Your message dated Wed, 09 Feb 2011 00:47:10 +0000
with message-id <e1pmyd8-0007w3...@franck.debian.org>
and subject line Bug#610034: fixed in libuser 1:0.56.9.dfsg.1-1.1
has caused the Debian Bug report #610034,
regarding CVE-2011-0002: libuser creates LDAP users with a default password
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
610034: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610034
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libuser
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0002 for
a description and patch. I'm not really sure if Debian is affected?
Cheers,
Moritz
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: libuser
Source-Version: 1:0.56.9.dfsg.1-1.1
We believe that the bug you reported is fixed in the latest version of
libuser, which is due to be installed in the Debian FTP archive:
libuser1-dev_0.56.9.dfsg.1-1.1_amd64.deb
to main/libu/libuser/libuser1-dev_0.56.9.dfsg.1-1.1_amd64.deb
libuser1_0.56.9.dfsg.1-1.1_amd64.deb
to main/libu/libuser/libuser1_0.56.9.dfsg.1-1.1_amd64.deb
libuser_0.56.9.dfsg.1-1.1.diff.gz
to main/libu/libuser/libuser_0.56.9.dfsg.1-1.1.diff.gz
libuser_0.56.9.dfsg.1-1.1.dsc
to main/libu/libuser/libuser_0.56.9.dfsg.1-1.1.dsc
libuser_0.56.9.dfsg.1-1.1_amd64.deb
to main/libu/libuser/libuser_0.56.9.dfsg.1-1.1_amd64.deb
python-libuser_0.56.9.dfsg.1-1.1_amd64.deb
to main/libu/libuser/python-libuser_0.56.9.dfsg.1-1.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 610...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <ani...@debian.org> (supplier of updated libuser
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 09 Feb 2011 11:22:30 +1100
Source: libuser
Binary: libuser libuser1-dev libuser1 python-libuser
Architecture: source amd64
Version: 1:0.56.9.dfsg.1-1.1
Distribution: unstable
Urgency: low
Maintainer: Ghe Rivero <g...@debian.org>
Changed-By: Anibal Monsalve Salazar <ani...@debian.org>
Description:
libuser - user and group account administration library
libuser1 - user and group account administration library (shared libraries)
libuser1-dev - user and group account administration library (development
files)
python-libuser - user and group account administration library (development
files)
Closes: 610034
Changes:
libuser (1:0.56.9.dfsg.1-1.1) unstable; urgency=low
.
* Non-maintainer upload.
* Fix CVE-2011-0002
Mark the LDAP default password value as encrypted
Patch taken from libuser-0.56.18-3.fc14.src.rpm
Add 02libuser-0.56.18-default-pw.dpatch
Closes: 610034
* Fix binary-or-shlib-defines-rpath
Checksums-Sha1:
fb9978e4401cba8c49e685d4d9afc9dbafdd9543 1883 libuser_0.56.9.dfsg.1-1.1.dsc
698d942342c1a490413b13bf867a4b520299f42f 8396 libuser_0.56.9.dfsg.1-1.1.diff.gz
8c095495f7ea8238ed68e2a6bd2bedc327e15e46 398378
libuser_0.56.9.dfsg.1-1.1_amd64.deb
128b3bd163a953b758f09114fcb381b4934d2ada 30756
libuser1-dev_0.56.9.dfsg.1-1.1_amd64.deb
aa8c7146b1902380284526b446ebb42b4a4e7db1 92178
libuser1_0.56.9.dfsg.1-1.1_amd64.deb
c101af7de46da08337ef5c7a8ed7b73dd8a839b3 61770
python-libuser_0.56.9.dfsg.1-1.1_amd64.deb
Checksums-Sha256:
d52c419d8a4ecfaed9af77fc8c6d6cbf1e47d8859d26a984856766df7fc2a2d8 1883
libuser_0.56.9.dfsg.1-1.1.dsc
2aac89f1dffda71eb8a462a9d7104ed51a28c50ac6a19b9dd22950b4e0493b6a 8396
libuser_0.56.9.dfsg.1-1.1.diff.gz
fba459f71a6d840040b60f110d37a560a0e5d1362887a623eab39cc923a782ef 398378
libuser_0.56.9.dfsg.1-1.1_amd64.deb
869422bdf4f8b0dddf46074079b3bcbb11783bdcdb65c319dbba0c475630209e 30756
libuser1-dev_0.56.9.dfsg.1-1.1_amd64.deb
9e28ab55438bcec0018d21dbcc7ee4a2dd7322bdead6a7e628bc0b26bc90230b 92178
libuser1_0.56.9.dfsg.1-1.1_amd64.deb
534d780ee129d661de3d856a2be69b6b546413ff6a921bd1d26da1e1df49f0df 61770
python-libuser_0.56.9.dfsg.1-1.1_amd64.deb
Files:
7dab460da748343df54596d4d68ec455 1883 admin optional
libuser_0.56.9.dfsg.1-1.1.dsc
999d6cb31851208e897a6c422a967bc8 8396 admin optional
libuser_0.56.9.dfsg.1-1.1.diff.gz
47da39e511800a677fe1c41788c01cad 398378 admin optional
libuser_0.56.9.dfsg.1-1.1_amd64.deb
316f7f2fec78ed1e6e889ad640c2ecd3 30756 libdevel optional
libuser1-dev_0.56.9.dfsg.1-1.1_amd64.deb
8cd952248fc6d7f84eb25497f449e2f9 92178 libs optional
libuser1_0.56.9.dfsg.1-1.1_amd64.deb
3f658f211cdd61ca58eba735c461bfc2 61770 admin optional
python-libuser_0.56.9.dfsg.1-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJNUeDTAAoJEHxWrP6UeJfYqHYP/jB76wpWaOg1e89NFtJDAVxk
mWIR8YkrRRVO4ieNqgONn5q4GiLsJ4MFXug6YX6XbNvERTX/nVeiEUfS+xylnBzf
6NKIpWWzKdKJMHcfHr1xHVauVQ/3memr4Gepq9DAVlebxx9c7HN6k8QXQeta0QCH
e8tjgQuZ8NYhBYLYavSWq2BL68zjbKdhUDxMpjpRe/e2QovAJIih0HsT+hresK0e
rgrP+ihCH4X0aGTQH+ShDGxVIqkdg4sjzUiLytGpNCmcptPuGBudsZ4qMcbPouS3
QuHvFxhcFWjpz2W0h8f16ZE/oGAExvpavvaaoS5rHl7fuU9OsLoDMaka2rm+Z/US
1G563ogbhRo7ZSIw6Qu5OzJERub7MR6nF7KUu6ACR+BbHhuJsFlJtThJrmZc6MS1
lcCSLIGA+dtC+RuxP/qbcFupesMwtqfyORU2+9H3E38SuoX5+WNvVtY94+ZNpcfu
ccIYIF1wLD978t+v4O8sdLKCnorGIR6zisJWsaaH0xRfJvmrgHul/ctaLkLXSxOL
JY0mnzpXHB4rHRu/sv3iec5oZTRPv+Z5lkIM6ONZ9kAAfkd5rcpT4O78aWlmzR0j
HPjvPdQsmRWfSfHXMtsl3e5LMKMvUA8LZ5xAm1AHVOfxYdfblYH3EwOqORjZcwax
9lz5bvKwnUqMX8zLzv5k
=olCZ
-----END PGP SIGNATURE-----
--- End Message ---