[Bug 1058277] Re: Sync condor 7.8.2~dfsg.1-1+deb7u1 (universe) from Debian unstable (main)

Logan Rosen 1058277 at bugs.launchpad.net
Fri Sep 28 19:04:02 UTC 2012 

** Attachment added: "buildlog"
   https://bugs.launchpad.net/ubuntu/+source/condor/+bug/1058277/+attachment/3352961/+files/last_operation.log

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3493

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3491

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3492

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3490

** This bug has been flagged as a security vulnerability

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1058277

Title:
  Sync condor 7.8.2~dfsg.1-1+deb7u1 (universe) from Debian unstable
  (main)

Status in “condor” package in Ubuntu:
  New

Bug description:
  Please sync condor 7.8.2~dfsg.1-1+deb7u1 (universe) from Debian
  unstable (main)

  Changelog entries since current quantal version 7.8.2~dfsg.1-1:

  condor (7.8.2~dfsg.1-1+deb7u1) unstable; urgency=high

    * Security update. This release addresses four CVE issues (Closes: #688210):
      - Security Item: Some code that was no longer used was removed. The presence
        of this code could expose information which would allow an attacker to
        control another user's job. (CVE-2012-3493)
      - Security Item: Some code that was no longer used was removed. The presence
        of this code could have lead to a Denial-of-Service attack which would
        allow an attacker to remove another user's idle job. (CVE-2012-3491)
      - Security Item: Filesystem (FS) authentication was improved to check the
        UNIX permissions of the directory used for authentication. Without this,
        an attacker may have been able to impersonate another submitter on the
        same submit machine. (CVE-2012-3492)
      - Security item: Check setuid return value (CVE-2012-3490)

   -- Michael Hanke <mih at debian.org>  Wed, 26 Sep 2012 16:10:17 +0200

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/condor/+bug/1058277/+subscriptions

More information about the Ubuntu-sponsors mailing list