[ubuntu/lunar-proposed] multipath-tools 0.8.8-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Nov 17 13:57:14 UTC 2022 

multipath-tools (0.8.8-1ubuntu2) lunar; urgency=medium

  * SECURITY UPDATE: symlink attack
    - debian/patches/CVE-2022-41973.patch: use /run instead of /dev/shm in
      .gitignore, Makefile.inc, libmultipath/defaults.h,
      multipath/Makefile, multipath/multipath.rules.in,
      multipath/tmpfiles.conf.in.
    - debian/multipath-tools.install: install tmpfiles.d/multipath.conf.
    - debian/rules: copy udev rule after build.
    - CVE-2022-41973
  * SECURITY UPDATE: authorization bypass
    - debian/patches/CVE-2022-41974-pre1.patch: fix command completion in
      interactive mode in multipathd/callbacks.c, multipathd/cli.c,
      multipathd/cli_handlers.c, multipathd/main.c.
    - debian/patches/CVE-2022-41974.patch: more robust command parsing in
      multipathd/callbacks.c, multipathd/cli.c, multipathd/cli.h,
      multipathd/cli_handlers.c, multipathd/uxlsnr.c.
    - debian/patches/CVE-2022-41974-2.patch: fix command completion with
      robust parser in multipathd/cli.c, multipathd/cli.h,
      multipathd/uxlsnr.c.
    - debian/patches/CVE-2022-41974-3.patch: add test for command parsing
      in Makefile.inc, tests/Makefile, tests/cli.c, multipathd/cli.h,
      multipathd/cli.c.
    - debian/patches/CVE-2022-41974-4.patch: fix memory leak handling
      invalid commands in multipathd/uxlsnr.c.
    - CVE-2022-41974

Date: Fri, 28 Oct 2022 14:43:41 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/multipath-tools/0.8.8-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Fri, 28 Oct 2022 14:43:41 -0400
Source: multipath-tools
Built-For-Profiles: noudeb
Architecture: source
Version: 0.8.8-1ubuntu2
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 multipath-tools (0.8.8-1ubuntu2) lunar; urgency=medium
 .
   * SECURITY UPDATE: symlink attack
     - debian/patches/CVE-2022-41973.patch: use /run instead of /dev/shm in
       .gitignore, Makefile.inc, libmultipath/defaults.h,
       multipath/Makefile, multipath/multipath.rules.in,
       multipath/tmpfiles.conf.in.
     - debian/multipath-tools.install: install tmpfiles.d/multipath.conf.
     - debian/rules: copy udev rule after build.
     - CVE-2022-41973
   * SECURITY UPDATE: authorization bypass
     - debian/patches/CVE-2022-41974-pre1.patch: fix command completion in
       interactive mode in multipathd/callbacks.c, multipathd/cli.c,
       multipathd/cli_handlers.c, multipathd/main.c.
     - debian/patches/CVE-2022-41974.patch: more robust command parsing in
       multipathd/callbacks.c, multipathd/cli.c, multipathd/cli.h,
       multipathd/cli_handlers.c, multipathd/uxlsnr.c.
     - debian/patches/CVE-2022-41974-2.patch: fix command completion with
       robust parser in multipathd/cli.c, multipathd/cli.h,
       multipathd/uxlsnr.c.
     - debian/patches/CVE-2022-41974-3.patch: add test for command parsing
       in Makefile.inc, tests/Makefile, tests/cli.c, multipathd/cli.h,
       multipathd/cli.c.
     - debian/patches/CVE-2022-41974-4.patch: fix memory leak handling
       invalid commands in multipathd/uxlsnr.c.
     - CVE-2022-41974
Checksums-Sha1:
 8b8d5e8992bf6ccd915ff45d99c02e4dc0cdadf7 2748 multipath-tools_0.8.8-1ubuntu2.dsc
 f3aa4a8c2e47d2ff56b9116b4ac3cda06aaef5cb 59952 multipath-tools_0.8.8-1ubuntu2.debian.tar.xz
 79dab408ad4d62b3e6d6ef192a62229f36004c7e 7433 multipath-tools_0.8.8-1ubuntu2_source.buildinfo
Checksums-Sha256:
 50d064e967040b05c9b5c84a2eba788e15939997d1286df70066d6d693d67759 2748 multipath-tools_0.8.8-1ubuntu2.dsc
 d17e231bec7a7459771e8397a689cc10b2c03d05140987e2d8d02d50f61b04bd 59952 multipath-tools_0.8.8-1ubuntu2.debian.tar.xz
 e69a268722c6ac90c396627b80a3c9f07eef69512e04c60160bd0a2b6ade31bf 7433 multipath-tools_0.8.8-1ubuntu2_source.buildinfo
Files:
 127d781e03725ebdc644c08abd3774f4 2748 admin optional multipath-tools_0.8.8-1ubuntu2.dsc
 ea2bdef9082a1bc56948e3d6f31f3f54 59952 admin optional multipath-tools_0.8.8-1ubuntu2.debian.tar.xz
 27f4bee3d19841aec34803cf2a93bc0e 7433 admin optional multipath-tools_0.8.8-1ubuntu2_source.buildinfo
Original-Maintainer: Debian DM Multipath Team <team+linux-blocks at tracker.debian.org>

More information about the lunar-changes mailing list