Your message dated Thu, 31 Aug 2017 06:19:47 +0000 with message-id <e1dnipp-000gqj...@fasolo.debian.org> and subject line Bug#873439: fixed in flightgear 1:2017.2.1+dfsg-4 has caused the Debian Bug report #873439, regarding flightgear: CVE-2017-13709: Incorrect access control to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873439: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873439 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: flightgear Version: 1:2017.2.1+dfsg-3 Severity: grave Tags: upstream security Hi, the following vulnerability was published for flightgear. CVE-2017-13709[0]: | In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger | subsystem allows one to overwrite any file via a resource that affects | the contents of the global Property Tree. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13709 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13709 [1] http://www.openwall.com/lists/oss-security/2017/08/27/1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: flightgear Source-Version: 1:2017.2.1+dfsg-4 We believe that the bug you reported is fixed in the latest version of flightgear, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Wanner <mar...@bluegap.ch> (supplier of updated flightgear package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 31 Aug 2017 06:46:33 +0200 Source: flightgear Binary: flightgear Architecture: source Version: 1:2017.2.1+dfsg-4 Distribution: unstable Urgency: high Maintainer: Debian FlightGear Crew <pkg-fgfs-c...@lists.alioth.debian.org> Changed-By: Markus Wanner <mar...@bluegap.ch> Description: flightgear - Flight Gear Flight Simulator Closes: 873439 Changes: flightgear (1:2017.2.1+dfsg-4) unstable; urgency=high . * Add patches init-allowed-paths-earlier-secu-fix-c004ea.patch and prevent-arbitrary-file-writes-secu-fix-79e3bc.patch: prevent malicious add-ons fro moverriding arbitrary files. Closes: #873439 (CVE-2017-13709) Checksums-Sha1: 47c10f52ce924a6d71a0a7b5760b7204b0d49f87 3427 flightgear_2017.2.1+dfsg-4.dsc eab1fd9bfe360702f9e83cd493a730cdea091a7b 29364 flightgear_2017.2.1+dfsg-4.debian.tar.xz Checksums-Sha256: 80226b12849f9d9a2004e9df73ddb43012f1614bd480c3d38fa67ca01231965f 3427 flightgear_2017.2.1+dfsg-4.dsc a7d7b372eeed41d2a465b4c795e95fc4c9e7f6ed127d381426ad1250c8b85259 29364 flightgear_2017.2.1+dfsg-4.debian.tar.xz Files: 656cef1bb1ac2711d6c378271cdd4a2c 3427 games extra flightgear_2017.2.1+dfsg-4.dsc 16483f06df893c1f196a982df83dddd0 29364 games extra flightgear_2017.2.1+dfsg-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQQzBAEBCAAdFiEE7WdiNgeE4zHiUwPWAlr+layd8xsFAlmnolwACgkQAlr+layd 8xtU9SAAiJSUt+L26IZoQ35hIILVUanrry0+QHZ9rABHFxGLS1p1MRTj2BgMms+r Ug5OZq1o33xoO1PNDqTe52kg/tVM0H7qhTkRGKfPXKn0jxvWcZGvAi5w0cemJqnr Qwu+O6XUj7NmHi3yBYFv/IZQTNFtXE82Bo6Rsr8vXl9Ub3/qZwyWlbftD+EWdn+j YJavg5/9W5vCX2Wp6h3xqVzxH1N7mxoJ6OW+7kfc4mtS+0T0dJ2u/l42rTSBjaTb cz+9r7tvCfSPwZ2W/TpA+06EcZKF9KrQulNxsu373no5CvmKiv0V62GegryvNAqB BkKdS8V8B4CEsseymp1HfVZ3I2AMKOuBZWWQMXcbjMqacAxTkuyWCRRaLOf8OcUz PT58e4hfS01MUooaLUq3pf+bKREvmS3BFQZC6Ju2jKqQNaKHa/j1Rq/1sZVYr22a Z4tlATWGMfdumEEdDu0DWKIlufehwHxc/rdlrhdp5aU06LmWdnAHQ8Mo+Rwk7EgD TiyocBJpp1aB+EycU8C6reL1XJjZ4eMiUDSniOkANCcM4Y+saxdIgbCW0prvFymc giUPkPMmV8EN0J5YkL3JlsiivsZ3S9to7BcyviitKZjyAvkGB7yPAO6gwzWNFqnc 4cq8j9/IxZN879C5La0TcPoDwy5cXGy72emKyJEPL/X1CGkZ0GOHWT9lSUuAYE4g H3zLAn87S02IuC4MSud//xVSaB9fshhW+9bRA+EnJaleg80K7pmdIB859yxHplgq RQeSHnGTm/2V5YOKEblNjwa/gX+grSu6WINWbFKwQrZOIBZd/r1sGDuuZx6lAB2l gaTXJR8+ZSjXPc3WOPmY6q0SGrpUplij0zOjy6SpfZhQwwmfbrQovEJT8Nvx7eiQ A5NX1J0SFvCu5EEiujI7tiQGPxPGdX36OFPLH9egfYJGYtMirfCWkyY0k32biZzb gIYnuq0SrW3G7xA9gunzWvbUypmmoF7N83WJE3fLWjTjLpbVw9VhnpPoMaX31wm5 TEjzLc7n2Jc9gxeO7n4CEJHxYmhm3/avPMt2rZ11xJSvM4RzVscJtx8t4PkjrW8D Fc55CjaialpvNyowA7qGHE3sfUezRAQtbrDrtUy6BTpmLh90MlrgbIOkPcxm8wWV c0WF0ZPGGsuGS+VIGv/ksm9xTwfbfULgZzZ27puBLDEiG87Iw+yPl4RzhKlRKkzp cRu7eO7UPnXyBS1HjqcLlQxZ0DsFOQcgI80rMPZxoRW3E7R7hPmloOY6UJR9S9jq LVKVksYDaI7tWz1yfusF2KzWIQrHEbK3610xYjDfVInjrJBYfvjRqBQHT0VPYT7v YoM0gvd0LgW7R24ZMK97bchO3QrMGg== =XIps -----END PGP SIGNATURE-----
--- End Message ---
