Debian Bug report logs - #522813
multipath-tools: CVE-2009-0115 insecure permissions of control socket

version graph

Package: multipath-tools; Maintainer for multipath-tools is Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>; Source for multipath-tools is src:multipath-tools.

Reported by: Nico Golde <nion@debian.org>

Date: Mon, 6 Apr 2009 17:15:02 UTC

Severity: grave

Tags: security

Found in versions multipath-tools/0.4.7-1.1etch1, multipath-tools/0.4.8-14

Fixed in versions 0.4.8-15, multipath-tools/0.4.8-14+lenny1, multipath-tools/0.4.7-1.1etch2

Done: Guido Günther <agx@sigxcpu.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>:
Bug#522813; Package multipath-tools. (Mon, 06 Apr 2009 17:15:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>. (Mon, 06 Apr 2009 17:15:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: multipath-tools: CVE-2009-0115 insecure permissions of control socket
Date: Mon, 6 Apr 2009 19:11:10 +0200
[Message part 1 (text/plain, inline)]
Package: multipath-tools
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for multipath-tools.

CVE-2009-0115[0]:
| multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux
| Enterprise Server (SLES) 10 uses world-writable permissions for the
| socket file (aka /var/run/multipathd.sock), which allows local users
| to send arbitrary commands to the multipath daemon.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115
    http://security-tracker.debian.net/tracker/CVE-2009-0115

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Mon, 06 Apr 2009 18:09:08 GMT) Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Mon, 06 Apr 2009 18:09:08 GMT) Full text and rfc822 format available.

Message #10 received at 522813-close@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 522813-close@bugs.debian.org
Subject: Bug#522813: fixed in multipath-tools 0.4.8-15
Date: Mon, 06 Apr 2009 18:03:10 +0000
Source: multipath-tools
Source-Version: 0.4.8-15

We believe that the bug you reported is fixed in the latest version of
multipath-tools, which is due to be installed in the Debian FTP archive:

