Debian Bug report logs - #722306
torque: CVE-2013-4319: privilege escalation

version graph

Package: torque; Maintainer for torque is Morten Kjeldgaard <mok@bioxray.au.dk>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 10 Sep 2013 05:39:02 UTC

Severity: grave

Tags: fixed-upstream, patch, security, upstream

Found in version 2.4.8+dfsg-9

Fixed in versions torque/2.4.16+dfsg-1.1, torque/2.4.8+dfsg-9squeeze2, torque/2.4.16+dfsg-1+deb7u1

Done: Salvatore Bonaccorso <carnil@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Morten Kjeldgaard <mok@bioxray.au.dk>:
Bug#722306; Package torque. (Tue, 10 Sep 2013 05:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Morten Kjeldgaard <mok@bioxray.au.dk>. (Tue, 10 Sep 2013 05:39:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: torque: CVE-2013-4319: privilege escalation
Date: Tue, 10 Sep 2013 07:35:44 +0200
Package: torque
Severity: grave
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for torque.

CVE-2013-4319[0]:
Torque privilege escalation

Upstream announce[1] contains also a patch.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[1] http://security-tracker.debian.org/tracker/CVE-2013-4319
[1] http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



Information forwarded to debian-bugs-dist@lists.debian.org, Morten Kjeldgaard <mok@bioxray.au.dk>:
Bug#722306; Package torque. (Mon, 07 Oct 2013 05:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Morten Kjeldgaard <mok@bioxray.au.dk>. (Mon, 07 Oct 2013 05:24:03 GMT) Full text and rfc822 format available.

Message #10 received at 722306@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 722306@bugs.debian.org
Subject: torque: possible diff for NMU version 2.4.16+dfsg-1.1
Date: Mon, 7 Oct 2013 07:21:23 +0200
[Message part 1 (text/plain, inline)]
Hi

The attached debdiff is created with the patch for the 2.5 applied to
2.4.16+dfsg-1.1. I have not done any basic testing for it so far,
however.

Regards,
Salvatore
[torque-2.4.16+dfsg-1.1-nmu.diff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Morten Kjeldgaard <mok@bioxray.au.dk>:
Bug#722306; Package torque. (Tue, 08 Oct 2013 17:54:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Morten Kjeldgaard <mok@bioxray.au.dk>. (Tue, 08 Oct 2013 17:54:07 GMT) Full text and rfc822 format available.

Message #15 received at 722306@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 722306@bugs.debian.org
Subject: torque: diff for NMU version 2.4.16+dfsg-1.1
Date: Tue, 8 Oct 2013 19:50:43 +0200
[Message part 1 (text/plain, inline)]
tags 722306 + pending
thanks

Dear maintainer,

I've prepared an NMU for torque (versioned as 2.4.16+dfsg-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
[torque-2.4.16+dfsg-1.1-nmu.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Added tag(s) pending. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 08 Oct 2013 17:54:16 GMT) Full text and rfc822 format available.

Marked as found in versions 2.4.8+dfsg-9. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 08 Oct 2013 20:51:12 GMT) Full text and rfc822 format available.

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Thu, 10 Oct 2013 18:06:09 GMT) Full text and rfc822 format available.

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 10 Oct 2013 18:06:10 GMT) Full text and rfc822 format available.

Message #24 received at 722306-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 722306-close@bugs.debian.org
Subject: Bug#722306: fixed in torque 2.4.16+dfsg-1.1
Date: Thu, 10 Oct 2013 18:04:03 +0000
Source: torque
Source-Version: 2.4.16+dfsg-1.1

