Your message dated Fri, 24 Apr 2015 16:33:35 +0000 with message-id <e1ylgxn-0004lf...@franck.debian.org> and subject line Bug#776502: fixed in grml-debootstrap 0.69 has caused the Debian Bug report #776502, regarding grml-debootstrap: CVE-2015-1378: Issues with sourcing cmdlineopts.clp from current working directory to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 776502: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776502 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: grml-debootstrap Version: 0.54 Severity: important Tags: security upstream Control: forwarded -1 https://github.com/grml/grml-debootstrap/issues/59 Hi, the following vulnerability was published for grml-debootstrap, but as far I can see upstream has not commited a solution so far. CVE-2015-1378[0]: Issues with sourcing cmdlineopts.clp from current working directory If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-1378 [1] https://github.com/grml/grml-debootstrap/issues/59 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: grml-debootstrap Source-Version: 0.69 We believe that the bug you reported is fixed in the latest version of grml-debootstrap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 776...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Prokop <m...@grml.org> (supplier of updated grml-debootstrap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 24 Apr 2015 18:12:55 +0200 Source: grml-debootstrap Binary: grml-debootstrap Architecture: source all Version: 0.69 Distribution: unstable Urgency: medium Maintainer: Grml Team <t...@grml.org> Changed-By: Michael Prokop <m...@grml.org> Description: grml-debootstrap - wrapper around debootstrap for installing pure Debian Closes: 776502 779913 779925 780204 Changes: grml-debootstrap (0.69) unstable; urgency=medium . The "jessie partyyyyyy ♫♫♫" release . [ Sebastian Pipping ] * [ccba9a8] Try unmounting [..]/dev harder * [e5e71bc] Delete binary packer/fake-uname.so * [be32888] Initialize packer/.gitignore * [762d9ef] Fix packer/Makefile dependencies * [d945d99] Check for grub-mkimage when creating virtual machine images * [9d3d538] Add grub-common to recommended dependencies for grub-mkimage * [b3cddce] Fixed version reported when run from Git * [7b07013] Source cmdlineopts.clp from same folder as grml-debootstrap file (Closes: #776502) [CVE-2015-1378] * [92b1de2] Add missing escaping of user input (Closes: #779925) . [ Patrick Schleizer ] * [3aa7301] Break when using unsupported generic codenames "stable" or "testing" . [ Michael Prokop ] * [f992b13] Do not stop hosts' SSH + mdadm services in cleanup procedure. Thanks to Sebastian Pipping for debugging and bug report (Closes: #779913) * [dae518d] Define ewarn function to properly display warning messages (Closes: #780204) Checksums-Sha1: d5507656ad19e0b3e6c7d6c2996eb3baf015b1e6 1803 grml-debootstrap_0.69.dsc 6042ff73f245f59152667f2ace367372dfa049b4 150712 grml-debootstrap_0.69.tar.xz 9cd748044b316fd4c4e3bde1e4c64e7023f9feda 123572 grml-debootstrap_0.69_all.deb Checksums-Sha256: dd7782776d94caba0ebd40cdde65003c24ee8520e733fd6a77742c4f16447af1 1803 grml-debootstrap_0.69.dsc 2cfe1815edfb655399d86a22cb9054bca1b6db83cda2569faae936c47ddde3ee 150712 grml-debootstrap_0.69.tar.xz 9381d9e1d24ccabea75746cb56eef2370cf1c534127a008c432dd84ea01d384c 123572 grml-debootstrap_0.69_all.deb Files: 3a5afce95a5abe7caafe1bfb9e70bb0b 1803 admin optional grml-debootstrap_0.69.dsc b4656c093dc3ce05a682ce9ff55783bb 150712 admin optional grml-debootstrap_0.69.tar.xz 88ee38d6507b81c1b76d53603270d455 123572 admin optional grml-debootstrap_0.69_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVOm8qAAoJEJaoeHK36jc3W4AQAJ6EwhbZ+Szygci1q2fXvLWC 4nyb7y4J5ojaD3En2IIxEtjVP2203NsAD2lAfoKD0xefTDv1j76gawag8x+Hf3oy BxcmVSHu7G4LmCh3LyBQGG3eHJpXUk5Er+2i7Kbo4aoUNCqeHMZCmt7fMO4ZNKHA NhTxSPDjRE4asvOuLG0Tx7VNTbQaF5nnCFyyE/Lo+AyaOj/Y1R4eRbVgpcC0Dnwp Lkyyxf/T+q7Jj5CkgVFHwgnvUheCd/nJbvC/sq0UsCbk+YBbOmeMIZh6d8ytIHc0 23zk07RCDoR4FVF/iFE9L4Bn9+NMDzBs+Wd94Yv7QRgM7NgiG4m5UCOCptU02bJq FFWgfgDWRBtlyEQCvG7Dd7SrCo0ihTc3ZhDI7uui2LMCECbOyAylu06R86qXNGBz nr7tNVNMkeXP+Ftt6xTVOfBs3gMNSf5gmJxb0y2JFBneM76Fk5yBdJEbiQ5xs9pu vvulbDjtGympkX7OE2S9hMTmLjuZ0Vj/UUOmsJnuWGVYWAZcJkrmsVwow5DpdRuL 4SJO9m3JYKmSLcdU4AeK1uj24YL9vxKccprMLsfz1w1abpLMsN1XpC9Hqm8OFeI9 iicNECAWBztSqFUD0iEy5qqxuWkwvZFJe0jKlggR4ew1tHJNfDEIAa5h1T9zGncx L6+M4bFqHe/WiPbiWIun =cYHq -----END PGP SIGNATURE-----
--- End Message ---
