Your message dated Wed, 04 Feb 2009 17:47:04 +0000
with message-id <[email protected]>
and subject line Bug#513513: fixed in gedit 2.22.3-2
has caused the Debian Bug report #513513,
regarding CVE-2009-0314: Untrusted search path vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
513513: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513513
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gedit
Severity: important
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gedit.
CVE-2009-0314[0]:
| Untrusted search path vulnerability in the Python module in gedit
| allows local users to execute arbitrary code via a Trojan horse Python
| file in the current working directory, related to a vulnerability in
| the PySys_SetArgv function (CVE-2008-5983).
There are more information in the redhat bugreport[1] including a
patch[2].
For stable, this issue could be fixed via stable-proposed-updates. It
seems that the vulnerable function is gedit_python_module_init_python().
For lenny, it could be fixed via migration from unstable.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0314
http://security-tracker.debian.net/tracker/CVE-2009-0314
[1] https://bugzilla.redhat.com/show_bug.cgi?id=481556
[2] https://bugzilla.redhat.com/attachment.cgi?id=330031
--- End Message ---
--- Begin Message ---
Source: gedit
Source-Version: 2.22.3-2
We believe that the bug you reported is fixed in the latest version of
gedit, which is due to be installed in the Debian FTP archive:
gedit-common_2.22.3-2_all.deb
to pool/main/g/gedit/gedit-common_2.22.3-2_all.deb
gedit-dev_2.22.3-2_all.deb
to pool/main/g/gedit/gedit-dev_2.22.3-2_all.deb
gedit_2.22.3-2.diff.gz
to pool/main/g/gedit/gedit_2.22.3-2.diff.gz
gedit_2.22.3-2.dsc
to pool/main/g/gedit/gedit_2.22.3-2.dsc
gedit_2.22.3-2_amd64.deb
to pool/main/g/gedit/gedit_2.22.3-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Josselin Mouette <[email protected]> (supplier of updated gedit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 04 Feb 2009 16:34:44 +0100
Source: gedit
Binary: gedit gedit-common gedit-dev
Architecture: source all amd64
Version: 2.22.3-2
Distribution: unstable
Urgency: low
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Josselin Mouette <[email protected]>
Description:
gedit - official text editor of the GNOME desktop environment
gedit-common - official text editor of the GNOME desktop environment (support
fi
gedit-dev - official text editor of the GNOME desktop environment (developmen
Closes: 513513
Changes:
gedit (2.22.3-2) unstable; urgency=low
.
[ Loic Minier ]
* Replace homepage pseudo-field in description with a real source field in
control.
* Add note that dh_pysupport call should be made package specific or moved
to a different target.
.
[ Josselin Mouette ]
* debian/patches/02_python_path.patch: new patch. Pass GEDIT_PLUGINDIR
to PySys_SetArgv as a big hackish workaround to CVE-2009-0314.
Closes: #513513.
Checksums-Sha1:
199dee7ba6ca849659fef666ebb93bcaa495dc45 1708 gedit_2.22.3-2.dsc
52231ef18e8d3e41b687f7d822fa69ce39081268 14662 gedit_2.22.3-2.diff.gz
9777ee5eb1b161c9c195ae080046c5872eb32651 4046440 gedit-common_2.22.3-2_all.deb
0d4181f9a4a7eda04e2338efec532fd9201ca414 140150 gedit-dev_2.22.3-2_all.deb
3f3cb38f86eca5cd618acd60a1a6cf8fd5b1cb03 845292 gedit_2.22.3-2_amd64.deb
Checksums-Sha256:
3edce216cb0114fb7b1eb8967a148a085ec6721a423b656842db35a47e6dcc5f 1708
gedit_2.22.3-2.dsc
25551f5fa3bdbe1a771b6e3f6e36c21ad9bd5b9378ddea75970afa5e7ddc66f6 14662
gedit_2.22.3-2.diff.gz
b35537400fa4a1810b1263de7c72a7ad77809949a82392209219eae9b5e32010 4046440
gedit-common_2.22.3-2_all.deb
a860349fab6f6e749f6ce68a84405861a042efe6557cba9a6a3140e24299ba2b 140150
gedit-dev_2.22.3-2_all.deb
374ef7eaece565a65b06096f812476ec2063752e4bbbd011eb1ff12258bf8e94 845292
gedit_2.22.3-2_amd64.deb
Files:
d5e888fe65ea25331df1f57e0085130e 1708 gnome optional gedit_2.22.3-2.dsc
4a1d7eeb8a9d5392fc95bc8aae1934d6 14662 gnome optional gedit_2.22.3-2.diff.gz
625dc2db57d1bd1e3739d151f115957a 4046440 gnome optional
gedit-common_2.22.3-2_all.deb
941e1088cbcd7b2b946646dc9d38f246 140150 devel optional
gedit-dev_2.22.3-2_all.deb
79d173ed45c88d8f041e6dbeca7bd691 845292 gnome optional gedit_2.22.3-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJibq1rSla4ddfhTMRAsZYAKDcfRnJq7ojxTp/6Z0kFZzlwG7Z+ACcCRet
Wxl/g6HdiQm05tVSr6us1yk=
=kjqI
-----END PGP SIGNATURE-----
--- End Message ---
