Bug#695097: Prepared sleuthkit 4.1.0

Henri Salo henri at nerv.fi
Wed Jun 26 07:10:32 UTC 2013 

On Tue, Jun 18, 2013 at 01:07:23PM +0200, Michael Prokop wrote:
> we're lagging quite some versions behind with our sleuthkit
> packaging in Debian. I tried to take care of it and just pushed
> upstream and pristine-tar branches for new upstream version 4.1.0 of
> sleuthkit to our git repos (I hope you don't mind, Christophe).
> 
> I also pushed my changes related to Debian packaging into branch
> mika/4.1.0 (to not mess with main 'debian' branch yet until it's
> known to be fine).
> 
> I'm a bit unsure how to handle the libtsk3 package though.
> Our latest package libtsk3-3 shipped /usr/lib/libtsk3.so.3.4.0
> but upstream seems to have renamed 'tsk3' to just 'tsk' and I'm not
> sure how to handle the resulting /usr/lib/libtsk.so.10.0.0 package
> wise.
> 
> Julien, you seem to have handled also the symbol files in the past
> and know what you're doing. :) Any chance you could take a look at
> the current situation and help us in getting a new package release
> out?

Hello,

I can't see sleuthkit 4.1.0 yet in unstable. What is the status with this? I can
help with some smaller tasks and testing if needed. Without much checking
security vulnerability[1] has been fixed in newer versions. In my opinion
comment "Hardly a vulnerability" in tracker is understating this issue as per
mailing list post[2] says:

"""
The vulnerability is already exploited, for example, by the Flame
malware (possibly unintendedly). Flame uses an encrypted SQLite-DB named
"." for extraction of confidential files and for update distribution.
An analyst may miss the file as the Sleuth Kit does not appropriately
show the file.

http://labs.bitdefender.com/2012/06/flame-the-story-of-leaked-data-carried-by-human-vector/
http://blog.crysys.hu/2012/06/flame-usb-dot-file-confirmed/
"""

1: https://security-tracker.debian.org/tracker/CVE-2012-5619
2: http://www.openwall.com/lists/oss-security/2012/12/01/2

---
Henri Salo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/forensics-devel/attachments/20130626/5d6b5501/attachment-0001.sig>

More information about the forensics-devel mailing list