Your message dated Mon, 07 Jan 2019 16:20:26 +0000 with message-id <e1ggxda-000g7e...@fasolo.debian.org> and subject line Bug#917099: fixed in hoteldruid 2.3.0-2 has caused the Debian Bug report #917099, regarding hoteldruid: CVE-2018-1000871, SQL injection to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 917099: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917099 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: hoteldruid X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for hoteldruid. I couldn't find a bug tracker or code repository for hoteldruid but it seems you are involved in upstream development somehow. Are you aware of this issue already? CVE-2018-1000871[0]: | HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL | Injection vulnerability in "id_utente_mod" parameter in | gestione_utenti.php file that can result in An attacker can dump all | the database records of backend webserver. This attack appear to be | exploitable via the attack can be done by anyone via specially crafted | sql query passed to the "id_utente_mod=1" parameter. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000871 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000871 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: hoteldruid Source-Version: 2.3.0-2 We believe that the bug you reported is fixed in the latest version of hoteldruid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 917...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marco Maria Francesco De Santis <ma...@digitaldruid.net> (supplier of updated hoteldruid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 07 Jan 2019 12:48:13 +0000 Source: hoteldruid Binary: hoteldruid Architecture: source Version: 2.3.0-2 Distribution: unstable Urgency: high Maintainer: Marco Maria Francesco De Santis <ma...@digitaldruid.net> Changed-By: Marco Maria Francesco De Santis <ma...@digitaldruid.net> Description: hoteldruid - web-based property management system for hotels or B&Bs Closes: 917099 Changes: hoteldruid (2.3.0-2) unstable; urgency=high . * Added a patch to fix sql injection in gestione_utenti.php with variable id_utente_mod. (ref: CVE-2018-1000871) (Closes: #917099) * debian/control: updated Standards-Version Checksums-Sha1: 2d4c25719a9d0d220afc9f56a7d458697a08f4c2 2010 hoteldruid_2.3.0-2.dsc f50077ffa65fd848758b786a4dbf2d905aaa6848 42928 hoteldruid_2.3.0-2.debian.tar.xz 89ec3d195ab0925cf6322c54cb6ac148c759e1d0 5319 hoteldruid_2.3.0-2_source.buildinfo Checksums-Sha256: 3f8f7c993ae27b17d6fd780498caa466bdd6c952084185b47bc6282851596690 2010 hoteldruid_2.3.0-2.dsc 185aec8626904882bd4a9bb54a536ad500d17e63e471ed5fca9e99d6940cf3e2 42928 hoteldruid_2.3.0-2.debian.tar.xz e0506cfabeafc48665f0595b83ad6cd699346b80fd86a53a5e69a5b920453769 5319 hoteldruid_2.3.0-2_source.buildinfo Files: bf3212516d3c870a97e8ae371862fa7c 2010 web optional hoteldruid_2.3.0-2.dsc 82272e261fbe5ff54014118d49fadec0 42928 web optional hoteldruid_2.3.0-2.debian.tar.xz aaf0e7f3d17a3439d1e1cf9cec84bfca 5319 web optional hoteldruid_2.3.0-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAlwzeN0ACgkQweDZLphv fH4O+hAAwTriuiyvTE/j40ZYxYMNP9igd5QYJSWv0A+6MIVxxG2hblTqqePqM7a8 8pnt1WRabAZBRdwQnla5ykY/QlsibmFn/jChfjdGpZfMEYqlsjbKRfC1yl9gA8m1 Ypl1IWwJs5kAfQXGJnseEy0CUrgWigqPtsYW6KAoe4i3c1FcFzvKDdcFby8jr6Kj Q1/nsXiiB4aJdF1taodAdesVZnxmhC/ekVEAT9Fo9FH3I5qjkMN8f4e2rwwwG0JM 1wrnxAa0uwk+7gOeEg3dDfeBxvJFE1j0urg30GDRYwguzDR5ptd0uSbieP4vadZu 4fV5X1opBI6TznGS8etC8TNyW5uu3VaTibH5ioTEy4MGNfpiqSmA9Dl7SnvodySw 8WBPGTbauDIkZX4+iRXeyah2xRwaI0Gd1w/dxph9hVVBgSxU0MljJAD/6EBSzotB dl3mDR2BccTNiCkP8LkxnPyexRsYpaXsG+HvY2TBmtWEuDO6/V4vkQetksMQMXu6 /3YeIFEyDHbv+WGrDX9idUxFZA45sw86KFzb/Fb99hU+w1IgHvGFtPn2joEyqfmt erXjyvF+Qh34Wk9AJdKC8mhKRj4vp1bTpknGadgKY5tkuofzIuhk+Pep3bgkB80z 5pLLK3QmGzzS1YCvESjTmQiStjqz0KejQfEeGSK47E/TUwpr/mg= =Dv0U -----END PGP SIGNATURE-----
--- End Message ---
