Your message dated Sat, 29 Oct 2016 14:59:54 +0000 with message-id <e1c0v6w-000ibx...@fasolo.debian.org> and subject line Bug#839284: fixed in git-hub 0.10.2-2 has caused the Debian Bug report #839284, regarding CVE-2016-7793 CVE-2016-7794 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 839284: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839284 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: git-hub Severity: grave Tags: security This got assigned CVE-2016-7793 and CVE-2016-7794: http://seclists.org/oss-sec/2016/q3/666 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: git-hub Source-Version: 0.10.2-2 We believe that the bug you reported is fixed in the latest version of git-hub, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 839...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Maximiliano Curia <m...@debian.org> (supplier of updated git-hub package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Oct 2016 15:20:19 +0200 Source: git-hub Binary: git-hub Architecture: source Version: 0.10.2-2 Distribution: unstable Urgency: medium Maintainer: Maximiliano Curia <m...@debian.org> Changed-By: Maximiliano Curia <m...@debian.org> Description: git-hub - Git command line interface to GitHub Closes: 839284 Changes: git-hub (0.10.2-2) unstable; urgency=medium . * Add upstream patches to fix CVE-2016-7793 and CVE-2016-7794: Validate-received-URLs-before-cloning.patch clone-Use-option-terminator-after-options.patch Always-use-config.urltype-inside-git_fetch.patch (Closes: 839284) * Add upstream patch: issue-Print-URL-for-new-comment.patch * Add upstream patch: setup-Clarify-when-local-configuration-is- written.patch Checksums-Sha1: bde207fb5382b3edc23bb582e50931b72fea585d 1825 git-hub_0.10.2-2.dsc 95c113461513bfdad0b3b7176133dfae3697e151 5872 git-hub_0.10.2-2.debian.tar.xz Checksums-Sha256: ae381489f896be9c4741970c7ec0fbbb16e9d77c8e24bc432e574b7ccb4fd54e 1825 git-hub_0.10.2-2.dsc cae2401f730d3db0f91e46e2b9fc1c229c934033021a105b5b7cdfcf6bc7565e 5872 git-hub_0.10.2-2.debian.tar.xz Files: 0f2d00763a8e7c14659922902fb35bdf 1825 vcs optional git-hub_0.10.2-2.dsc 71ef6b8f221e9b39ebf14886305f7518 5872 vcs optional git-hub_0.10.2-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYFKJxAAoJEMcZdpmymyMqISAQALdVABta4bqcQ08XAFtHApTV vatP6ti3KqmuSPaYsqYjdahz4n8IxMOUH8kWydQgl9BNXayNg2EfM++knEX03yKh LT8grxvgqXeOpedG6HVCnEuf+siYlWIauXa7Dn9Y3vjHXZ19UavuraPP9NmhE6Bf xkyjHie0zf/WzeAS+rk0/nqRYBz7CGFhDfVl/7s/oD5Amq8wPBnnafNXB7ROWzD1 +l1y1bUUJgYHP3sEhYxBYOA60hgFjdeFzZBKxX5CWn/gIKz3pihFB0AmFj+zfO1r edcLUNu9uHxgqh4G5S528Wi1FLr0F9Zm0c0yIkf39eYdUgClVoECtx7/2AcBsqqY Vu0W+W/e7+Vedp+v3ORHa+b+y/aZn0n1qvwMS+RpYv4bbkzAM6+AHQN0Qa29p0eh qIpBQw57V5EH1F9YV/P48XoKJjcgAEOOiPdsmR93ssrocapWqHXca1gDpM7vFFcQ CuAxH+dBENhbLQODDYTQFaAaQXBKUylrVPzZ3D891kkY5w6vyKq1JM/ZSK9CG+g1 UwiDhVQuB+tuLgDGp2aqf5eVmasheVR/IscNS6s46d0IJlaaDeDP/2cboGEL1AgA a4KRB8nIDCLth1IxGXLC5+T4BRDO4rKvIBE4vHbqrcS2DiCBalLuRAFKd5N78BP6 A7rCxRpmMc3LIZu6fbFg =q9ne -----END PGP SIGNATURE-----
--- End Message ---