We believe that the bug you reported is fixed in the latest version of
torque, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 722306@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated torque package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 07 Oct 2013 07:09:57 +0200
Source: torque
Binary: torque-common torque-server torque-pam torque-scheduler torque-client torque-mom torque-client-x11 libtorque2 libtorque2-dev
Architecture: source amd64
Version: 2.4.16+dfsg-1.1
Distribution: unstable
Urgency: low
Maintainer: Morten Kjeldgaard <mok@bioxray.au.dk>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libtorque2 - shared library for Torque client and server
 libtorque2-dev - header files for libtorque2
 torque-client - command line interface to Torque server
 torque-client-x11 - GUI for torque clients
 torque-common - Torque Queueing System shared files
 torque-mom - job execution engine for Torque batch system
 torque-pam - PAM module for PBS MOM nodes
 torque-scheduler - scheduler part of Torque
 torque-server - PBS-derived batch processing server
Closes: 722306
Changes: 
 torque (2.4.16+dfsg-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Add CVE-2013-4319.patch.
     CVE-2013-4319: remote arbitrary command execution as root on cluster
     by a non-priviledged user who is able to run jobs or login to a node
     which runs pbs_server or pbs_mon. (Closes: #722306)
Checksums-Sha1: 
 c9d4640afca0f19cfd263235eacd14fd660a5451 2586 torque_2.4.16+dfsg-1.1.dsc
 59f199eb8bc4e3b813b5d618a4215bb34451c5a1 17874 torque_2.4.16+dfsg-1.1.debian.tar.gz
 e9fa71554d7b8f460527dc84d749bccf1f24e6d6 40212 torque-common_2.4.16+dfsg-1.1_amd64.deb
 07f43c8d3d71238da51cd694d3b6c8ac3fb81f49 171246 torque-server_2.4.16+dfsg-1.1_amd64.deb
 dcba3cf8ccc230e98e1c2bdd14f8ffd8273e4d84 36898 torque-pam_2.4.16+dfsg-1.1_amd64.deb
 4ecce27ef84a4658d2e860d84af123c484018434 86826 torque-scheduler_2.4.16+dfsg-1.1_amd64.deb
 c4c311c18dd4241e64850f159d382ec3d6b9842b 331126 torque-client_2.4.16+dfsg-1.1_amd64.deb
 d292f1b999eaeb3e30b47285dee77482b8cea299 176058 torque-mom_2.4.16+dfsg-1.1_amd64.deb
 5563f63a0951b8fb747bb6215c879a6694885caf 478334 torque-client-x11_2.4.16+dfsg-1.1_amd64.deb
 a7872660084f67acefd8d5329d37f4fa88100acd 104304 libtorque2_2.4.16+dfsg-1.1_amd64.deb
 5275afdf80ec50cfba083e142d7c4f78bb3b64ab 45980 libtorque2-dev_2.4.16+dfsg-1.1_amd64.deb
Checksums-Sha256: 
 ad0cd47ea766654687178e25acbb91850104d5fe10f6b11a3f902c18706b12bf 2586 torque_2.4.16+dfsg-1.1.dsc
 eb3dfbbb1b4fb0e461f2414944a83c8ddf49a858e1ebc1a35257fa7499f8364a 17874 torque_2.4.16+dfsg-1.1.debian.tar.gz
 03b37ce539c655b0690d0e92d70e1a32276a2f68889cbae3f2223a24fa9c7b05 40212 torque-common_2.4.16+dfsg-1.1_amd64.deb
