Your message dated Mon, 14 Aug 2017 09:34:39 +0000 with message-id <e1dhblf-000d6e...@fasolo.debian.org> and subject line Bug#870187: fixed in supervisor 3.3.1-1.1 has caused the Debian Bug report #870187, regarding CVE-2017-11610 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870187 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: supervisor X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for supervisor. CVE-2017-11610[0]: Authenticated RCE This issue was fixed by upstream in version 3.3.3. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11610 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11610 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: supervisor Source-Version: 3.3.1-1.1 We believe that the bug you reported is fixed in the latest version of supervisor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated supervisor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 12 Aug 2017 10:55:14 +0200 Source: supervisor Binary: supervisor supervisor-doc Architecture: source Version: 3.3.1-1.1 Distribution: unstable Urgency: medium Maintainer: Orestis Ioannou <ores...@oioannou.com> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: supervisor - System for controlling process state supervisor-doc - Documentation for a supervisor Closes: 870187 Changes: supervisor (3.3.1-1.1) unstable; urgency=medium . * Non-maintainer upload. * Disable object traversal in XML-RPC dispatch (CVE-2017-11610) (Closes: #870187) Checksums-Sha1: 933d06eb5198b75b2129ba8d30285e9035e3b4df 2202 supervisor_3.3.1-1.1.dsc d8dc4e7a091301cef1a212ac8ea9c12e3d157e29 415246 supervisor_3.3.1.orig.tar.gz 9f0bd7de2797cc15759810436778ce7e5ef41b44 34864 supervisor_3.3.1-1.1.debian.tar.xz b00ef39a22593c532782867b152987445f4bde98 6553 supervisor_3.3.1-1.1_source.buildinfo Checksums-Sha256: 44bf2dd0da13e4c69300ccfcc0966485158c69d133fa283cbdd81de1d267859f 2202 supervisor_3.3.1-1.1.dsc fc3af22e5a7af2f6c3be787acf055c1c17777f5607cd4dc935fe633ab97061fd 415246 supervisor_3.3.1.orig.tar.gz a4cccfaa35e22bd081ae2a01f184e7493270d0cee8d4e242099e9383002746e6 34864 supervisor_3.3.1-1.1.debian.tar.xz bf886b75f6e4f8ca69fd7f6b0176af708e435c8d5170e84ab21ea4f46e4f300b 6553 supervisor_3.3.1-1.1_source.buildinfo Files: 7d15aff5e2472e972e83bc540531f208 2202 admin optional supervisor_3.3.1-1.1.dsc 202f760f9bf4930ec06557bac73e5cf2 415246 admin optional supervisor_3.3.1.orig.tar.gz 659160561fbc467ef329e94756863fb3 34864 admin optional supervisor_3.3.1-1.1.debian.tar.xz b1227a5383eeb9d5c18200af29effe9a 6553 admin optional supervisor_3.3.1-1.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmOw5VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ec9oP/i5zLLNv7cE/QLoaUQ3xr/JPW/uv8693 f0w5lP+c+VB6faFOP5ZQI/MvYDS5pwHzN6GKS8uvmlJlQ0xCFKDLDKuj4rBmJgcJ dxkKz04v4KOU9NOUVgkwESg7vINac46XCl20Tv+qGzaOBNt5Pxssmi5F2/78O3ri tSjw3Kz5qfqPENYRq+xCO6BRLwAbr6lIpD3D5id3nvRw6/ma6wnMwKF663jhz6L8 B1GvvUxIihnAvzoJ165cHPTuNZrB6afm8n+fxD5jiEXQbZOuzbl/Fcx0EJJYMxmg EL084NJxGeK97tYUsjAPyEBgy1y+xXNTyQSX79Hfb7neJCjIe3wi1A8NNaDt8Zfn lXHMft4WiX1pxc3TlpbI7TYgNgaXr78y57lMuUDU2BYvSUcdjpRSbEnIViFNfkvA n6+JnVj7llezLMGYCNpzZKZ7gvKrrmnyV9hqbFJkaktQFC6YQFFkfK2OQc1UZj3q 4vJQ0WsgABcqsQ4UJlAzZi00x2W1ifbRIRi1skfpJKusK/0fKpcRRXL7BmL+COeT VTVaC3dFEdD2Q+realt95KADOznDLvMxyQ2ikY8O4DKpd1PdBxT+IEAbOfwGlyOP u4g2/cDprX5m4Mf1loGqe96hErJwsUyRdissvBpvawG6sZDMHnNFtLlDjHZQXRM1 fuw+ivF1r80Q =dKYt -----END PGP SIGNATURE-----
--- End Message ---
