Your message dated Tue, 24 Jul 2018 17:19:57 +0000 with message-id <e1fi0yb-0001v2...@fasolo.debian.org> and subject line Bug#904255: fixed in network-manager-vpnc 1.2.6-1 has caused the Debian Bug report #904255, regarding network-manager-vpnc: CVE-2018-10900: privilege escalation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 904255: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904255 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: network-manager-vpnc Version: 1.2.4-1 Severity: grave Tags: patch security upstream Hi, The following vulnerability was published for network-manager-vpnc. CVE-2018-10900[0]: local privilege escalation A user with enough privileges to create the vpnc connection entry (group netdev for instance), can use the flaw in network-manager-vpnc to escalate privileges. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10900 [1] https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc Update for stretch is already in preparation. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: network-manager-vpnc Source-Version: 1.2.6-1 We believe that the bug you reported is fixed in the latest version of network-manager-vpnc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 904...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <bi...@debian.org> (supplier of updated network-manager-vpnc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 24 Jul 2018 18:54:43 +0200 Source: network-manager-vpnc Binary: network-manager-vpnc network-manager-vpnc-gnome Architecture: source Version: 1.2.6-1 Distribution: unstable Urgency: medium Maintainer: Utopia Maintenance Team <pkg-utopia-maintain...@lists.alioth.debian.org> Changed-By: Michael Biebl <bi...@debian.org> Description: network-manager-vpnc - network management framework (VPNC plugin core) network-manager-vpnc-gnome - network management framework (VPNC plugin GNOME GUI) Closes: 904255 Changes: network-manager-vpnc (1.2.6-1) unstable; urgency=medium . * New upstream version 1.2.6 - service: disallow newlines in configuration values (CVE-2018-10900) (Closes: #904255) * Bump Standards-Version to 4.1.5 * Drop no-longer needed Breaks/Replaces Checksums-Sha1: 918180e0b86ba74be7955113732c9d15fd473258 2282 network-manager-vpnc_1.2.6-1.dsc 9171ce12542994b1397fbecbccdedc2411ed33ff 417412 network-manager-vpnc_1.2.6.orig.tar.xz b7651691849eb3f583bc8f63971db3746fe6a94e 6240 network-manager-vpnc_1.2.6-1.debian.tar.xz 730d8d9c7954357a4b8e3709ddf3af812e30bf98 6975 network-manager-vpnc_1.2.6-1_source.buildinfo Checksums-Sha256: f6030ea86dc797a56011b901aaa51e51e2d4473ce0dd037a63b35d32f28c5d5d 2282 network-manager-vpnc_1.2.6-1.dsc de4fd059c4c08365a40b32b6f6fad9674f556724b4bbeb1f9d4473ac19a745cb 417412 network-manager-vpnc_1.2.6.orig.tar.xz 570f7140e191397a56f6bf99100e47853cc0cab104cd6680e6b6dcfb5b07d019 6240 network-manager-vpnc_1.2.6-1.debian.tar.xz b45a0a454602a5d603b27639325255f5ae24074ab5695bbd63b8eb9c3f8495be 6975 network-manager-vpnc_1.2.6-1_source.buildinfo Files: 48c761761c687f61909a653d4e043e8f 2282 net optional network-manager-vpnc_1.2.6-1.dsc 4e88a3bde38e3921c2adb9983fb9d09f 417412 net optional network-manager-vpnc_1.2.6.orig.tar.xz 9c61ef0520538ef742633c8da3f3818d 6240 net optional network-manager-vpnc_1.2.6-1.debian.tar.xz 7594b21de79fb7b077269e708f01e70c 6975 net optional network-manager-vpnc_1.2.6-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAltXWpYACgkQauHfDWCP ItwS8w/9FODrDI8skLbAVZPDuppAwIjm1MZn1VK8yW64+N/8H7BF84J2slAz4nra 9FqQFkbb2kbxAEWLiJnm0KSXwMM9SLdbXOPBicrMA9qZHRM3CsfbJBaqHlt8c+lJ xdWjuG4hZAF3OnrchuJOOzhDdkOa5Nuv8EoRDHmTVfCfdnx5Kvl4tQCfGcLLqvCd oBb2ubD5WZVQ7q8Z79xba5pmbsDOLMvm+UfIfJ43j7vqSlbBgjXaEQlCll4aCivo M8ytM94tis+OoX6AQ8VxfueSJ3J/F9CckOIqQFAgfo6H867M7VchJb/ZbcvG9BIp ZFSssgj4RKW9rCMi4nBNP44J9QcxCdLnK6t6mfl0lRxiLsfdOmSd1VlPkh5jA+Cp /gkrJKGdyJXHDumRhecXWqNcsSEGozaXc4e6s8fp2z/SSNmpDE8zMjo5x4SzK57n 1ORLVWgmTAkuBeyjvxcQ5OsjBtXmz3n9ekMfILN60bRPr42ajdNARGFeSkEstRgW 11iLoQ9fZmhAnFS6ODI8qZszoqLTFJvySqRwyVu35/cu7q2g/VSDUkCe/MlD50gJ 02UnLrSgXyMhjrr/qk+zAPu4NT6cVSw/tuqe7NysGLI2xx1InSi5OQhTohdCTLO1 DvkiNpCi4yW0ShNJLbnt1MSGgRXCILItIpAviTetr/fAuKxNZdw= =whjw -----END PGP SIGNATURE-----
--- End Message ---