 2f33497b5d20e0120040691bdb8afd2680e797549f684852c49e724275095bb9 171246 torque-server_2.4.16+dfsg-1.1_amd64.deb
 e818250317681c6dd82a5f57ec3cdcb3ed4c47d86a7ea16a933d24fc2a09e8e2 36898 torque-pam_2.4.16+dfsg-1.1_amd64.deb
 88c0914ac41875ff6fc9786bf3cad80ae6640e2d3e5a5101bf8ce63fa3bb521c 86826 torque-scheduler_2.4.16+dfsg-1.1_amd64.deb
 6ffb83ad43faa119f1d98b67137205c49e468a103e9644321edb8c8431f6bd76 331126 torque-client_2.4.16+dfsg-1.1_amd64.deb
 aed904495b7dd0b82dc8c180e4296589d369ea631ca74a24e4900c0685b5946c 176058 torque-mom_2.4.16+dfsg-1.1_amd64.deb
 c980e7b54951d9b7191b68cfe7ee41d2bbe5b09a2bb693f752f613dc16d858e0 478334 torque-client-x11_2.4.16+dfsg-1.1_amd64.deb
 3ef1029b697cd1bbec4a7ac85b7e39e57a46a596590d97f456af87817cc95e4b 104304 libtorque2_2.4.16+dfsg-1.1_amd64.deb
 5cbd061f3971e3aca2bfef1e2615a95a451aff0c029fad97927821f8ef1dc09a 45980 libtorque2-dev_2.4.16+dfsg-1.1_amd64.deb
Files: 
 ae67bfbd9c91a41779f2d96a1957e89a 2586 net optional torque_2.4.16+dfsg-1.1.dsc
 139eeb3b2ab5515b9391afe2b19ca5fd 17874 net optional torque_2.4.16+dfsg-1.1.debian.tar.gz
 e57b73a701ed0c20622deb5a23cb63f8 40212 utils optional torque-common_2.4.16+dfsg-1.1_amd64.deb
 d3a05b2574ad3d343f71461d246db2e8 171246 utils optional torque-server_2.4.16+dfsg-1.1_amd64.deb
 5256d1fca0d3b4c3d68ded3b9d2417d5 36898 utils optional torque-pam_2.4.16+dfsg-1.1_amd64.deb
 22b9e01127170228ede140cd9bc38490 86826 net optional torque-scheduler_2.4.16+dfsg-1.1_amd64.deb
 35b28c8a231a64e5054ea1e11f861f83 331126 utils optional torque-client_2.4.16+dfsg-1.1_amd64.deb
 d4800ea789b746fa2ad1c4f37379a489 176058 utils optional torque-mom_2.4.16+dfsg-1.1_amd64.deb
 e59330a6f4801967a950f046bc08c5c7 478334 x11 optional torque-client-x11_2.4.16+dfsg-1.1_amd64.deb
 5c27c2e4fb968cf756a7155fa061cdbb 104304 libs optional libtorque2_2.4.16+dfsg-1.1_amd64.deb
 3abb8f6cd63d2ad51143a0fedbfbf168 45980 libdevel optional libtorque2-dev_2.4.16+dfsg-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJSVEIuAAoJEAVMuPMTQ89ERwUP/1U7t3DcOrVVDzkHpXg2nyLb
ewKDpP/Ei4orqG0Sy2AomZ1ck5AJ/vm47kaRJ1+BdpiHfQYaUMzxf6ads8/lHt41
JmdJp58cGwB1dzTd+8xUTfm1KFYKl6f2kPeHDdIKD9h6eP0zZtQ1IsSDGeh7j22v
LFnPZKElAcRtcJFpyDk+vQqoBGqPOQqeSDE+e5xP9a3i1M3drxQuh5QY3j/qZJfc
CHyD/IJruxUv+xxZwZoswtq/6ICl1YESWSaPxfPcJ6x7EMBadgvFUuYQlkwk4J3E
IPSLZi8q5AluN8OhTwL+vNY6HR+r6ojedPAB9A503N1/HdxDxN/7FgG1aZbQhgZf
x2FdqITROaxeAoxSXC+zk1ltUHYlhZDsRd62Ux5lfTJUA+Ij/Y2PD8TkYzWp325Q
IbJjYPP8XdeufTxDVDnAf7/2YD85teTgDuow72ShxJHpqR2g1H+L30I6VcTLXA2Z
PjKEbfGgF/NZyfCTnPFUXgxyc4VKkTqrL6rnGljFCoCEhzKwVFP6jaKpJNAXbSeo
mgPmLVGe+TNuiOlLBwwErraQ6Y/2Ihy/eYDacgJqlAf4YMHfEL4CLEC9T4QNFTHr
/PbXzDXFRw+MYGagXrK7yraJw59wfh2aSgdlKugmrg9oTpQxNgF5oB+v5lD/lpVt
4uhSDcli32m9NZK53DKa
=5vYK
-----END PGP SIGNATURE-----




Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Thu, 10 Oct 2013 22:21:05 GMT) Full text and rfc822 format available.

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 10 Oct 2013 22:21:05 GMT) Full text and rfc822 format available.

Message #29 received at 722306-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 722306-close@bugs.debian.org
Subject: Bug#722306: fixed in torque 2.4.8+dfsg-9squeeze2
Date: Thu, 10 Oct 2013 22:17:38 +0000
Source: torque
Source-Version: 2.4.8+dfsg-9squeeze2

We believe that the bug you reported is fixed in the latest version of
torque, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 722306@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated torque package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 08 Oct 2013 22:46:53 +0200
Source: torque
Binary: torque-common torque-server torque-pam torque-scheduler torque-client torque-mom torque-client-x11 libtorque2 libtorque2-dev
Architecture: source amd64
Version: 2.4.8+dfsg-9squeeze2
Distribution: squeeze-security
Urgency: high
Maintainer: Morten Kjeldgaard <mok@bioxray.au.dk>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libtorque2 - shared library for Torque client and server
 libtorque2-dev - header files for libtorque2
 torque-client - command line interface to Torque server
 torque-client-x11 - GUI for torque clients
 torque-common - Torque Queueing System shared files
 torque-mom - job execution engine for Torque batch system
 torque-pam - PAM module for PBS MOM nodes
 torque-scheduler - scheduler part of Torque
 torque-server - PBS-derived batch processing server
Closes: 722306
Changes: 
 torque (2.4.8+dfsg-9squeeze2) squeeze-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2013-4319.patch.
     CVE-2013-4319: remote arbitrary command execution as root on cluster
     by a non-priviledged user who is able to run jobs or login to a node
     which runs pbs_server or pbs_mon. (Closes: #722306)
Checksums-Sha1: 
 5fea230379e1d504397514dbad8cfb3a7c2b06e0 2332 torque_2.4.8+dfsg-9squeeze2.dsc
 7380b04b809e1d9135ef3601d4490e498634bf1d 22713 torque_2.4.8+dfsg-9squeeze2.debian.tar.gz
 7481ffd329a3b5c367239de7d35e005ceb35ff28 37822 torque-common_2.4.8+dfsg-9squeeze2_amd64.deb
 652d0db2358d42c352f516f7a827e84351a23985 187352 torque-server_2.4.8+dfsg-9squeeze2_amd64.deb
 1a5f35f5dfcb62c102852b42f938d72aea06bd08 34314 torque-pam_2.4.8+dfsg-9squeeze2_amd64.deb
 cabd7b51d33342649836a5434d6d597f6c00068f 92070 torque-scheduler_2.4.8+dfsg-9squeeze2_amd64.deb
 6446b69f7d42b193a0cd6818bd6e2fdff12b716c 388018 torque-client_2.4.8+dfsg-9squeeze2_amd64.deb
 6834a121fc289f53475ce0fa703b209d570a6b51 194318 torque-mom_2.4.8+dfsg-9squeeze2_amd64.deb
 c0eaace67c95d404cc200c76339f63c73b9e0574 641438 torque-client-x11_2.4.8+dfsg-9squeeze2_amd64.deb
 958e3849fd3eaf3d11ebc2fdddbe931828545e0a 115132 libtorque2_2.4.8+dfsg-9squeeze2_amd64.deb
 7ce9ca18f64e88def1651bdbd49bb7b1b93fca76 46408 libtorque2-dev_2.4.8+dfsg-9squeeze2_amd64.deb
Checksums-Sha256: 
 1f46b0a702718fa6c09620b6549dc25abf77e2ebdb22fb730944477d6907cff5 2332 torque_2.4.8+dfsg-9squeeze2.dsc
