Your message dated Fri, 11 Jan 2013 17:15:50 +0100
with message-id <20130111161550.GA17037@elende>
and subject line Re: [htcondor-debian] Bug#697936: condor: CVE-2012-5390:
possible privilege escalation
has caused the Debian Bug report #697936,
regarding condor: CVE-2012-5390: possible privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
697936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697936
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: condor
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
the following vulnerability was published for condor.
CVE-2012-5390[0]:
Possible privilege escalation
This is mentioned on the stable release series notes[1] as well as the
development release series[2]. Should be fixed in 7.8.6 and 7.9.1, so
wheezy and unstable might be affected.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2012-5390
[1] http://research.cs.wisc.edu/htcondor/manual/v7.8/9_3Stable_Release.html
[2] http://research.cs.wisc.edu/htcondor/manual/v7.9/9_3Development_Release.html
[3] https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3268
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ8CLbAAoJEHidbwV/2GP+rMMP/2LDnVx6ZrxE7Tqf6rEVs/GD
uz0e6LarP8uJRhEqBoyBjiMtVukyLdRtVY3yCvY/CnpA6rl4eyGAjb69nJHesXiA
Tbj0j4txv61lak4VlDEqeP+ZtGo+bl+VSM1RKIpYcMNMS5niHDMUiaPGY6r+d3xP
f9whMv6lHk+S9n24crohL7jH3S8S6Sir+/fQutPXfBeHPw48r2zSAL8M1mTYLD1L
cJLw88lomP8WdJm/i8Ox/d8jkb9rynpFtWVa116XI/2KWyIIHLlvdCxXVKcrHCGm
dL3Wid1Cn5xeGpj9q5QbRqCPbWgJKcO5paxqH3e8uKR79gtWYXrPCMWRzKIe0O4k
BYP2b6REGBu3ZYoroqtZZcRe4qCbWzVDnjWM1uxEcxDNfnQhxSrq0MjU5ks/Jpdk
/eIAZU0PBcLdck2tHNkhwsgXts6j0XH6ggOUDUvXU1BC4bfPI8+4qphiPpcJySbl
a6A07LvMwKakq96xAgaA6LN0gFuvzqhb+ZpTNV0k/qJxX1YelN6aEpBMHnpb+WfI
eO65hpEKtvr3tEA7SKVwn+Ci4jTbXebWTVMMGr5OqIddpDYEW161CD0/6ojnxZH6
zoqZ3E2Z/7y44JFv2+bhCqbUf1MjS1E2npa/OdajQb0mf+WcBw3EIHyAnqyuNOiy
9o9zaQ6vrdGInUONlw1C
=jnzW
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Hi Jaime
On Fri, Jan 11, 2013 at 10:03:45AM -0600, Jaime Frey wrote:
> On Jan 11, 2013, at 8:45 AM, Salvatore Bonaccorso <car...@debian.org> wrote:
>
> > Hi
> >
> > I have submitted this as grave severity, but could you double check if
> > this is actually a problem for condor in Debian?
> >
> > [1]:
> > http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html
> >
> > Regards,
> > Salvatore
>
>
> This security vulnerability only affects Condor's standard universe,
> which is disabled in the Debian package. Thus, the Debian package of
> Condor is unaffected.
Thank you. I'm updating the security-tracker marking it as
not-affecting Debian then.
This bug can be closed then.
Regards,
Salvatore
signature.asc
Description: Digital signature
--- End Message ---
