Your message dated Fri, 30 Jul 2010 18:17:40 +0000
with message-id <[email protected]>
and subject line Bug#590303: fixed in xemacs21 21.4.22-3.1
has caused the Debian Bug report #590303,
regarding emacs22: CVE-2010-0825 movemail vulnerable to symlink attacks due to
race condition
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
590303: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590303
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: emacs22
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for emacs22.
CVE-2010-0825[0]:
| lib-src/movemail.c in movemail in emacs 22 and 23 allows local users
| to read, modify, or delete arbitrary mailbox files via a symlink
| attack, related to improper file-permission checks.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0825
http://security-tracker.debian.org/tracker/CVE-2010-0825
--
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
pgpF7u1JiWGLZ.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: xemacs21
Source-Version: 21.4.22-3.1
We believe that the bug you reported is fixed in the latest version of
xemacs21, which is due to be installed in the Debian FTP archive:
xemacs21-bin_21.4.22-3.1_amd64.deb
to main/x/xemacs21/xemacs21-bin_21.4.22-3.1_amd64.deb
xemacs21-gnome-mule-canna-wnn_21.4.22-3.1_amd64.deb
to main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.22-3.1_amd64.deb
xemacs21-gnome-mule_21.4.22-3.1_amd64.deb
to main/x/xemacs21/xemacs21-gnome-mule_21.4.22-3.1_amd64.deb
xemacs21-gnome-nomule_21.4.22-3.1_amd64.deb
to main/x/xemacs21/xemacs21-gnome-nomule_21.4.22-3.1_amd64.deb
xemacs21-mule-canna-wnn_21.4.22-3.1_amd64.deb
to main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.22-3.1_amd64.deb
xemacs21-mule_21.4.22-3.1_amd64.deb
to main/x/xemacs21/xemacs21-mule_21.4.22-3.1_amd64.deb
xemacs21-nomule_21.4.22-3.1_amd64.deb
to main/x/xemacs21/xemacs21-nomule_21.4.22-3.1_amd64.deb
xemacs21-support_21.4.22-3.1_all.deb
to main/x/xemacs21/xemacs21-support_21.4.22-3.1_all.deb
xemacs21-supportel_21.4.22-3.1_all.deb
to main/x/xemacs21/xemacs21-supportel_21.4.22-3.1_all.deb
xemacs21_21.4.22-3.1.diff.gz
to main/x/xemacs21/xemacs21_21.4.22-3.1.diff.gz
xemacs21_21.4.22-3.1.dsc
to main/x/xemacs21/xemacs21_21.4.22-3.1.dsc
xemacs21_21.4.22-3.1_all.deb
to main/x/xemacs21/xemacs21_21.4.22-3.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[email protected]> (supplier of updated xemacs21 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 27 Jul 2010 14:27:11 +0200
Source: xemacs21
Binary: xemacs21 xemacs21-mule xemacs21-nomule xemacs21-mule-canna-wnn
xemacs21-bin xemacs21-support xemacs21-supportel xemacs21-gnome-mule
xemacs21-gnome-nomule xemacs21-gnome-mule-canna-wnn
Architecture: source all amd64
Version: 21.4.22-3.1
Distribution: unstable
Urgency: high
Maintainer: OHURA Makoto <[email protected]>
Changed-By: Nico Golde <[email protected]>
Description:
xemacs21 - highly customizable text editor
xemacs21-bin - highly customizable text editor -- support binaries
xemacs21-gnome-mule - highly customizable text editor -- transitional package
xemacs21-gnome-mule-canna-wnn - highly customizable text editor --
transitional package
xemacs21-gnome-nomule - highly customizable text editor -- transitional package
xemacs21-mule - highly customizable text editor -- Mule binary
xemacs21-mule-canna-wnn - highly customizable text editor -- Mule binary
compiled with Cann
xemacs21-nomule - highly customizable text editor -- Non-mule binary
xemacs21-support - highly customizable text editor -- architecture independent
suppo
xemacs21-supportel - highly customizable text editor -- non-required library
files
Closes: 590303
Changes:
xemacs21 (21.4.22-3.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix race conditions in lib-src/movemail.c which may be exploited by
other users in the mail group to read/delete/modify mailboxes.
Ported patch from Dan Rosenberg to xemacs21
(11_CVE-2010-0825.dpatch; Closes: #590303).