 1acb657f6cacff108ee61931ebbb571faa7c3d2deeb7e14f8fde71c6676378fe 22713 torque_2.4.8+dfsg-9squeeze2.debian.tar.gz
 ecf29eca863b030af321dc842fa9f8f5f38a49bb6892b5ffbd79c4649c69779b 37822 torque-common_2.4.8+dfsg-9squeeze2_amd64.deb
 e0bcb7b983311efdd20e35a2a9ce4bd572592ed36b847a13817f4c8e1fdbac7f 187352 torque-server_2.4.8+dfsg-9squeeze2_amd64.deb
 10076fa0955112c3f17fc596855c12efb0ed46050085115e5b2dbc7b9badbab1 34314 torque-pam_2.4.8+dfsg-9squeeze2_amd64.deb
 28a73457abb70e5674334b3f81f230615101e779b8aea5c4300528cf185a3ad6 92070 torque-scheduler_2.4.8+dfsg-9squeeze2_amd64.deb
 bf814e332d43599736e2baa186ea25443faf1b596ea04ecf4aeadb22d6422b3e 388018 torque-client_2.4.8+dfsg-9squeeze2_amd64.deb
 7d44894f58565abae0164dde54293f66ceaaacda4134704d99ac99a0e3f995ae 194318 torque-mom_2.4.8+dfsg-9squeeze2_amd64.deb
 62a4bfaf6d21ee5a61ec412b603efa38db6de37db1b2ebb78551b6230347366d 641438 torque-client-x11_2.4.8+dfsg-9squeeze2_amd64.deb
 a7de710ef6da0fa23b2f88cdf2d16f451c6f3b6c3f7035699d77505f498bd748 115132 libtorque2_2.4.8+dfsg-9squeeze2_amd64.deb
 9eec7171dde60ceffd89b05b5fbc70ee8e3b44d55840ccd16d67d5c930b2b294 46408 libtorque2-dev_2.4.8+dfsg-9squeeze2_amd64.deb
Files: 
 c6638ba1187111819742e25fd40494cd 2332 net optional torque_2.4.8+dfsg-9squeeze2.dsc
 7d1b85ed84040fed08ecd20804f752c7 22713 net optional torque_2.4.8+dfsg-9squeeze2.debian.tar.gz
 b0d49520ffda915cff2f5843f9182853 37822 utils optional torque-common_2.4.8+dfsg-9squeeze2_amd64.deb
 e99e3ddd83767de9ac976d6d6f48c9f5 187352 utils optional torque-server_2.4.8+dfsg-9squeeze2_amd64.deb
 415293ec71db8229411174100e997e48 34314 utils optional torque-pam_2.4.8+dfsg-9squeeze2_amd64.deb
 a49b09206a0c22c451771d1e1d404ef8 92070 net optional torque-scheduler_2.4.8+dfsg-9squeeze2_amd64.deb
 7f51688ebf0ef6ea2ef930806ce03b3c 388018 utils optional torque-client_2.4.8+dfsg-9squeeze2_amd64.deb
 f8e62f77118041779fb8d04856d2825e 194318 utils optional torque-mom_2.4.8+dfsg-9squeeze2_amd64.deb
 daefd9243a147ce536c1f6a97b7c5abf 641438 x11 optional torque-client-x11_2.4.8+dfsg-9squeeze2_amd64.deb
 2dc683cbf151594247a9bdfd7ee9fc96 115132 libs optional libtorque2_2.4.8+dfsg-9squeeze2_amd64.deb
 942abfe3e9d4974e6b2abd07dfa01890 46408 libdevel optional libtorque2-dev_2.4.8+dfsg-9squeeze2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJSVHEMAAoJEAVMuPMTQ89Ej5EP+wR9oRQyMU0OuYhVPSb++H1+
o4XpL9282FqdUM4k3oRHM3OEY23kJ6rveTPrIwo30QD60iPdXBInInxoI9/2Ehgr
gjqFW8ELO4WeboErhPr49OI8GOFMIUnicZWKRancoDGfGhWYYER/eUTbthKYBPVz
8SgotMRQtWUQPwEAjlaivszQKWBLAXle6VeeWn+jSqeR16yXHtdrXS6uCPWzyIgD
LSgxpB97DLG7vjkSFf0hMnE809ZETVQWdvjS3J34RvmWWUyrlaTvLuVc18duByNk
vPW9P5V93hkFSLYfM5O4TG92PN+bdGLBkKCKnpfTaupIVtkqrCJ/OYhnN1EsVPSe
Bvnb44yfBSV6fPkA5ph4IEZOPU7wGrl6pqyNgIRVcyMVwtCx+qeVMDLKzobm7uQ6
MAuoV26GDFsKsk/PEwsc4mjwZfDTWk5cx+WLzMIgYlb/W8klqpSfuMje4SYd6dRV
5d30A2NIB2cQeEb29p/J6KcmPLxtUroFm7ieVrlpWMi55TTQrxD+xnNFMt2kkU5E
ejzcccs5eDPfSLi2maypm++yn769fFARZgYrY32OFUUpS1F7bnk6xLCXSizKohc1
sforNxSNM9dS/9s/vkdyQGkgOciDtoQyqBXwLchruZMyfQW0KJQFh0hta3Gwmcvx
qZxYzEDB0C4vH9aqZ9pT
=rwoz
-----END PGP SIGNATURE-----




Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Thu, 28 Nov 2013 22:21:10 GMT) Full text and rfc822 format available.

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 28 Nov 2013 22:21:10 GMT) Full text and rfc822 format available.

Message #34 received at 722306-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 722306-close@bugs.debian.org
Subject: Bug#722306: fixed in torque 2.4.16+dfsg-1+deb7u1
Date: Thu, 28 Nov 2013 22:17:25 +0000
Source: torque
Source-Version: 2.4.16+dfsg-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
torque, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 722306@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated torque package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 08 Oct 2013 20:23:30 +0200
Source: torque
Binary: torque-common torque-server torque-pam torque-scheduler torque-client torque-mom torque-client-x11 libtorque2 libtorque2-dev
Architecture: source amd64
Version: 2.4.16+dfsg-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Morten Kjeldgaard <mok@bioxray.au.dk>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libtorque2 - shared library for Torque client and server
 libtorque2-dev - header files for libtorque2
 torque-client - command line interface to Torque server
 torque-client-x11 - GUI for torque clients
 torque-common - Torque Queueing System shared files
 torque-mom - job execution engine for Torque batch system
 torque-pam - PAM module for PBS MOM nodes
 torque-scheduler - scheduler part of Torque
 torque-server - PBS-derived batch processing server
Closes: 722306
Changes: 
 torque (2.4.16+dfsg-1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2013-4319.patch.
     CVE-2013-4319: remote arbitrary command execution as root on cluster
     by a non-priviledged user who is able to run jobs or login to a node
     which runs pbs_server or pbs_mon. (Closes: #722306)
Checksums-Sha1: 
 68777005c2d508e6a98b1ced5d6f260553f1f823 2629 torque_2.4.16+dfsg-1+deb7u1.dsc
 794273109ce7af072761b85e21a6f8925319ab5a 3296401 torque_2.4.16+dfsg.orig.tar.gz
 468b8c3f8d35c31ab788717d1c646701e4267d04 17948 torque_2.4.16+dfsg-1+deb7u1.debian.tar.gz
 0c66ae4fdf4611d20d69c067974d330df39e211a 41678 torque-common_2.4.16+dfsg-1+deb7u1_amd64.deb
 c5102b374fca7b505a222349fcfc01f68bb481a1 195720 torque-server_2.4.16+dfsg-1+deb7u1_amd64.deb
 159a050766a18a65234a5a542595ec6d12ad7694 38178 torque-pam_2.4.16+dfsg-1+deb7u1_amd64.deb
 692da472ffd391e965af32b098ddb93802c20600 96712 torque-scheduler_2.4.16+dfsg-1+deb7u1_amd64.deb
 b5fe43c09637f88d71f934d6ee85be06dbcc6396 398522 torque-client_2.4.16+dfsg-1+deb7u1_amd64.deb
 db3ff35428d37c8d20d361528cb025d9dcc4fb35 200370 torque-mom_2.4.16+dfsg-1+deb7u1_amd64.deb
 5225aa59444177ab0f6ff970bbde53e3c516af70 647864 torque-client-x11_2.4.16+dfsg-1+deb7u1_amd64.deb
 6fc188e488ae196d75f143869020a3be5f2dc239 120310 libtorque2_2.4.16+dfsg-1+deb7u1_amd64.deb
 e1f4e7b7009f3049a838f387e2631b6f571d1f55 49582 libtorque2-dev_2.4.16+dfsg-1+deb7u1_amd64.deb
Checksums-Sha256: 
 fa5f5e5b4cd0986c29b58551c943dada78ef075a7f21a997379b3614d8b9c0ac 2629 torque_2.4.16+dfsg-1+deb7u1.dsc
 c3607ab17018180d0570c62c596c56449dc907875c84cd58ef5b46623d80add3 3296401 torque_2.4.16+dfsg.orig.tar.gz
