Your message dated Fri, 11 Jan 2013 17:15:50 +0100 with message-id <20130111161550.GA17037@elende> and subject line Re: [htcondor-debian] Bug#697936: condor: CVE-2012-5390: possible privilege escalation has caused the Debian Bug report #697936, regarding condor: CVE-2012-5390: possible privilege escalation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 697936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: condor Severity: grave Tags: security Justification: user security hole -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, the following vulnerability was published for condor. CVE-2012-5390[0]: Possible privilege escalation This is mentioned on the stable release series notes[1] as well as the development release series[2]. Should be fixed in 7.8.6 and 7.9.1, so wheezy and unstable might be affected. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2012-5390 [1] http://research.cs.wisc.edu/htcondor/manual/v7.8/9_3Stable_Release.html [2] http://research.cs.wisc.edu/htcondor/manual/v7.9/9_3Development_Release.html [3] https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3268 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ8CLbAAoJEHidbwV/2GP+rMMP/2LDnVx6ZrxE7Tqf6rEVs/GD uz0e6LarP8uJRhEqBoyBjiMtVukyLdRtVY3yCvY/CnpA6rl4eyGAjb69nJHesXiA Tbj0j4txv61lak4VlDEqeP+ZtGo+bl+VSM1RKIpYcMNMS5niHDMUiaPGY6r+d3xP f9whMv6lHk+S9n24crohL7jH3S8S6Sir+/fQutPXfBeHPw48r2zSAL8M1mTYLD1L cJLw88lomP8WdJm/i8Ox/d8jkb9rynpFtWVa116XI/2KWyIIHLlvdCxXVKcrHCGm dL3Wid1Cn5xeGpj9q5QbRqCPbWgJKcO5paxqH3e8uKR79gtWYXrPCMWRzKIe0O4k BYP2b6REGBu3ZYoroqtZZcRe4qCbWzVDnjWM1uxEcxDNfnQhxSrq0MjU5ks/Jpdk /eIAZU0PBcLdck2tHNkhwsgXts6j0XH6ggOUDUvXU1BC4bfPI8+4qphiPpcJySbl a6A07LvMwKakq96xAgaA6LN0gFuvzqhb+ZpTNV0k/qJxX1YelN6aEpBMHnpb+WfI eO65hpEKtvr3tEA7SKVwn+Ci4jTbXebWTVMMGr5OqIddpDYEW161CD0/6ojnxZH6 zoqZ3E2Z/7y44JFv2+bhCqbUf1MjS1E2npa/OdajQb0mf+WcBw3EIHyAnqyuNOiy 9o9zaQ6vrdGInUONlw1C =jnzW -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Hi Jaime On Fri, Jan 11, 2013 at 10:03:45AM -0600, Jaime Frey wrote: > On Jan 11, 2013, at 8:45 AM, Salvatore Bonaccorso <car...@debian.org> wrote: > > > Hi > > > > I have submitted this as grave severity, but could you double check if > > this is actually a problem for condor in Debian? > > > > [1]: > > http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html > > > > Regards, > > Salvatore > > > This security vulnerability only affects Condor's standard universe, > which is disabled in the Debian package. Thus, the Debian package of > Condor is unaffected. Thank you. I'm updating the security-tracker marking it as not-affecting Debian then. This bug can be closed then. Regards, Salvatoresignature.asc
Description: Digital signature
--- End Message ---