Your message dated Sun, 08 Oct 2017 12:17:08 +0000 with message-id <e1e1aw4-0005w6...@fasolo.debian.org> and subject line Bug#873439: fixed in flightgear 1:2016.4.4+dfsg-3+deb9u1 has caused the Debian Bug report #873439, regarding flightgear: CVE-2017-13709: Incorrect access control to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873439: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873439 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: flightgear Version: 1:2017.2.1+dfsg-3 Severity: grave Tags: upstream security Hi, the following vulnerability was published for flightgear. CVE-2017-13709[0]: | In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger | subsystem allows one to overwrite any file via a resource that affects | the contents of the global Property Tree. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13709 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13709 [1] http://www.openwall.com/lists/oss-security/2017/08/27/1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: flightgear Source-Version: 1:2016.4.4+dfsg-3+deb9u1 We believe that the bug you reported is fixed in the latest version of flightgear, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Wanner <mar...@bluegap.ch> (supplier of updated flightgear package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 01 Oct 2017 20:14:35 +0100 Source: flightgear Binary: flightgear Architecture: source amd64 Version: 1:2016.4.4+dfsg-3+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian FlightGear Crew <pkg-fgfs-c...@lists.alioth.debian.org> Changed-By: Markus Wanner <mar...@bluegap.ch> Description: flightgear - Flight Gear Flight Simulator Closes: 873439 Changes: flightgear (1:2016.4.4+dfsg-3+deb9u1) stretch; urgency=medium . * Add patches init-allowed-paths-earlier-secu-fix-f372d7.patch and prevent-arbitrary-file-writes-secu-fix-58d8e1.patch: prevent malicious add-ons from overriding arbitrary files. Closes: #873439 (CVE-2017-13709) Checksums-Sha1: c16e6f475af4aa786b8ccdf8a4ec78f63fa7e4d1 2702 flightgear_2016.4.4+dfsg-3+deb9u1.dsc 2b61f62f00362c3be0dce5c1117ad4c68b4e4857 6387270 flightgear_2016.4.4+dfsg.orig.tar.bz2 42e91b0c3db2dd3cc429737f527e06429d4fb97d 26084 flightgear_2016.4.4+dfsg-3+deb9u1.debian.tar.xz 7ed989db942a881ba9b65de32e0e7ec43f12ab0b 59996334 flightgear-dbgsym_2016.4.4+dfsg-3+deb9u1_amd64.deb 14a76640b2a6b36eb597ac7a68df34423dc6ec8c 17511 flightgear_2016.4.4+dfsg-3+deb9u1_amd64.buildinfo 48ad869d99d9d1ecbd88ba0f8c50f44613d90137 7664814 flightgear_2016.4.4+dfsg-3+deb9u1_amd64.deb Checksums-Sha256: ee7046668ac2dee02f7b8b45e0d2af541034f2e324df74fb536c362ae36799b8 2702 flightgear_2016.4.4+dfsg-3+deb9u1.dsc 269fbf0e5815880fd04f9f41c777315e275b2fc606a6ea7579d848ff11109bd7 6387270 flightgear_2016.4.4+dfsg.orig.tar.bz2 f4363634c02e6e0d43a2bbfe63268148bd338f232d38bf2ef4ffe80d1b3cd0ae 26084 flightgear_2016.4.4+dfsg-3+deb9u1.debian.tar.xz 621542faa12e202c4f2f1a4dfa90ab7e597e39d1872cbdc86b83704baf642e02 59996334 flightgear-dbgsym_2016.4.4+dfsg-3+deb9u1_amd64.deb 3de07fc809d838b164555ab223a04d7ad590345f770163f9f20f03f4f1883a74 17511 flightgear_2016.4.4+dfsg-3+deb9u1_amd64.buildinfo 8bb06c6d248ede499a04c521b9c8d23b765c23dba7e3422117a9483971eafdb3 7664814 flightgear_2016.4.4+dfsg-3+deb9u1_amd64.deb Files: 5899e96585afc5ef755598fb0f5f7eb8 2702 games extra flightgear_2016.4.4+dfsg-3+deb9u1.dsc 7ec5e67fa483bc7e97d0c9b79fc51059 6387270 games extra flightgear_2016.4.4+dfsg.orig.tar.bz2 152af9704470fd49d17a8c896fecd647 26084 games extra flightgear_2016.4.4+dfsg-3+deb9u1.debian.tar.xz 00a1dd32559ad2f6b5eea78d51477a66 59996334 debug extra flightgear-dbgsym_2016.4.4+dfsg-3+deb9u1_amd64.deb aeb53b4d6d127f8497e382a1b12ce698 17511 games extra flightgear_2016.4.4+dfsg-3+deb9u1_amd64.buildinfo 240cfe6ea0faeacc2883c09d389d1c3a 7664814 games extra flightgear_2016.4.4+dfsg-3+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEe6UnvggjX2qTFULG6UGJtTJZmDwFAlnR7vMSHG1hcmt1c0Bi bHVlZ2FwLmNoAAoJEOlBibUyWZg8ICkP/jGq0CVpKr9lClCIj+Ts+AAcBuohrs4V TRQ4Nm9Y8MeiJjWFf8y+ljUj8z8dt7ZNicsYjpr6aBbx3M+A6tyG/VbSg1+CTIuu Ve0/+W2yxwQd7TWlG6FHPBNFbpE09G9cf3waCHiRFw9x49KOYOsU2Rd/iF4O/+z4 k5RRQmuoydbUg4FZpvvQtaLwNRFWIP6QqCei1oQOpG4GzVv7Fgb3E+bngNfm0M2x o8vcuvdDIhijt/Jq81ni9bpeNHo3Q5PLHY4ZaA6Mr1QxzJHZzxl3p3EQUvehrNWV WLp3h3V3jHzrr4kixD5rG1lLmGJ37xt/nV/IFw+viLjOpuZrYmVnhy9qUa2n+tK0 +crJbLWwLtLDZfP+l02PgkmI57jBUwT3XySkV0TTQ1ODbvFU7E4cVzdy3yNppcG9 HgvHIHcM28qvYX2iIUeqpig1IQJm9dkFBZYaVYgoFJQZ069RV2VxzruOYXOPaneW fftsOXk4NsFvQ5o31Vatfz9rvYD46Y7LirTFlvXoXAvb+CFGX1342zjctL+zUbvP WDE/4YzqKC8V+HWdKIJBImq9WNxde/hcbaow7hquFwW++UrhJREWalxHqfkKYAFy UPb/E+Dg5/avnRiMtgIr1o53EhvM5hteBqcE8FmxGZTgPoaief+2Trz862D32YT0 5/WGhipvY+bm =FxFK -----END PGP SIGNATURE-----
--- End Message ---