kpartx_0.4.8-15_powerpc.deb
  to pool/main/m/multipath-tools/kpartx_0.4.8-15_powerpc.deb
multipath-tools-boot_0.4.8-15_all.deb
  to pool/main/m/multipath-tools/multipath-tools-boot_0.4.8-15_all.deb
multipath-tools_0.4.8-15.diff.gz
  to pool/main/m/multipath-tools/multipath-tools_0.4.8-15.diff.gz
multipath-tools_0.4.8-15.dsc
  to pool/main/m/multipath-tools/multipath-tools_0.4.8-15.dsc
multipath-tools_0.4.8-15_powerpc.deb
  to pool/main/m/multipath-tools/multipath-tools_0.4.8-15_powerpc.deb
multipath-udeb_0.4.8-15_powerpc.udeb
  to pool/main/m/multipath-tools/multipath-udeb_0.4.8-15_powerpc.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 522813@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated multipath-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 06 Apr 2009 19:36:25 +0200
Source: multipath-tools
Binary: multipath-tools kpartx multipath-tools-boot multipath-udeb
Architecture: source powerpc all
Version: 0.4.8-15
Distribution: unstable
Urgency: low
Maintainer: Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 kpartx     - create device mappings for partitions
 multipath-tools - maintain multipath block device access
 multipath-tools-boot - Support booting from multipath devices
 multipath-udeb - maintain multipath block device access (udeb)
Closes: 519252 522813
Changes: 
 multipath-tools (0.4.8-15) unstable; urgency=low
 .
   * [e3fdd6f] add iscsi as a prereq and add verbose logic from mdadm.
   * [9299e3d] On shutdown multipathd flushes its internal message queue
     but we have to check if the messages on the queue are not empty.
     (Closes: #519252)
   * [df5ee21] fix umask of multipathd socket (CVE-2009-0115). Upstream
     commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813)
Checksums-Sha1: 
 8aa14dce9c3ffc8a4d0ce14175303716fa93ed2c 1347 multipath-tools_0.4.8-15.dsc
 7a9d7f58646df849c8b0310fba5025ace1bf184a 23364 multipath-tools_0.4.8-15.diff.gz
 e159f49b879713a0f3ad7c4bf2268362d31f9435 178608 multipath-tools_0.4.8-15_powerpc.deb
 84f395240ad3eb2e238c4228a653fa9471fa16d4 29286 kpartx_0.4.8-15_powerpc.deb
 33c9ebe597164210854aadbee90cc2df9b85a852 11250 multipath-tools-boot_0.4.8-15_all.deb
 861306650b8e175387d4a9479feac6da284a3a15 95890 multipath-udeb_0.4.8-15_powerpc.udeb
Checksums-Sha256: 
 0865d90c6c7eb81cd85f22e1212bfdd2e094276020b7b0dfe446cb99696c4226 1347 multipath-tools_0.4.8-15.dsc
 cef040f18902427e925fcb50fbacdabbc57ea2cdc99e2a9f6ad11bc5b3910da9 23364 multipath-tools_0.4.8-15.diff.gz
 cafc74f8624d54c6f0eae5c19ea109bb36987bb12b958880a47614687a1b758d 178608 multipath-tools_0.4.8-15_powerpc.deb
 6cd8bd7d072b9cae850afb120d0396541536adfd568f84eb945010927fa1bcc8 29286 kpartx_0.4.8-15_powerpc.deb
 e49e2974e362d7b728671508f515bc7af19d462d99200aacdd7a74a8f6113699 11250 multipath-tools-boot_0.4.8-15_all.deb
 f45bd472b0a432a1d6cfe0bc295e50c6e0fe350f5bc5c607789de1dfc863c9c6 95890 multipath-udeb_0.4.8-15_powerpc.udeb
Files: 
 7c3f4a6bd64a3f059671947376116091 1347 admin extra multipath-tools_0.4.8-15.dsc
 3b3aadc6fa95a3edaad53a520fdcf67b 23364 admin extra multipath-tools_0.4.8-15.diff.gz
 af0af5393ddfdb5719534dcb9e01f9b8 178608 admin extra multipath-tools_0.4.8-15_powerpc.deb
 53b59c9f2582084828d7cf06cd51406d 29286 admin extra kpartx_0.4.8-15_powerpc.deb
 b67ad3419874a1e8daa377f220d4f8da 11250 admin extra multipath-tools-boot_0.4.8-15_all.deb
 fc00f06804e850a69495942725fbda9b 95890 debian-installer extra multipath-udeb_0.4.8-15_powerpc.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ2kFxn88szT8+ZCYRAmugAJ46L1BCb1Cgkz4pQJ+eZVKYEq24NwCfYPVd
uITlU2mVpfni8BhxKXLbDMM=
=C25X
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>:
Bug#522813; Package multipath-tools. (Mon, 06 Apr 2009 18:42:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>. (Mon, 06 Apr 2009 18:42:06 GMT) Full text and rfc822 format available.

Message #15 received at 522813@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Nico Golde <nion@debian.org>, 522813@bugs.debian.org
Subject: Re: Bug#522813: multipath-tools: CVE-2009-0115 insecure permissions of control socket
Date: Mon, 6 Apr 2009 20:37:06 +0200
On Mon, Apr 06, 2009 at 07:11:10PM +0200, Nico Golde wrote:
> Package: multipath-tools
> Severity: grave
> Tags: security
> 
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for multipath-tools.
Thanks for bringing this to my attention!
> 
> CVE-2009-0115[0]:
> | multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux
> | Enterprise Server (SLES) 10 uses world-writable permissions for the
> | socket file (aka /var/run/multipathd.sock), which allows local users
> | to send arbitrary commands to the multipath daemon.
> 
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
I've uploaded a fixed version for unstable and prepared an upload for
lenny to stable-security (0.4.8-14+lenny1) and am just building the
version for oldstable-security (0.4.7-1.1etch2). Shall I just go ahead
and upload them?
Cheers,
 -- Guido




Bug marked as found in version 0.4.7-1.1etch1. Request was from Guido Günther <agx@sigxcpu.org> to control@bugs.debian.org. (Mon, 06 Apr 2009 18:45:03 GMT) Full text and rfc822 format available.

Bug marked as found in version 0.4.8-14. Request was from Guido Günther <agx@sigxcpu.org> to control@bugs.debian.org. (Mon, 06 Apr 2009 18:45:05 GMT) Full text and rfc822 format available.

Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Tue, 21 Apr 2009 20:15:09 GMT) Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Tue, 21 Apr 2009 20:15:09 GMT) Full text and rfc822 format available.

Message #24 received at 522813-close@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 522813-close@bugs.debian.org
Subject: Bug#522813: fixed in multipath-tools 0.4.8-14+lenny1
Date: Tue, 21 Apr 2009 19:54:02 +0000
Source: multipath-tools
Source-Version: 0.4.8-14+lenny1

We believe that the bug you reported is fixed in the latest version of
multipath-tools, which is due to be installed in the Debian FTP archive:

kpartx_0.4.8-14+lenny1_powerpc.deb
  to pool/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_powerpc.deb
multipath-tools-boot_0.4.8-14+lenny1_all.deb
  to pool/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb
multipath-tools_0.4.8-14+lenny1.diff.gz
  to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz
multipath-tools_0.4.8-14+lenny1.dsc
  to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc
multipath-tools_0.4.8-14+lenny1_powerpc.deb
  to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_powerpc.deb
multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
  to pool/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_powerpc.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 522813@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated multipath-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 06 Apr 2009 20:03:48 +0200
Source: multipath-tools
Binary: multipath-tools kpartx multipath-tools-boot multipath-udeb
Architecture: source powerpc all
Version: 0.4.8-14+lenny1
Distribution: stable-security
Urgency: low
Maintainer: Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 kpartx     - create device mappings for partitions
 multipath-tools - maintain multipath block device access
 multipath-tools-boot - Support booting from multipath devices
 multipath-udeb - maintain multipath block device access (udeb)
Closes: 522813
Changes: 
 multipath-tools (0.4.8-14+lenny1) stable-security; urgency=low
 .
   * [3d76714] fix umask of multipathd socket (CVE-2009-0115). Upstream
     commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813)
Checksums-Sha1: 
 182770d7d7c3d81b2b469e47c4478b48e44d2e14 1375 multipath-tools_0.4.8-14+lenny1.dsc
 e538c62b14c993d392e3dddb823b06720378a8d0 202446 multipath-tools_0.4.8.orig.tar.gz
 d95402d28b8327db358e4ca0b7b2a12f3aa63b29 22746 multipath-tools_0.4.8-14+lenny1.diff.gz
 cfcbb73941a3814fd0600d244ffad446e4a742c8 182596 multipath-tools_0.4.8-14+lenny1_powerpc.deb
 644a779e53f68dce150e64a193bdf9d90c4d384a 29824 kpartx_0.4.8-14+lenny1_powerpc.deb
 e077c217967baaf8161607dc57379e633b623e37 10886 multipath-tools-boot_0.4.8-14+lenny1_all.deb
 9a0489582e4467682fff8ab9b320749c3c9abe25 98676 multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
Checksums-Sha256: 
 876eb1ce2f00894c982ef269879a39e54d1c2bef105c8d5b4c8be931b083e751 1375 multipath-tools_0.4.8-14+lenny1.dsc
 a3cb242717c907e287088df2b1f161b78bfd40193d0c3faf20c65825bb84a2a4 202446 multipath-tools_0.4.8.orig.tar.gz
 7255436c00c9874eada1ec6b4b629a7558898f439578e7905cd9a94eccdaf226 22746 multipath-tools_0.4.8-14+lenny1.diff.gz
 0ac4a1cc5c82439bdbad7f543afb2f38d88850c5694c17f6fa9b896f3b3d36d0 182596 multipath-tools_0.4.8-14+lenny1_powerpc.deb
 de9382c2e978de1c27ad08cf2fed24f8ce3baeb42fadfe5fc2857197ac6392cf 29824 kpartx_0.4.8-14+lenny1_powerpc.deb
 4d1859fbab603768612f534edb881b43a05f9fbd0ee87e9b8458cc93433a8cbd 10886 multipath-tools-boot_0.4.8-14+lenny1_all.deb
 3b1ee24bd857d21656609045c4fe6d10f5f544b9155b38577039791fcc122a23 98676 multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
Files: 
 04c428b50412dcfe7cefecce779bdd82 1375 admin extra multipath-tools_0.4.8-14+lenny1.dsc
 bf67b278e4b23da0c8ad21a278c04cb3 202446 admin extra multipath-tools_0.4.8.orig.tar.gz
 ec09a8b773c890812f68c431024b89b2 22746 admin extra multipath-tools_0.4.8-14+lenny1.diff.gz
 c06e48ff7f1667d250ba3ebf96139b17 182596 admin extra multipath-tools_0.4.8-14+lenny1_powerpc.deb
 6a02f47ebab83955f5ad7e368bb05a7b 29824 admin extra kpartx_0.4.8-14+lenny1_powerpc.deb
 3d518147b5389246bb18904f9f77bc83 10886 admin extra multipath-tools-boot_0.4.8-14+lenny1_all.deb
 cab3a7acabbf1538a4b028cf3f6b3ea4 98676 debian-installer extra multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ3KW2n88szT8+ZCYRAidKAJ41pTFitK3v0z+IUU6MKXXsFivYmwCfXHiT
qc6DyHjO09X1oKMiQj/jf1I=
=vx+2
-----END PGP SIGNATURE-----





Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Sat, 20 Jun 2009 13:15:09 GMT) Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Sat, 20 Jun 2009 13:15:09 GMT) Full text and rfc822 format available.

Message #29 received at 522813-close@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 522813-close@bugs.debian.org
Subject: Bug#522813: fixed in multipath-tools 0.4.7-1.1etch2
Date: Sat, 20 Jun 2009 12:44:20 +0000
Source: multipath-tools
Source-Version: 0.4.7-1.1etch2

We believe that the bug you reported is fixed in the latest version of
multipath-tools, which is due to be installed in the Debian FTP archive:

multipath-tools_0.4.7-1.1etch2.diff.gz
  to pool/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.diff.gz
multipath-tools_0.4.7-1.1etch2.dsc
  to pool/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.dsc
multipath-tools_0.4.7-1.1etch2_powerpc.deb
  to pool/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 522813@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated multipath-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 06 Apr 2009 20:19:17 +0200
Source: multipath-tools
Binary: multipath-tools
Architecture: source powerpc
Version: 0.4.7-1.1etch2
Distribution: oldstable-security
Urgency: low
Maintainer: Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 multipath-tools - Command-line utilities for administering multipath disk access
Closes: 522813
Changes: 
 multipath-tools (0.4.7-1.1etch2) oldstable-security; urgency=low
 .
   * [5c0d036] fix umask of multipathd socket (CVE-2009-0115). Upstream
     commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813)
Files: 
 96af45800ec71a9fcf8f811416ff90e7 794 admin extra multipath-tools_0.4.7-1.1etch2.dsc
 b14f35444f6fee34b6be49a79ebe9439 179914 admin extra multipath-tools_0.4.7.orig.tar.gz
 971e214f6a43d817da8da4dcc3763443 25941 admin extra multipath-tools_0.4.7-1.1etch2.diff.gz
 923e02c8131bbfd298bd2958637fc90b 161776 admin extra multipath-tools_0.4.7-1.1etch2_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ3KWrn88szT8+ZCYRAqbZAJ9OHXpvW93J98nMT0jEajuqQBPgcgCfXySz
bgLWyevUGa60gIb1lAK553k=
=Z8We
-----END PGP SIGNATURE-----





Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Sat, 27 Jun 2009 16:42:15 GMT) Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Sat, 27 Jun 2009 16:42:16 GMT) Full text and rfc822 format available.

Message #34 received at 522813-close@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 522813-close@bugs.debian.org
Subject: Bug#522813: fixed in multipath-tools 0.4.8-14+lenny1
Date: Sat, 27 Jun 2009 16:04:40 +0000
Source: multipath-tools
Source-Version: 0.4.8-14+lenny1

We believe that the bug you reported is fixed in the latest version of
multipath-tools, which is due to be installed in the Debian FTP archive:

