Back to libuser PTS page

Accepted libuser 1:0.56.9.dfsg.1-1.2+deb7u1 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libuser 1:0.56.9.dfsg.1-1.2+deb7u1 (source amd64) into oldstable
From: dak@security.debian.org
Date: Thu, 12 May 2016 15:50:13 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1b0ssP-000766-0G@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 12 May 2016 14:10:52 +0200
Source: libuser
Binary: libuser libuser1-dev libuser1 python-libuser
Architecture: source amd64
Version: 1:0.56.9.dfsg.1-1.2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Ghe Rivero <ghe@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 libuser    - user and group account administration library
 libuser1   - user and group account administration library (shared libraries)
 libuser1-dev - user and group account administration library (development files)
 python-libuser - user and group account administration library (development files)
Changes: 
 libuser (1:0.56.9.dfsg.1-1.2+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2015-3245 and CVE-2015-3246.
   * CVE-2015-3245:
     Incomplete blacklist vulnerability in the chfn function in libuser before
     0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the
     usermode package, allows local users to cause a denial of service
     (/etc/passwd corruption) via a newline character in the GECOS field.
   * CVE-2015-3246:
     libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper
     program in the usermode package, directly modifies /etc/passwd, which
     allows local users to cause a denial of service (inconsistent file state)
     by causing an error during the modification. This issue can be
     combined with CVE-2015-3245 to gain privileges.
   * See also https://bugs.debian.org/793465 for more information.
Checksums-Sha1: 
 b174eaef555908ae4d6b396fafb5866b8fe8a2c3 2187 libuser_0.56.9.dfsg.1-1.2+deb7u1.dsc
 fd6906dcce5b59b95068a23d6a49d8ceeec8117d 1201888 libuser_0.56.9.dfsg.1.orig.tar.gz
 40271a540c70c4b1ee092f924556a79f89b773de 21761 libuser_0.56.9.dfsg.1-1.2+deb7u1.diff.gz
 8248985c00eee21920ab9b3b4c47243924a897d1 401456 libuser_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb
 c43b5f37e182b9cd9829afbc21b15117a9c502ea 31606 libuser1-dev_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb
 d6f6b279f58bfd2044a098316ca8295cc1687929 97114 libuser1_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb
 c0a29138a075f87d21205dbfcf5e7ed01ee390eb 62780 python-libuser_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb
Checksums-Sha256: 
 b444c391dad8970d4ce174a2907f1c5bcd9f6d1b1f3313616402053151b29c0e 2187 libuser_0.56.9.dfsg.1-1.2+deb7u1.dsc
 3b1f3c84abeec29e7c78b11b257410e8bf49fb5e28a39a82fd7755d22146c341 1201888 libuser_0.56.9.dfsg.1.orig.tar.gz
 7e15734ab407b4d1d0a1ec46e34bbf191e461b9b9f53e6877dcd1a989da744bd 21761 libuser_0.56.9.dfsg.1-1.2+deb7u1.diff.gz
 e296bd7724b7cd4cfa9d4b31d190b07934b9dc5e22af661fbe51a39aa9938856 401456 libuser_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb
 54d100717fa95103b6a5f8f02bc3adf237a6bf491289d1b50dddaf1b9a67181f 31606 libuser1-dev_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb
 ff855b0d64755e27837afba36f6d04c82253429a278040a7a5e13270c783b64f 97114 libuser1_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb
 7676f1661c19394ef41235c8f70283217674e60ed8ee663ca5b7c0f6ddb716f1 62780 python-libuser_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb
Files: 
 2482a1e253f8bd4fbe54f8d61437022d 2187 admin optional libuser_0.56.9.dfsg.1-1.2+deb7u1.dsc
 dd206f6755b670e3a7090c7ffc659012 1201888 admin optional libuser_0.56.9.dfsg.1.orig.tar.gz
 3b43aa73aec46ae2e717998e4c1fa77a 21761 admin optional libuser_0.56.9.dfsg.1-1.2+deb7u1.diff.gz
 5ad7f73c45a4515e6295ec688074c574 401456 admin optional libuser_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb
 d5e00011e5ada400ffbce0e81e891da1 31606 libdevel optional libuser1-dev_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb
 e2d9b6b2b2faf55f53073d989cff4c4f 97114 libs optional libuser1_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb
 baa0dd199c933b64a442089e6ef5d669 62780 admin optional python-libuser_0.56.9.dfsg.1-1.2+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJXNKP1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkby4P/2gcRT/kId3T0Gd8vyAs+vbx
8xaF4vsGkOmvRw1nHDxkCyAy7Smqk9BVPloATl8gvJtU9EL63doke6ys9oa2yWa1
O5Uuy28ALIaaNv379/2q2q7IlXL9KBcc3kSYGmt3l/8eUQSzTX1sW7Qwpd/XHKgX
AV32qZ2YZNOPp3+nLXwyDzHCG5KD1WVGpjG92VdGHgloURxQgc2nDQJ+dXEJilXm
Ua8SWWUqXJF+ZCH2th/sYiPULY0wgkY0l4KwQRMPKfhdz33CaTgz2TUD9s/rAX3/
XL63V7lvUIKfJZESnJk0r4hAetPQ1DwCodN83nNymUvzA825CRRVA7xiuTiG3ZMV
QU6C/6Q7bMXKh8Sf0jK5/4F2NVeQKHTZ24LNsLd0N6fUlLve4Bj4jc9A0Wway46s
U6m2J9QA1iH9tVtX35SSCGjrFGGYgHnWmIvOPOCTdd1SoikTuNnH3MTHDzqG/XHF
61lZHmeQS5GjPG2u7sERQOh+YuDUxdCF/GZmZY2yOt11kWE+dcUQUJWHk9O+NWlf
bsVgAXRPuxWLWMs90dp81dbdnnqfrtMWWHOBJV72MvE1n0npXKrMbU2Y7UnNOwjL
SbyJISVYlelIjWu292PMFgYNh4CynxQwwHKdXDsfbU3fm+qhsMzx1N63GKCSklXH
nDvPr/CTODzpAiLK5FV2
=dN2A
-----END PGP SIGNATURE-----