Bug#279680: marked as done (libc6: CAN-2004-0968 not fixed in woody)

To: GOTO Masanori <gotom@debian.or.jp>
Cc: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Subject: Bug#279680: marked as done (libc6: CAN-2004-0968 not fixed in woody)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 12 Jan 2005 20:03:06 -0800
Message-id: <[🔎] handler.279680.D279680.110558831832685.ackdone@bugs.debian.org>
In-reply-to: <814qhmrnoo.wl@omega.webmasters.gr.jp>
References: <814qhmrnoo.wl@omega.webmasters.gr.jp> <20041104161025.025A65F42@pleione.itp.uni-hannover.de>

Your message dated Thu, 13 Jan 2005 12:51:51 +0900
with message-id <814qhmrnoo.wl@omega.webmasters.gr.jp>
and subject line Bug#279680: Any progress on libc6: CAN-2004-0968 (woody) ?
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Nov 2004 16:10:43 +0000
>From kreutzm@itp.uni-hannover.de Thu Nov 04 08:10:43 2004
Return-path: <kreutzm@itp.uni-hannover.de>
Received: from mrelay3.uni-hannover.de [130.75.2.41] (root)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CPkCB-00064T-00; Thu, 04 Nov 2004 08:10:43 -0800
Received: from mail.itp.uni-hannover.de (mail.itp.uni-hannover.de [130.75.25.242])
	by mrelay3.uni-hannover.de (8.12.10/8.12.10) with ESMTP id iA4GAXlA005803
	for <submit@bugs.debian.org>; Thu, 4 Nov 2004 17:10:33 +0100 (MET)
Received: from pleione.itp.uni-hannover.de (pleione.itp.uni-hannover.de [130.75.25.99])
	by mail.itp.uni-hannover.de (Postfix) with ESMTP
	id 597FB2F081; Thu,  4 Nov 2004 17:10:26 +0100 (CET)
Received: by pleione.itp.uni-hannover.de (Postfix, from userid 237)
	id 025A65F42; Thu,  4 Nov 2004 17:10:25 +0100 (CET)
From: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libc6: CAN-2004-0968 not fixed in woody
X-Mailer: reportbug 1.50
Date: Thu, 04 Nov 2004 17:10:25 +0100
Message-Id: <20041104161025.025A65F42@pleione.itp.uni-hannover.de>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.2.2 (mrelay3.uni-hannover.de [130.75.2.41]); Thu, 04 Nov 2004 17:10:33 +0100 (MET)
X-Scanned-By: MIMEDefang 2.42
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: libc6
Version: 2.2.5-11.5
Severity: grave
Tags: woody, security
Justification: user security hole

I notice the Ubuntu Security USN-4-1 and did not find CAN-2004-0968 in
the "Non-Vulnerable" list. I looked at catchsegv as an example and
code like

segv_output=`basename "$prog"`.segv.$$

does not look secure to me. 

http://lwn.net/Alerts/108824/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-00968
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318




-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US


---------------------------------------
Received: (at 279680-done) by bugs.debian.org; 13 Jan 2005 03:51:58 +0000
>From gotom@debian.or.jp Wed Jan 12 19:51:58 2005
Return-path: <gotom@debian.or.jp>
Received: from omega.webmasters.gr.jp (webmasters.gr.jp) [218.44.239.78] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Cow1e-0008Un-00; Wed, 12 Jan 2005 19:51:58 -0800
Received: from omega.webmasters.gr.jp (localhost [127.0.0.1])
	by webmasters.gr.jp (Postfix) with ESMTP
	id 9ED19DEB4B; Thu, 13 Jan 2005 12:51:51 +0900 (JST)
Date: Thu, 13 Jan 2005 12:51:51 +0900
Message-ID: <814qhmrnoo.wl@omega.webmasters.gr.jp>
From: GOTO Masanori <gotom@debian.or.jp>
To: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>,
	Martin Pitt <mpitt@debian.org>, Martin Schulze <joey@infodrom.org>,
	279680-done@bugs.debian.org
Subject: Re: Bug#279680: Any progress on libc6: CAN-2004-0968 (woody) ?
In-Reply-To: <20041218152435.GA13518@itp.uni-hannover.de>
References: <20041218152435.GA13518@itp.uni-hannover.de>
User-Agent: Wanderlust/2.9.9 (Unchained Melody) SEMI/1.14.3 (Ushinoya)
 FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.2
 (i386-debian-linux-gnu) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=US-ASCII
Delivered-To: 279680-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

At Sat, 18 Dec 2004 16:24:35 +0100,
Helge Kreutzmann wrote:
> on 25 of November a patch for woody was posted, and since then no
> further messages are recorded. What is the status of this security
> issue ?

Recently Martin Schulze in security team worked for this issue.
Thanks to all guys for handling this security problem.
Now I close this bug.

Regards,
-- gotom

Reply to:

Prev by Date: Bug#289905: marked as done (libc6: why deb package rebuild the whole cache at each install)
Next by Date: Re: valgrind: doesn't start (cannot allocate memory)
Previous by thread: Bug#290212: Improper copyright file
Next by thread: Re: valgrind: doesn't start (cannot allocate memory)
Index(es):
- Date
- Thread