Your message dated Mon, 05 Mar 2018 01:20:28 +0000 with message-id <e1esenk-000awu...@fasolo.debian.org> and subject line Bug#887306: fixed in obs-build 20180302-1 has caused the Debian Bug report #887306, regarding obs-build: CVE-2017-14804: Exploit extractbuild to write to files in the host system to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 887306: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887306 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: obs-build Version: 20170201-1 Severity: grave Tags: security upstream Forwarded: https://bugzilla.novell.com/show_bug.cgi?id=1069904 Hi, the following vulnerability was published for obs-build. I noticed the SUSE entry while checking for another issue for osc, and note I'm completely unfamiliar with obs-build, so if you think this needs an update as well for stable and oldstable, contact team@s.d.o for double checking. To be on the safe side, chosen severity grave. CVE-2017-14804[0]: build: Exploit extractbuild to write to files in the host system If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14804 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14804 [1] https://bugzilla.novell.com/show_bug.cgi?id=1069904 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: obs-build Source-Version: 20180302-1 We believe that the bug you reported is fixed in the latest version of obs-build, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 887...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Héctor Orón Martínez <zu...@debian.org> (supplier of updated obs-build package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 05 Mar 2018 01:40:32 +0100 Source: obs-build Binary: obs-build Architecture: source all Version: 20180302-1 Distribution: unstable Urgency: medium Maintainer: RPM packaging team <pkg-rpm-de...@lists.alioth.debian.org> Changed-By: Héctor Orón Martínez <zu...@debian.org> Description: obs-build - scripts for building RPM/debian packages for multiple distributio Closes: 887173 887306 Changes: obs-build (20180302-1) unstable; urgency=medium . * New upstream release * debian/patches: refresh and fix current builds * debian/patches: update * debian/control: bump standard version, replace priority * debian/control: add recommends and suggests (Closes: #887173) - add e2fsprogs as recommends and suggest btrfs and xfs tools. * Fixes CVE-2017-14804: - Exploit extractbuild to write to files in the host system (Closes: #887306) * debian/control: add python depend per openstack-console script. * debian/rules: fixup build-vm-openstack execution. Checksums-Sha1: 1db5d889872b62fc36a8d00790f0c8fc9c9dd7bb 1871 obs-build_20180302-1.dsc 1273e3637580db135e5417c532c7aa019be0f1ba 296953 obs-build_20180302.orig.tar.gz 9527d8bcf54177d887e168769761fb1c760e4c0f 5964 obs-build_20180302-1.debian.tar.xz ed1d9b85ab3594d527818352367149a9919cd180 166188 obs-build_20180302-1_all.deb 90aed13a8b66f24419dc40509bd71317847c1823 5543 obs-build_20180302-1_amd64.buildinfo Checksums-Sha256: 9b998725a97e3d52e5078eaf27244ea8565b64ffba0d79970c59331f05959625 1871 obs-build_20180302-1.dsc 00128c7b87f3a6595e3f9eb94e925fe077672cbfa5f5e11626b9da0be4993db2 296953 obs-build_20180302.orig.tar.gz 949ff25816f39da4a746e4b0ae204cb81d6ddf8af8f0761e76c31428c6a2a434 5964 obs-build_20180302-1.debian.tar.xz 0ba0cfb091bba7cb4bcd0418931f1b0903649394bada871ffb8709f2facbe440 166188 obs-build_20180302-1_all.deb 621ccff1b5f7c1e6a6341f2cb755f1c41f77473507dcc2e3e2718f9885352c69 5543 obs-build_20180302-1_amd64.buildinfo Files: 0d202a46a614cbafb7b2a171c69f9725 1871 devel optional obs-build_20180302-1.dsc 96aff5d20f09209902ff1943061eca8c 296953 devel optional obs-build_20180302.orig.tar.gz 8031d58811650110df4a23aa8d6b273b 5964 devel optional obs-build_20180302-1.debian.tar.xz 598aa807ce2accdbb5fff329bfc4e259 166188 devel optional obs-build_20180302-1_all.deb 7bf08f33adc33ec42c62afd934958d32 5543 devel optional obs-build_20180302-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE6Q8IiVReeMgqnedOryKDqnbirHsFAlqcl60ACgkQryKDqnbi rHugAhAAj0LXkAvQpNb3shN0wsXDqE2vxpB62HMZm+2EYREJ5e6XXri3H++FHe2p QvvjZm5kayTb52S5+TFyVN752tWnnNW9L+Z/RISefy6/oCg3B5xzcTfyznMXtlVc HQkKVO9wHI+1kUXG1vfLA1fDPg/JlmuhqtPiqILRh1G2EUchXZQRB3L7iYZo5QPz v0uCskw45fE82+XWI5C3DQ7RnztYLV+Pg3IqtpvKb4Lq2KCbdpTcyG85+P92JRE+ 8aE1jjdMqGcZ0h4gTT8MV272xSnjsvYH1KP46Q+HpHNOTmHm76J5fBBq5vfyxJ2p IkaC+oZk7SLVGOTfNcQGmrPN68b50BagnWRenC9rdskshU8ByDWwuBis8o2tDl0L 2IA/ZhiicR5mhiQHdikLtTEtiMkBzRGCXWoqLXxD+FKOZTR0qqyegh5G2mXyNzIT +ZOqeZJTyA0+xxN85qYTQMMr4IeqHn3RzmcEIWfMQUex7/cpNpWTvaMqjPDCOtN1 uDo8ZDz3L1w+TpT1ccBXKcBH6p4Yzixyzav+FwRTXtsbnggJRjU8FFintoHHpjdH 2cXbKpodx/UIfZwcwqBdEMBxlFyNQc/aLai+Q5Sgg2vDqOM17jy+lagsnV3ZiJu8 R0KuzrPqwRWC3LTmHbCJiQJ1roumiAfyYXZb1D/xzSr+zs0HWIs= =HA+D -----END PGP SIGNATURE-----
--- End Message ---
