Bug#615995: marked as done (CVE-2011-1018)

Debian Bug Tracking System Sat, 05 Mar 2011 12:00:23 -0800

Your message dated Sat, 05 Mar 2011 19:57:09 +0000
with message-id <e1pvxbb-0007b0...@franck.debian.org>
and subject line Bug#615995: fixed in logwatch 7.3.6.cvs20090906-1squeeze1
has caused the Debian Bug report #615995,
regarding CVE-2011-1018
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
615995: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615995
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: logwatch
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=680237
for references.

This is http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1018

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs35-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---

--- Begin Message ---

Source: logwatch
Source-Version: 7.3.6.cvs20090906-1squeeze1

We believe that the bug you reported is fixed in the latest version of
logwatch, which is due to be installed in the Debian FTP archive:

logwatch_7.3.6.cvs20090906-1squeeze1.diff.gz
  to main/l/logwatch/logwatch_7.3.6.cvs20090906-1squeeze1.diff.gz
logwatch_7.3.6.cvs20090906-1squeeze1.dsc
  to main/l/logwatch/logwatch_7.3.6.cvs20090906-1squeeze1.dsc
logwatch_7.3.6.cvs20090906-1squeeze1_all.deb
  to main/l/logwatch/logwatch_7.3.6.cvs20090906-1squeeze1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 615...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Willi Mann <wi...@wm1.at> (supplier of updated logwatch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 02 Mar 2011 08:57:07 +0100
Source: logwatch
Binary: logwatch
Architecture: source all
Version: 7.3.6.cvs20090906-1squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Willi Mann <wi...@wm1.at>
Changed-By: Willi Mann <wi...@wm1.at>
Description: 
 logwatch   - log analyser with nice output written in Perl
Closes: 615995
Changes: 
 logwatch (7.3.6.cvs20090906-1squeeze1) stable-security; urgency=high
 .
   * CVE-2011-1018: Remote code execution by combination of
     - Logfile name by attacker's choice (e.g. samba log files) and
     - Missing sanitization of logfile names in system() call.
     - fix by encapsulating logfile names in ' and disallowing '.
       Taken from upstream.
     - closes: #615995
Checksums-Sha1: 
 be293abebeaf385322af445fb3e7069a682d7e5b 1500 
logwatch_7.3.6.cvs20090906-1squeeze1.dsc
 20901e498220a3ba8f71680da1adc1ad1c13552a 338115 
logwatch_7.3.6.cvs20090906.orig.tar.gz
 7022a4af62669ab181f27b06d2829c0cc85b1369 88026 
logwatch_7.3.6.cvs20090906-1squeeze1.diff.gz
 982202e34d194bb1e7e68e5c7f1bce3d299cb001 396658 
logwatch_7.3.6.cvs20090906-1squeeze1_all.deb
Checksums-Sha256: 
 ac32db5c066fa10f5a8ec09b9d407c05dce112772b5831a156d571bcb4f3bd9e 1500 
logwatch_7.3.6.cvs20090906-1squeeze1.dsc
 8f4b237a4e58c0ce46cb0498b1220237848c697668d307277265e6962e808d0d 338115 
logwatch_7.3.6.cvs20090906.orig.tar.gz
 e6f9e8393d4bd0fac098e4f457c231029262d6210bd0a7bba5066344e475cdc3 88026 
logwatch_7.3.6.cvs20090906-1squeeze1.diff.gz
 b86584eb33f1d41841c84e4f36a9a1b3e07b5aa3ab7c59c4612219932568f231 396658 
logwatch_7.3.6.cvs20090906-1squeeze1_all.deb
Files: 
 95f7e5ff9eb178a01784200ec1be7895 1500 admin optional 
logwatch_7.3.6.cvs20090906-1squeeze1.dsc
 b12229916e0a5891a8c1da59afb61e40 338115 admin optional 
logwatch_7.3.6.cvs20090906.orig.tar.gz
 8b106414d2c0edebe954a06cc515d7e2 88026 admin optional 
logwatch_7.3.6.cvs20090906-1squeeze1.diff.gz
 0b8af406daf57a6c1bb7f29131913da0 396658 admin optional 
logwatch_7.3.6.cvs20090906-1squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJNcJ62AAoJEL97/wQC1SS+h84H/iO5DIYM8SLTYiYIqlDHDDp5
YI+GdBZ23+O6SyKWRKoJjZu1iK3bxNz6dAfmT3NlKW4KimriRdyInusrY8p40Gw5
glBNLPD8O2JXJ7VNAxkKPDpot1lcZo8P7RQ2DyUEPg0DruYlybbjl5+Z9Ti2ztuf
fHdrQgyzxR4EfDZ4cJxl4X1Bu4Cp6lfS5eLwwJ4L5LNycCRnQZymVK55XWbXGRwC
Dj4CsF8gXdXSxr3ZaOiaKLwgqXHH7cR9WFl13oudxWFMV28l0V3+MtDbwCfGbr50
JOF3smN27LffsaUOaKMbi95g+KzHZe9kUIAtTNIGNY28CHivGxJyyTWRlj3Oog8=
=OeIV
-----END PGP SIGNATURE-----

--- End Message ---

Bug#615995: marked as done (CVE-2011-1018)

Reply via email to