Checksums-Sha1:
abdc0eb1885c2ad6cc6efd4a6d5aa6f3ea25db6c 1570 xemacs21_21.4.22-3.1.dsc
4b786302d7d50e5102193b55bb4fbcbc73ceda86 53396 xemacs21_21.4.22-3.1.diff.gz
c64c698a2bd037fbc6728120b38cf145a3d9e9b8 15786 xemacs21_21.4.22-3.1_all.deb
27b32d9f8a0b3a70dfe99ac69eba621126ae9e57 1322950
xemacs21-supportel_21.4.22-3.1_all.deb
5c18e064ec6adb568053a595c2c326abf4dd5cee 4714742
xemacs21-support_21.4.22-3.1_all.deb
e6b9a00b5c37080eadb437a25d7f6122bf721cd6 2037360
xemacs21-nomule_21.4.22-3.1_amd64.deb
0ad330726900abfc0b9b2e2aa56b6e78c42b6de9 2271444
xemacs21-mule_21.4.22-3.1_amd64.deb
025cdc34eb06ff73ee172ada67bad22425f69538 2368092
xemacs21-mule-canna-wnn_21.4.22-3.1_amd64.deb
74ec033077663873273e7f2a3f6ef56dbea74d77 898
xemacs21-gnome-nomule_21.4.22-3.1_amd64.deb
476e523d866b9e00a042171f6e8891504ab3651a 894
xemacs21-gnome-mule_21.4.22-3.1_amd64.deb
413b625e2a40025e09c484ba556b326f9157ab6d 908
xemacs21-gnome-mule-canna-wnn_21.4.22-3.1_amd64.deb
bc191a28182a85707107470a55829004daae9d45 528334
xemacs21-bin_21.4.22-3.1_amd64.deb
Checksums-Sha256:
3a4a98b57086af5e23c0e9771ec5ac4c4374853aa8c19d5d04db59e547143aaf 1570
xemacs21_21.4.22-3.1.dsc
a46c2ae9d0da7c5426af56a486dc209cf7cb634ee9abd4f41621dc366071b117 53396
xemacs21_21.4.22-3.1.diff.gz
cf0f9529eba7e2aa6c327119baab1e188bc19449167633a9d67c181453694fee 15786
xemacs21_21.4.22-3.1_all.deb
03198ddb0f5c206ce9956930e66558b9d46e9077a1b842519c87d97aa4c5570f 1322950
xemacs21-supportel_21.4.22-3.1_all.deb
1713f9850a8666fc6ea6d6b3df5eadd002572fba98de6b44658fa2220dea782d 4714742
xemacs21-support_21.4.22-3.1_all.deb
330e988349f8e7ee0eed7c903ca43d39010ab294034214f17e7e061cf308d4d1 2037360
xemacs21-nomule_21.4.22-3.1_amd64.deb
f38163ef814a3b7d0af399791383ed446a7789837a6fde49ae195079f39fbe58 2271444
xemacs21-mule_21.4.22-3.1_amd64.deb
3d4e7e066dd8cfbf5f4de3250262956e2cbc731525e819892d89fb8b592238fb 2368092
xemacs21-mule-canna-wnn_21.4.22-3.1_amd64.deb
e4657564ab6f63872aa1d535c1b734ca3ce5560002d56b89cb730b86774168c7 898
xemacs21-gnome-nomule_21.4.22-3.1_amd64.deb
943332bed6e41fae26a5b36cd5ddbf4f5565bfeef7406b0e3243cfef6ce7b059 894
xemacs21-gnome-mule_21.4.22-3.1_amd64.deb
8f72c52f930ce0bb0584fbd5c86769138ccef79fb093ba78e52fd11f4e8647f8 908
xemacs21-gnome-mule-canna-wnn_21.4.22-3.1_amd64.deb
21a337d0e653cf5c04c8d07c48e59f6b349b7c87af1ead3ad495bd08825b5874 528334
xemacs21-bin_21.4.22-3.1_amd64.deb
Files:
c8e88cdb3486f50fd59457ea83c8ecff 1570 editors optional xemacs21_21.4.22-3.1.dsc
6b294a25965e682bf1d329ae4f0e9f82 53396 editors optional
xemacs21_21.4.22-3.1.diff.gz
2c5849fce2b3cff857af927ab11e7488 15786 editors optional
xemacs21_21.4.22-3.1_all.deb
3525fc2a727645aa8af3865399dbd6cb 1322950 editors optional
xemacs21-supportel_21.4.22-3.1_all.deb
0b8788180a076ad4ff4fea221a5bdaf7 4714742 editors optional
xemacs21-support_21.4.22-3.1_all.deb
4ea37c71d079b0e7770a9cc176975537 2037360 editors optional
xemacs21-nomule_21.4.22-3.1_amd64.deb
0394aed228e7c46ce4450abd6b786f18 2271444 editors optional
xemacs21-mule_21.4.22-3.1_amd64.deb
c67ff88a0b2ad4d84141ebe82753db67 2368092 editors optional
xemacs21-mule-canna-wnn_21.4.22-3.1_amd64.deb
a755e6ff45162fec6b2d312be896510b 898 gnome optional
xemacs21-gnome-nomule_21.4.22-3.1_amd64.deb
2ebe8368089b800905b0d1282be95130 894 gnome optional
xemacs21-gnome-mule_21.4.22-3.1_amd64.deb
119edcdfadb39884c3ca1bffef35ebb0 908 gnome optional
xemacs21-gnome-mule-canna-wnn_21.4.22-3.1_amd64.deb
18b9e4156c7ce61ed104d7eea6d7ccd1 528334 editors optional
xemacs21-bin_21.4.22-3.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxQbKUACgkQHYflSXNkfP9yzACgrxzT73mrNZaxAlFy0lAHrr/U
OeYAn1Q+WwuaQXNF5lDu5uNDun68Tzgw
=YbW2
-----END PGP SIGNATURE-----
--- End Message ---
