Your message dated Fri, 06 Jan 2017 21:04:56 +0000
with message-id <e1cpbh2-0001em...@fasolo.debian.org>
and subject line Bug#849777: fixed in shutter 0.93.1-1.3
has caused the Debian Bug report #849777,
regarding shutter: CVE-2016-10081: Insecure use of perl exec()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
849777: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849777
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: shutter
Version: 0.88.3-1
Severity: grave
Tags: upstream security
Justification: user security hole
Forwarded: https://bugs.launchpad.net/shutter/+bug/1652600
Hi,
the following vulnerability was published for shutter.
CVE-2016-10081[0]:
| /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote
| attackers to execute arbitrary commands via a crafted image name that
| is mishandled during a "Run a plugin" action.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10081
[1] https://bugs.launchpad.net/shutter/+bug/1652600
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: shutter
Source-Version: 0.93.1-1.3
We believe that the bug you reported is fixed in the latest version of
shutter, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 849...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominique Dumont <d...@debian.org> (supplier of updated shutter package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 06 Jan 2017 21:07:32 +0100
Source: shutter
Binary: shutter
Architecture: source all
Version: 0.93.1-1.3
Distribution: unstable
Urgency: medium
Maintainer: Ryan Niebur <r...@debian.org>
Changed-By: Dominique Dumont <d...@debian.org>
Description:
shutter - feature-rich screenshot program
Closes: 849777
Changes:
shutter (0.93.1-1.3) unstable; urgency=medium
.
* Non-maintainer upload.
* add patch to fix CVE-2016-10081 (Closes: #849777)
* add patch to secure system() calls
Checksums-Sha1:
3eb73977d063975911797c3625b9daa36981232d 1845 shutter_0.93.1-1.3.dsc
a7adcfe000650b6c22e118308ae7fadb7a6c2ae4 8072 shutter_0.93.1-1.3.debian.tar.xz
995e10b02095f9b5c243360fe033f06a9cd3d00b 1611916 shutter_0.93.1-1.3_all.deb
b6fec3089c406b671f51dd4f8fdfc1fcbb3f7a41 4538
shutter_0.93.1-1.3_amd64.buildinfo
Checksums-Sha256:
7d5e2833dc2b5ee09a8bab7620368ca1ae66a3c875e61921d46a11219021cf9d 1845
shutter_0.93.1-1.3.dsc
227a42fd52f676ff1d0b57a702de49c474baf9e931085d75f13399ebc862840d 8072
shutter_0.93.1-1.3.debian.tar.xz
042b1fc515e723b1d1f56281ba001711783c38daa7e9ee311023a93f30d423e9 1611916
shutter_0.93.1-1.3_all.deb
caae69f92d98d4a93e16dcad3a5ce6840e417ca5923579ed3529beecb1b9c866 4538
shutter_0.93.1-1.3_amd64.buildinfo
Files:
80d1cfc290072f6ed9d54c7bfd59b9e0 1845 graphics optional shutter_0.93.1-1.3.dsc
146ba3dadc179beb3f8e1276c185a48a 8072 graphics optional
shutter_0.93.1-1.3.debian.tar.xz
b1bb2362b2517ea75b797b1eb091cbd6 1611916 graphics optional
shutter_0.93.1-1.3_all.deb
0b20ef9c9edab27a13d5549379f6e824 4538 graphics optional
shutter_0.93.1-1.3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEn3I5/LZk8Qsz6dwDwx9P2UmrK2wFAlhv+bYACgkQwx9P2Umr
K2zFhw//WRT1BB7WeVosfn7i/Tyli7CAwtQzTIT7jmccB2esug+gxlmGgltx4UtW
2+UmTMnxpZaHo4TgbS0jfZgT30KxjrcC7bj7LBt4VgIXyhywANo0TlAenYUKfIyr
DWlN5pZih6G1amwBWmpSS/ajzghIlNY49nTrPSNlmS6q+PlTpRmsF3t6zKucTwkv
aBDE3V1JMAeSe0pmqdpaR5XbG+S/7t9MSZxFrQt6277biu1ZVF7vw03fk7mrlgrJ
mkpd1pqjNrSFYHvvRB7zIP5Jl6berV81e0b3L9+ZcoB3OINyk4Qt61e8jb/VgkcC
2Q/5PMxNIxFhO68klljIN5enpms4Sd9FTsOy6uAs6MPKiE9P6iBCK8+mZ0d5UtVN
60erPCkQ/erWk08tFJ3HWeuHvh+Kou3wz91bUWJ88wSNMH4BDQjHXXYsQmNnbyFh
PaCYzlDu06T/vq0yChSVkji6Yw+UcRFKdESTdE6vchDfSo42COtMaspkLJPXjuht
Xz+d4S1ZMW8Wvjp1U9AEiQjpFslfGHxvNuPohNPu+rX2te7bidJbl0lKaIbMpmO3
LvelxtuGqiGik9i3jHKu6H5M/beQrj8ifsKj9I1PLpNiM5U+s7s4GtQ1lH3SQfGL
7cTT7BNO9GhGJI0PVdyGJ9IJfWDElVXoguGIH7v0D+xY8VhQ0+M=
=VNFa
-----END PGP SIGNATURE-----
--- End Message ---
