Bug#615995: marked as done (CVE-2011-1018)

Debian Bug Tracking System Sat, 05 Mar 2011 12:00:21 -0800

Your message dated Sat, 05 Mar 2011 19:57:07 +0000
with message-id <e1pvxb9-0007ai...@franck.debian.org>
and subject line Bug#615995: fixed in logwatch 7.3.6.cvs20080702-2lenny1
has caused the Debian Bug report #615995,
regarding CVE-2011-1018
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
615995: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615995
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: logwatch
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=680237
for references.

This is http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1018

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs35-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---

--- Begin Message ---

Source: logwatch
Source-Version: 7.3.6.cvs20080702-2lenny1

We believe that the bug you reported is fixed in the latest version of
logwatch, which is due to be installed in the Debian FTP archive:

logwatch_7.3.6.cvs20080702-2lenny1.diff.gz
  to main/l/logwatch/logwatch_7.3.6.cvs20080702-2lenny1.diff.gz
logwatch_7.3.6.cvs20080702-2lenny1.dsc
  to main/l/logwatch/logwatch_7.3.6.cvs20080702-2lenny1.dsc
logwatch_7.3.6.cvs20080702-2lenny1_all.deb
  to main/l/logwatch/logwatch_7.3.6.cvs20080702-2lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 615...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Willi Mann <wi...@wm1.at> (supplier of updated logwatch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 03 Mar 2011 19:49:55 +0100
Source: logwatch
Binary: logwatch
Architecture: source all
Version: 7.3.6.cvs20080702-2lenny1
Distribution: oldstable-security
Urgency: high
Maintainer: Willi Mann <wi...@wm1.at>
Changed-By: Willi Mann <wi...@wm1.at>
Description: 
 logwatch   - log analyser with nice output written in Perl
Closes: 615995
Changes: 
 logwatch (7.3.6.cvs20080702-2lenny1) oldstable-security; urgency=high
 .
   * CVE-2011-1018: Remote code execution by combination of
     - Logfile name by attacker's choice (e.g. samba log files) and
     - Missing sanitization of logfile names in system() call.
     - fix by encapsulating logfile names in ' and disallowing '.
       Taken from upstream.
     - closes: #615995
Checksums-Sha1: 
 e92afa0e0444f0718471a5b9774e6ee76486c6ce 1492 
logwatch_7.3.6.cvs20080702-2lenny1.dsc
 35141e56e023e525deefb4a43d5b0ae7d5df9774 276521 
logwatch_7.3.6.cvs20080702.orig.tar.gz
 19ba6e40e7e15aa63dd199e47c9f8cc9612a865e 73715 
logwatch_7.3.6.cvs20080702-2lenny1.diff.gz
 824b0bdbbe3691dd4c289a970dffea72673ac427 323778 
logwatch_7.3.6.cvs20080702-2lenny1_all.deb
Checksums-Sha256: 
 522c0fa669024731d5af6e8333cf83c86d8581f55c4c5678523d9948584cd7a7 1492 
logwatch_7.3.6.cvs20080702-2lenny1.dsc
 d77aa8a9dace4e2863459c744b7ab2519b013b3b68fae5b67cc9198654e80f55 276521 
logwatch_7.3.6.cvs20080702.orig.tar.gz
 480846672300545d5c62bca7103bca66e6e9048b171b0683b3910332d10a8419 73715 
logwatch_7.3.6.cvs20080702-2lenny1.diff.gz
 a3604deeda3ec4c2536da687cc92791d3190587c5257efec9f1b5cd79e297a8a 323778 
logwatch_7.3.6.cvs20080702-2lenny1_all.deb
Files: 
 15007246b2c48958577c72977f7b9068 1492 admin optional 
logwatch_7.3.6.cvs20080702-2lenny1.dsc
 c9f616695211e8e8615b79f56683cdd4 276521 admin optional 
logwatch_7.3.6.cvs20080702.orig.tar.gz
 5a2b21437050923e9699818a50bfaad0 73715 admin optional 
logwatch_7.3.6.cvs20080702-2lenny1.diff.gz
 1358708d2fbeb26ba6059679047aefe7 323778 admin optional 
logwatch_7.3.6.cvs20080702-2lenny1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJNcJ6zAAoJEL97/wQC1SS+MmMIAIyooGR41w+YgGpI0m/pwD9Z
iURj66cnEN3POL68DWNZFj57pTMPJ8J3nm+UMEPeu1PavxIAnAsKoN7zwRBl7MNd
EIpSH4V/H5FS7BXECDiuRztkioReKOqls6H0xmiuqHYudvp5Dns/abkWg0Q82XkV
I2wBapC4ndO+l+EoC1j9D8tVldA7Tq2afs1Kj8bFooadatFbQ/znyo+gknyd9rXS
hYphSjr4MiTBpgZ7k6BYAuYg98fSrnMPR1yJogEtbvwe8TFpjeUU8Wd/ixQiKzGY
/LOXmJ8ukyoA7YNK13Qf0vy7WoP1LbINrjtoLQWiQ13IdnyZeHUNi4LViS5XU6s=
=hcWl
-----END PGP SIGNATURE-----

--- End Message ---

Bug#615995: marked as done (CVE-2011-1018)

Reply via email to