Your message dated Mon, 03 Oct 2016 22:03:36 +0000 with message-id <e1brbki-0007cm...@franck.debian.org> and subject line Bug#836505: fixed in elog 2.9.2+2014.05.11git44800a7-2+deb8u1 has caused the Debian Bug report #836505, regarding elog: CVE-2016-6342: posting entry as arbitrary username by improper authentication to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 836505: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836505 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: elog Version: 2.9.2+2014.05.11git44800a7-2 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for elog. CVE-2016-6342[0]: posting entry as arbitrary username by improper authentication If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6342 Using severity grave, since for at least stretch this should be fixed to be in a fixed version. I OTOH do not know elog well enough to see if the affected setup is actual a frequent one. Could you as well schedule a fix for the stable version via a point-release, cf. https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: elog Source-Version: 2.9.2+2014.05.11git44800a7-2+deb8u1 We believe that the bug you reported is fixed in the latest version of elog, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 836...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roger Kalt <roger.k...@gmail.com> (supplier of updated elog package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 17 Sep 2016 20:22:36 +0200 Source: elog Binary: elog Architecture: source amd64 Version: 2.9.2+2014.05.11git44800a7-2+deb8u1 Distribution: jessie Urgency: medium Maintainer: Roger Kalt <roger.k...@gmail.com> Changed-By: Roger Kalt <roger.k...@gmail.com> Description: elog - Logbook system to manage notes through a Web interface Closes: 836505 Changes: elog (2.9.2+2014.05.11git44800a7-2+deb8u1) jessie; urgency=medium . * Added patch 0005_elogd_CVE-2016-6342_fix to fix posting entry as arbitrary username (Closes: #836505, CVE-2016-6342) Checksums-Sha1: 157b7e960df3e269bee4eb925aeadd70fd0e3d5f 1855 elog_2.9.2+2014.05.11git44800a7-2+deb8u1.dsc c330b954e4bc5f6181c3a7f707b9f8acd402cf44 20160 elog_2.9.2+2014.05.11git44800a7-2+deb8u1.debian.tar.xz 12b3cfe5a0b7b1e338250a83425135fae28f4686 1299088 elog_2.9.2+2014.05.11git44800a7-2+deb8u1_amd64.deb Checksums-Sha256: 91962ae6acf8321e0b3b52cff0def990b3aec4983fa5e59d9cfb8b911a4dbf84 1855 elog_2.9.2+2014.05.11git44800a7-2+deb8u1.dsc 698fb4e2513acb71a2721b52cd174368ebb29f87a7d4d2d4a77a70566c041ea5 20160 elog_2.9.2+2014.05.11git44800a7-2+deb8u1.debian.tar.xz 8dc1b4543a9224815de08a9fa3f90910baed4ed5223dfe62f440cd9eafd37d66 1299088 elog_2.9.2+2014.05.11git44800a7-2+deb8u1_amd64.deb Files: af64171ed8008b57ea7be91df84dbd46 1855 web optional elog_2.9.2+2014.05.11git44800a7-2+deb8u1.dsc 847fee445bfd1074dd1b36151eda8ef0 20160 web optional elog_2.9.2+2014.05.11git44800a7-2+deb8u1.debian.tar.xz f96cc48d04aee014d55b3f34dad15fe7 1299088 web optional elog_2.9.2+2014.05.11git44800a7-2+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX8YyxAAoJEC/5zVlhJha1U10QAI8Bff6btCIhKA4EjZv+qk1n TsNr5xELN9IrjYh5S+A1y3iKgkWpNWqLyYzF0L9t4DIpS5M6oT/sMEeP2sHrVdtU 1euPssZEBLxZu1qOY49j+Km8e9EBxsTf+2kV5wqkUX6pIgDpUqJjLxcTu8S6aTtm 7ypQ680uH9DMsxwNWNn+/n9ldPkdK9siCvYUJRN3KAAiMI8/yIHlLVOdXFEixIbs 1Pe34vqZEliKEAbKq8Mfxtd4unP6AEmHJyZLVhj6gHD380L4sk00ePEHZmjkQB8M G9w41tU16AS+1DGM5kEHxOqiD4ZOIonno97akfUFSxGVVVo4ePnegoe5OghFxiJl eLw5+O74qcrddYdiq4UmkisKhqx0AXRuxQveDifNc9nJ7ED3KmnmMUIbHf+ziFAs OfLH4mPs3qp11MqT4fVM+CTrRM57eCc981uOC82LAi7DN3wmal5ywtj70Z4vtFO+ lozna9k7f8qNSZeZfKMsr/oGwEK50OnGxRov+Ccf2CgZtUEzs6U/9+kVczaifY8j dM87Ul8+rlUhpzA3qMVDH+KOT85K/RLy9t58M7fjFP/5oV3iJSFFmOegYYjyCgli RPRGFf4ZteC/mio9N6kzaQWArUfrPSGEuEp+3K483icRD1ZZm2w556dCQIAcRPXs 0RmjhVY1yy5ScXSBIWQI =hZCW -----END PGP SIGNATURE-----
--- End Message ---
