Bug#863586: marked as done (CVE-2017-4965 CVE-2017-4966 CVE-2017-4967)

Debian Bug Tracking System Wed, 28 Jun 2017 11:33:29 -0700

Your message dated Wed, 28 Jun 2017 18:31:36 +0000
with message-id <e1dqhkw-0001op...@fasolo.debian.org>
and subject line Bug#863586: fixed in rabbitmq-server 3.6.10-1
has caused the Debian Bug report #863586,
regarding CVE-2017-4965 CVE-2017-4966 CVE-2017-4967
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863586: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863586
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: rabbitmq-server
Severity: grave
Tags: security

Please see
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-4965
https://security-tracker.debian.org/tracker/CVE-2017-4966
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-4967

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: rabbitmq-server
Source-Version: 3.6.10-1

We believe that the bug you reported is fixed in the latest version of
rabbitmq-server, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 863...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated rabbitmq-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 28 Jun 2017 15:00:41 +0200
Source: rabbitmq-server
Binary: rabbitmq-server
Architecture: source all
Version: 3.6.10-1
Distribution: unstable
Urgency: medium
Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description:
 rabbitmq-server - AMQP server written in Erlang
Closes: 863586
Changes:
 rabbitmq-server (3.6.10-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #863586), fixing multiple issues:
     - CVE-2017-4965: XSS vulnerabilities in management UI
     - CVE-2017-4966: authentication details are stored in browser-local storage
       without expiration
     - CVE-2017-4967: XSS vulnerabilities in management UI
Checksums-Sha1:
 9a31d29329c59ba97fed975dc23922c7cbcbb236 2206 rabbitmq-server_3.6.10-1.dsc
 0d879f998683079a31c1e872ce4c5640ebd35406 1426900 
rabbitmq-server_3.6.10.orig.tar.xz
 a70c927703f243e2a67b38fa0e652b4634cf96e1 16716 
rabbitmq-server_3.6.10-1.debian.tar.xz
 2ab1b28a7567f6856dd7d263d719af72f1247460 4628300 
rabbitmq-server_3.6.10-1_all.deb
 296887047e083b8df7747267be534f2d2c50df03 8302 
rabbitmq-server_3.6.10-1_amd64.buildinfo
Checksums-Sha256:
 2d7dc255d4377b790b4f3c49d5ec99ca0a28d6057a7b16db7f7ff6dae3ecade0 2206 
rabbitmq-server_3.6.10-1.dsc
 0f478950a3e27b6b3b5aa57098eaf91822321d716a9b0bc30a4084a2c283394c 1426900 
rabbitmq-server_3.6.10.orig.tar.xz
 262287ba89df1107e44064913234fde209e3ed6ec72f2121389cc3926243e91f 16716 
rabbitmq-server_3.6.10-1.debian.tar.xz
 ba51a6c7232f5fe6f6591e53b1e53651f70de0b23be5b96d682b856aace13e12 4628300 
rabbitmq-server_3.6.10-1_all.deb
 13d64cbe88fa80395a0ae90bb451bf8f3097d651f6a210c2d903fa1993e9e852 8302 
rabbitmq-server_3.6.10-1_amd64.buildinfo
Files:
 d98445bfb41dab17b66a588dda5b4bc2 2206 net extra rabbitmq-server_3.6.10-1.dsc
 3b2e7514a016a81859443723f6be514b 1426900 net extra 
rabbitmq-server_3.6.10.orig.tar.xz
 745f627bcf6cc676c62e27e2f76e6bcc 16716 net extra 
rabbitmq-server_3.6.10-1.debian.tar.xz
 e54ce7e61417d2a1d3a16d2d7d44b9ab 4628300 net extra 
rabbitmq-server_3.6.10-1_all.deb
 20630f389b0673ae3cf4ecc780ccaf02 8302 net extra 
rabbitmq-server_3.6.10-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAllTrS4ACgkQ1BatFaxr
Q/5Bvw/+NbKRB6/f3S+moGnF3FJ/PZsSf+2MPbFJFJu2O209xHGXY8IxWGcpbpoT
yb73vwgx6kqTytrhb3r/igHRi5cZA7QsTpbpcUSdXajTbQxeGlDFmApF3K2wcYg6
6B3Xra4Wy50eyFXehx/3TV3JKZ+uFx+J/y5wzyNzIWXnPtfO5IyHRf1yc8ubA7dW
t+65xeBZx/Iaj35zLxaOLALw82tOvlePBOf6s6nbFrHoCqAnf7vg/aBXOoBe4sUL
PfXGr9fpS9DPmn/G35dNBqKy/aW5srFmeMFmXpv4cZZ2ru17NPbbJKjjiL8RpRJC
qwP4eyAMEbHrP1/LLkAQgPtgrKMmhYnyDfoIpFsJ3hqyPS4gFnfZQCV6Fqr+GsHS
CTCrIGKQvxPL7hgU9Z4Vhvz/1lv+RUPMM5uO575ETtDGjlMhqUY4UBY1bae0JEIN
Yilp9Yv30PU9KzkahMmWqSxJkvGPYt2WFieHulAC0pzq4Ll3PHdZ6H/vWc6KSF02
x02O9igLlWWtkBmDRN5oef4UqvF7HwZ3bhaACa7AGX6zYw4ILlluLwK1HTcP2EcE
G1TqgoeVnJn4KDy0zngJHLMF1YgnMQUr2xysrIQUe19902XLrWAV+Mpvhe484/4O
3xiEj4NruJ++SL+SV0h9WexOpVrziFDxRfwtnNyTFTLtxW2yOsg=
=79hm
-----END PGP SIGNATURE-----

--- End Message ---

Bug#863586: marked as done (CVE-2017-4965 CVE-2017-4966 CVE-2017-4967)

Reply via email to