_amd64.deb
04e0d8145d3810f0f28bab86adb02e7bfd9a6f8b 290830 python-pycuda_2014.1-3_i386.deb
240e05c5d89a394268015009a52f04efee5a6c3a 3833192
python-pycuda-dbg_2014.1-3_i386.deb
3813de52f4c7fb34a679a751f1ab68d4ce3a8e7a 295882
python3-pycuda_2014.1-3_i386.deb
457a946a7f3882eefcf04825785e16710a2fe61e 3865026
python3-pycuda-dbg_2014.1-3_i386.deb
1bdb201a404831b25ff18cc3d1a3d1d96c30a4ca 121238
python-pycuda-doc_2014.1-3_all.deb
Checksums-Sha256:
bb05b8cee84696f31f1cd7efb7d055743de2763ee91cca74e6ab6c4899408f9d 2520
pycuda_2014.1-3.dsc
f5312a5f591662b81723cd46cbc80c5af6dbb94ef6924a8506ae0780f27a4dcb 9068
pycuda_2014.1-3.debian.tar.xz
ca16eb9adb14ea9379c1705fd381c3e9388031223c58f40f54b8af67f5678330 304682
python-pycuda_2014.1-3_amd64.deb
cc2e5122fd49c90f0ccab0977b2e3dcd3805eec673bbad62048544b1de01ea4b 4466446
python-pycuda-dbg_2014.1-3_amd64.deb
705403069432fd30956221aac74170a1853de5b14f3b4b2c7fecb6d4674e3fb1 306638
python3-pycuda_2014.1-3_amd64.deb
29c468136f2475cb7d400ab37156895d15da9c871d8b678dfbc4ce953c72469c 4227392
python3-pycuda-dbg_2014.1-3_amd64.deb
fd0d0950bae13d67bb17fe667e05609102b44e4b21b78c42d964c0df4956f9d6 290830
python-pycuda_2014.1-3_i386.deb
c6894c6dc385f18f9bddf8756970ca65e56475c6be9459938d51acb863ae2d94 3833192
python-pycuda-dbg_2014.1-3_i386.deb
bb42b676c5a967925887c2604b20645485086cb062b8a2e5060da030a87cc087 295882
python3-pycuda_2014.1-3_i386.deb
1f22a828492f21bf0b669346a3f4409f9f4d3d3efaa93bab94c8c64022da0fcb 3865026
python3-pycuda-dbg_2014.1-3_i386.deb
d22ccaa27b9c7c511f994ae05367e43d665eb7f35f8084fa6e7bfb6a05621d04 121238
python-pycuda-doc_2014.1-3_all.deb
Files:
c33fc6da869f4fb9078a84b2d82d2958 2520 contrib/python optional
pycuda_2014.1-3.dsc
c98478ce857f929de8b5521ca1e9bdc1 9068 contrib/python optional
pycuda_2014.1-3.debian.tar.xz
ce0ba381cb2f51a9f332f8d8e8767f8c 304682 contrib/python optional
python-pycuda_2014.1-3_amd64.deb
d41b96b6b17e5356cf919b224e40537a 4466446 contrib/debug extra
python-pycuda-dbg_2014.1-3_amd64.deb
20bdbab60a23cabb6f145e5dae81139a 306638 contrib/python optional
python3-pycuda_2014.1-3_amd64.deb
02030832d7c2491f21e2f0efabb1ddd1 4227392 contrib/debug extra
python3-pycuda-dbg_2014.1-3_amd64.deb
ecd3efcfe4f75515834707d724a8be41 290830 contrib/python optional
python-pycuda_2014.1-3_i386.deb
7bdaa48f14ed00a9445c31acc030840c 3833192 contrib/debug extra
python-pycuda-dbg_2014.1-3_i386.deb
cdda0dccc9dbca6143b952eee0b38fba 295882 contrib/python optional
python3-pycuda_2014.1-3_i386.deb
9cf74b1c6c2708f8fd9e73cc897f0cad 3865026 contrib/debug extra
python3-pycuda-dbg_2014.1-3_i386.deb
c4e65f38c34cdfb41e9e87c44b27a227 121238 contrib/doc optional
python-pycuda-doc_2014.1-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUee+WAAoJEMZU+zMq1ZhgsgQP/2ptnYZ3ZUfg+iN63IfLFVbU
TIuyggeqdW1VByszvOtwRz82/nojmTqsu42B/q0CGa0Yf9zQMyALna1GwGga1q/I
nscBl0tZ7kFGiNnld1suxT6KBmV4xtVDsMgZ6lJ0+T/6PDnFwUoNO/KcaN2ZZNEJ
9AGOFowcxXOGfvMDAsZZYoRBfV7jykW8qbxD3gh2IWxzvwGwT+EwMNXjEwgAd5Uk
qO28MRsKGGyfzFnbY6w0gVPWIHjcZIfzkikk4Apmjm7jlSRGgrgs20m1+Vv/ztEx
8aeGHyi03CWhuZptD9PYMAJQH2wU7FmuplXklAAfnszeCYa8GhZaVvGbKRYgkByp
45PqZlg0WHmsksuNdFagOac1G1LYxgR835jl4AnJg1DKvgqPtWs9Rgm4mlL/pjuS
sma9MfumtoyzG5rhcO5OTz2hYPxmI1up39Za9qG+gaIJBHNuySVyR50F6vHlXAIA
oaV/+qOEKH/mQXVdhfEiSaS9vixPY3/GSV75xNUcyh2/et52BQieeVSKYfMrZBqW
Eqx6g9l0lKTSr8b2L/E7B0DFEUoEQi/bc/SwUvTp+hGtknPEyqDK8wf6gYWzHQSr
9WcvKcdVNu67SCOBJ6VmqsXbnzs0HYQrb62uYxb8kDR0M6vROjNPge0af2AaBjh2
TlIs8f3ujW+wTaYUDE84
=rHU0
-----END PGP SIGNATURE-----
--- End Message ---