 249179648e71d5385ff7065ee6f406af0834a5054bd5e56455279bdc598fb64e 17948 torque_2.4.16+dfsg-1+deb7u1.debian.tar.gz
 7a8e86444b9d42fb8e7faf0e995619131eae143c61ac9f229807eea1ca7019f5 41678 torque-common_2.4.16+dfsg-1+deb7u1_amd64.deb
 0336811f3d4f835601dd1c91f6778f5de6d505721655d45ebcd1078b2dc38e37 195720 torque-server_2.4.16+dfsg-1+deb7u1_amd64.deb
 06fcd0c83862f8080c2e7775793e5b9cc2332f259058d1ab12bca15970058027 38178 torque-pam_2.4.16+dfsg-1+deb7u1_amd64.deb
 dc5662a2e4b4cae17441c717eaf7f689729d32f467752e80a78907e56b65858d 96712 torque-scheduler_2.4.16+dfsg-1+deb7u1_amd64.deb
 b6939f5aed84af19801d70f3e75888d688d5c8238d6038e8c9bf03749228b0a1 398522 torque-client_2.4.16+dfsg-1+deb7u1_amd64.deb
 e48436c0db2ba7ac74fb844953452cc9bcb2ab971d3e368c62efad2a8a495cc8 200370 torque-mom_2.4.16+dfsg-1+deb7u1_amd64.deb
 e7fe97e1a407c084eaf898c892f2dae20b0b0aae6a32cffce3c0d9b12aeb0ae8 647864 torque-client-x11_2.4.16+dfsg-1+deb7u1_amd64.deb
 b7639ec3d9f093e0967c78a37f7a2a6c835b8c714c722ef07a2a7f6399e4b37a 120310 libtorque2_2.4.16+dfsg-1+deb7u1_amd64.deb
 34a454e4f9d160b72f61cac2b1dd5db35da0562334df73469f8f01061e913031 49582 libtorque2-dev_2.4.16+dfsg-1+deb7u1_amd64.deb
Files: 
 0670bdfd941852431c806b3de12ced52 2629 net optional torque_2.4.16+dfsg-1+deb7u1.dsc
 b9432930c92d36872330336665ce9b66 3296401 net optional torque_2.4.16+dfsg.orig.tar.gz
 0db1a98733eeeaa667b21add4edccb50 17948 net optional torque_2.4.16+dfsg-1+deb7u1.debian.tar.gz
 19e42977dcdaa89369aff41cb51697d1 41678 utils optional torque-common_2.4.16+dfsg-1+deb7u1_amd64.deb
 19f8459a9d9af72511015331b44faca0 195720 utils optional torque-server_2.4.16+dfsg-1+deb7u1_amd64.deb
 236731a26b463ba68d852479f4170792 38178 utils optional torque-pam_2.4.16+dfsg-1+deb7u1_amd64.deb
 8a32c8115b7c01da57975539b90579cf 96712 net optional torque-scheduler_2.4.16+dfsg-1+deb7u1_amd64.deb
 345383cf801c8d3315b0300ef37dc757 398522 utils optional torque-client_2.4.16+dfsg-1+deb7u1_amd64.deb
 a3399987caf78ebd4f8b67d4e712fc13 200370 utils optional torque-mom_2.4.16+dfsg-1+deb7u1_amd64.deb
 49d6440d7c8750f11890d8a315d918d8 647864 x11 optional torque-client-x11_2.4.16+dfsg-1+deb7u1_amd64.deb
 7a94bbd6d026e2a08a92135ebc09f113 120310 libs optional libtorque2_2.4.16+dfsg-1+deb7u1_amd64.deb
 c72d4cb55ac5b102aa200cf5dfb84b5f 49582 libdevel optional libtorque2-dev_2.4.16+dfsg-1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJSVE9uAAoJEAVMuPMTQ89EKgcP/3onTflro2qI8CAgd+Doi61Y
J2W6NIJl8F4caaNo6ByOym0owDPfEfLy8Ze43U0iqwjXxzEgigYbKnTG9P3L2R6x
sQyEAls3HGtqjHG/pGLfF6omMDXP09wTlzOpPQ0KDfJEoyD41Pot2fsqTULTKovT
4dobkCP8iizwb9gu/CqL7gj1ye3rDqzHHC3OVcvZW6eX8njF1UK5HkADCB2EngrL
rtKEA7bZRWhEvDsDqr/nNj2KglqXMZHc6vQSgt6YjE6L60fQbFLYEyg1W5z5/ukO
wzpdRyfOJtDS7kDjl/A5lYLn1RZYIce1KNJrDrVHKXLtyvRmE3FovrqWG0FFavpT
oiflfMcP4n8pYZccTzMavCpn51TrCfcS0hCL3RFl+NyD+pcnGu3/5Jn1HpQkW25g
GBn26u4rTArtZ3Evo5Q7nJNVYz4GOhKNtZ1yWcOdj/Y4f5I7e4kv7bk5hJX2fCGx
9kE+ee+UoGGmAJdmSDAxqBF/Hh6k/EbZneHrasihJaDUwXdHrhM0s3ld5pln97e6
xU60EB/Y8H2ClJ4oFzPmKExgNySGT2/WAxcv8ZXoTtr8DRFey0rML+Wt6lw8Rb8+
rD4NZiqxoulL2gLdeNBOLNT692oMOywgAby+OGi6GHCmtEbLfrbBiu/OsDvlLMRf
WwQ3Kl4Ms8Z0pwb3W6p/
=fEh+
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 27 Dec 2013 07:25:35 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 06:05:21 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.