kpartx_0.4.8-14+lenny1_powerpc.deb
  to pool/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_powerpc.deb
multipath-tools-boot_0.4.8-14+lenny1_all.deb
  to pool/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb
multipath-tools_0.4.8-14+lenny1.diff.gz
  to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz
multipath-tools_0.4.8-14+lenny1.dsc
  to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc
multipath-tools_0.4.8-14+lenny1_powerpc.deb
  to pool/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_powerpc.deb
multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
  to pool/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_powerpc.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 522813@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated multipath-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 06 Apr 2009 20:03:48 +0200
Source: multipath-tools
Binary: multipath-tools kpartx multipath-tools-boot multipath-udeb
Architecture: source powerpc all
Version: 0.4.8-14+lenny1
Distribution: stable-security
Urgency: low
Maintainer: Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 kpartx     - create device mappings for partitions
 multipath-tools - maintain multipath block device access
 multipath-tools-boot - Support booting from multipath devices
 multipath-udeb - maintain multipath block device access (udeb)
Closes: 522813
Changes: 
 multipath-tools (0.4.8-14+lenny1) stable-security; urgency=low
 .
   * [3d76714] fix umask of multipathd socket (CVE-2009-0115). Upstream
     commit 0a0319d381249760c71023edbe0ac9c093bb4a74. (Closes: #522813)
Checksums-Sha1: 
 182770d7d7c3d81b2b469e47c4478b48e44d2e14 1375 multipath-tools_0.4.8-14+lenny1.dsc
 e538c62b14c993d392e3dddb823b06720378a8d0 202446 multipath-tools_0.4.8.orig.tar.gz
 d95402d28b8327db358e4ca0b7b2a12f3aa63b29 22746 multipath-tools_0.4.8-14+lenny1.diff.gz
 cfcbb73941a3814fd0600d244ffad446e4a742c8 182596 multipath-tools_0.4.8-14+lenny1_powerpc.deb
 644a779e53f68dce150e64a193bdf9d90c4d384a 29824 kpartx_0.4.8-14+lenny1_powerpc.deb
 e077c217967baaf8161607dc57379e633b623e37 10886 multipath-tools-boot_0.4.8-14+lenny1_all.deb
 9a0489582e4467682fff8ab9b320749c3c9abe25 98676 multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
Checksums-Sha256: 
 876eb1ce2f00894c982ef269879a39e54d1c2bef105c8d5b4c8be931b083e751 1375 multipath-tools_0.4.8-14+lenny1.dsc
 a3cb242717c907e287088df2b1f161b78bfd40193d0c3faf20c65825bb84a2a4 202446 multipath-tools_0.4.8.orig.tar.gz
 7255436c00c9874eada1ec6b4b629a7558898f439578e7905cd9a94eccdaf226 22746 multipath-tools_0.4.8-14+lenny1.diff.gz
 0ac4a1cc5c82439bdbad7f543afb2f38d88850c5694c17f6fa9b896f3b3d36d0 182596 multipath-tools_0.4.8-14+lenny1_powerpc.deb
 de9382c2e978de1c27ad08cf2fed24f8ce3baeb42fadfe5fc2857197ac6392cf 29824 kpartx_0.4.8-14+lenny1_powerpc.deb
 4d1859fbab603768612f534edb881b43a05f9fbd0ee87e9b8458cc93433a8cbd 10886 multipath-tools-boot_0.4.8-14+lenny1_all.deb
 3b1ee24bd857d21656609045c4fe6d10f5f544b9155b38577039791fcc122a23 98676 multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
Files: 
 04c428b50412dcfe7cefecce779bdd82 1375 admin extra multipath-tools_0.4.8-14+lenny1.dsc
 bf67b278e4b23da0c8ad21a278c04cb3 202446 admin extra multipath-tools_0.4.8.orig.tar.gz
 ec09a8b773c890812f68c431024b89b2 22746 admin extra multipath-tools_0.4.8-14+lenny1.diff.gz
 c06e48ff7f1667d250ba3ebf96139b17 182596 admin extra multipath-tools_0.4.8-14+lenny1_powerpc.deb
 6a02f47ebab83955f5ad7e368bb05a7b 29824 admin extra kpartx_0.4.8-14+lenny1_powerpc.deb
 3d518147b5389246bb18904f9f77bc83 10886 admin extra multipath-tools-boot_0.4.8-14+lenny1_all.deb
 cab3a7acabbf1538a4b028cf3f6b3ea4 98676 debian-installer extra multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ3KW2n88szT8+ZCYRAidKAJ41pTFitK3v0z+IUU6MKXXsFivYmwCfXHiT
qc6DyHjO09X1oKMiQj/jf1I=
=vx+2
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 26 Jul 2009 07:28:40 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 07:59:31 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.