Your message dated Sun, 19 Nov 2017 22:47:39 +0000 with message-id <e1egynh-000eml...@fasolo.debian.org> and subject line Bug#873439: fixed in flightgear 3.0.0-5+deb8u3 has caused the Debian Bug report #873439, regarding flightgear: CVE-2017-13709: Incorrect access control to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873439: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873439 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: flightgear Version: 1:2017.2.1+dfsg-3 Severity: grave Tags: upstream security Hi, the following vulnerability was published for flightgear. CVE-2017-13709[0]: | In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger | subsystem allows one to overwrite any file via a resource that affects | the contents of the global Property Tree. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13709 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13709 [1] http://www.openwall.com/lists/oss-security/2017/08/27/1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: flightgear Source-Version: 3.0.0-5+deb8u3 We believe that the bug you reported is fixed in the latest version of flightgear, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Wanner <mar...@bluegap.ch> (supplier of updated flightgear package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 Nov 2017 09:33:09 +0000 Source: flightgear Binary: flightgear Architecture: source amd64 Version: 3.0.0-5+deb8u3 Distribution: jessie Urgency: high Maintainer: Debian FlightGear Crew <pkg-fgfs-c...@lists.alioth.debian.org> Changed-By: Markus Wanner <mar...@bluegap.ch> Description: flightgear - Flight Gear Flight Simulator Closes: 873439 Changes: flightgear (3.0.0-5+deb8u3) jessie; urgency=high . [ Florent Rougon ] * Add two patches for CVE-2017-13709: - call-fgInitAllowedPaths-earlier-c7a2ae.patch (required by the next patch) - CVE-2017-13709-FGLogger-2a5e3d.patch Closes: #873439. . [ Markus Wanner ] * Massage patch meta information to fit DEP-3. Checksums-Sha1: 6a795fc966a07f7f0c1798220b8ed16f48b7dc9c 2585 flightgear_3.0.0-5+deb8u3.dsc ae0e3019b3e04404f2512d80179b01d6d7d35ffb 30864 flightgear_3.0.0-5+deb8u3.debian.tar.xz fd99d72998dde386b266d150b0c92d53418388b4 3943596 flightgear_3.0.0-5+deb8u3_amd64.deb Checksums-Sha256: dd9b848d459a57d94b63f762a4461145d13148239e7aaac9a3ff8fed959b4c02 2585 flightgear_3.0.0-5+deb8u3.dsc b8a03b93e8d783bc7422a38cdfe48c5799a3a223bdf1f4b99462f7627093fde9 30864 flightgear_3.0.0-5+deb8u3.debian.tar.xz 58e63dcca6883f4f8a1070db485c6bcc025cc727374080f0aea709a0c5520b69 3943596 flightgear_3.0.0-5+deb8u3_amd64.deb Files: 99c33ba1f318e86309a53b66afac2a54 2585 games extra flightgear_3.0.0-5+deb8u3.dsc 7327638baf9f24726c2911b5503cacd6 30864 games extra flightgear_3.0.0-5+deb8u3.debian.tar.xz fe8580590246464b0c113483634b1b15 3943596 games extra flightgear_3.0.0-5+deb8u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEe6UnvggjX2qTFULG6UGJtTJZmDwFAloRdyQSHG1hcmt1c0Bi bHVlZ2FwLmNoAAoJEOlBibUyWZg8Uw4P/0UyDDkdAHzqJU1tOmE0V9c80s2w6zGA 2NrLrPcDQYPubUyfcQGsZlDMOVMLRSWQSyhIzWEmOOGBvKxVd08nKN3xH6xPLGRp VcQb8sxd8Pw4IsbikoIPdsHcWm8J2nZvu1EDXUhIWvMA0v6bFeVhMaQEL+Sc3CNW 9rKOYpllzKPQhXVB78r3nhKssq2fSGVal5eiCGHa7yNSUFbRLKyn6Q3eKt4D8a1l tgBH1fj/om3TvtWs6uoYUcPM1DGXMMKsLqdgjRDalhbVNjSRGk89MxHou/5YZPAw eFevlpRsfceqRZ8am1lzgk5Fb7Rp0q15qxerhPjg1RjbAnrGOBEN3iBDoQJNi4dZ yHh2+JwZEt6LwwDw13kvxb2HsHiAS+ve4yrBtVWpAYyfK2rrJDhv9onVfUoIioHK rxPCCdbUJP4TZadDoqlwaH7gYevUNsClv9EjI2t61jbkxbkLJDGoNEerOqhrBdHQ miYFxsC4woLHoElR0QngEjGadECMKqdjTXmvj9NabzV/WSEInoLJZT7mJpwxp/Dx f39uf1vBGslonpmJSw5vsBdkbtdnsDs//ki1aQyzRcaQatb2Z+hGmLx0B7gAOVDA yFDK3MZo/3x0oEwBD8mKlwAZnwgqL6+QUq/a25g5Bf4OuAyfUaeyDBwkInHVdtD4 QmqixmjFW6v6 =6I5N -----END PGP SIGNATURE-----
--- End Message ---
