Bug#559814: hamlib: stable-security fix CVE-2009-3736
Hi Kamal, On Thu, 2010-12-02 at 12:58 +0100, Nico Golde wrote: This issue doesn't warrant a DSA. Could you please upload this to stable-proposed-updates[0]? Cheers Nico [0] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable I see that the updated package has now been uploaded. At first glance the diff looks okay, but for any future uploads please bear in mind the Developers Reference section which Nico mentioned above, specifically the request to discuss the upload on debian-release first and to ensure that the SRMs are happy with the patch before uploading. Thanks for your work on fixing this issue. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#559814: hamlib: stable-security fix CVE-2009-3736
Hi, * Kamal Mostafa ka...@whence.com [2010-12-02 03:07]: Dear security team- I'm the DM maintainer for the package 'hamlib' (I am also currently working through the of becoming a DD). Regarding this bug (a mass-filed CVE against libtool): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559814 CVE-2009-3736 local privilege escalation I fixed this problem for hamlib in unstable (and upstream) some time ago. I have now constructed a fix package for hamlib in stable, for which I ask permission to upload to stable-security. The fix package has been reviewed by Gunnar Wolf, who has kindly agreed to upload it pending approval. [...] This issue doesn't warrant a DSA. Could you please upload this to stable-proposed-updates[0]? Cheers Nico [0] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpeEh3rpqbKb.pgp Description: PGP signature
Bug#559814: hamlib: stable-security fix CVE-2009-3736
Dear security team- I'm the DM maintainer for the package 'hamlib' (I am also currently working through the of becoming a DD). Regarding this bug (a mass-filed CVE against libtool): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559814 CVE-2009-3736 local privilege escalation I fixed this problem for hamlib in unstable (and upstream) some time ago. I have now constructed a fix package for hamlib in stable, for which I ask permission to upload to stable-security. The fix package has been reviewed by Gunnar Wolf, who has kindly agreed to upload it pending approval. The affected package in stable (lenny) is hamlib (1.2.7.1-1) My fix package bears the following changelog entry, which explains the changes. Note also that I updated the Maintainer/Uploaders/DM-Upload-Allowed fields to reflect the current maintainer status for this package. hamlib (1.2.7.1-1+lenny1) stable-security; urgency=high * Fix CVE-2009-3736 local privilege escalation (Closes: #559814): - Use system libltdl not old internal copy - Build-depend on libltdl3-dev - configure, Makefile.am: skip internal libltdl build * New maintainer: Kamal Mostafa ka...@whence.com (Closes: #556098). I have built and tested this fix on a fresh lenny system. For your review, here is the debdiff (minus the re-generated files configure and Makefile.in): http://www.whence.com/debian/proposed/hamlib+lenny1/hamlib+lenny1.patch My fix packages are available here: http://www.whence.com/debian/proposed/hamlib+lenny1 Thanks, -Kamal signature.asc Description: This is a digitally signed message part