Your message dated Sun, 10 Feb 2019 17:19:30 +0000
with message-id <e1gsslo-000cev...@fasolo.debian.org>
and subject line Bug#921131: fixed in yum-utils 1.1.31-2.1
has caused the Debian Bug report #921131,
regarding CVE-2018-10897
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
921131: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921131
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: yum-utils
Severity: grave
Tags: security
This was assigned CVE-2018-10897:
https://bugzilla.redhat.com/show_bug.cgi?id=1600221
https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c
https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c
https://github.com/rpm-software-management/yum-utils/pull/43
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: yum-utils
Source-Version: 1.1.31-2.1
We believe that the bug you reported is fixed in the latest version of
yum-utils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 921...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <hol...@debian.org> (supplier of updated yum-utils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 10 Feb 2019 18:05:09 +0100
Source: yum-utils
Architecture: source
Version: 1.1.31-2.1
Distribution: unstable
Urgency: medium
Maintainer: Mike Miller <mtmil...@ieee.org>
Changed-By: Holger Levsen <hol...@debian.org>
Closes: 921131
Changes:
yum-utils (1.1.31-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply patch https://github.com/rpm-software-management/yum-utils/
commit/a792d21b55337add2327d1c7d6d000862c717eef to check for .. in remote
paths. Closes: #921131 / CVE-2018-10897
Checksums-Sha1:
49a6c67d647c5688084d1cf74c0506de23032d51 1929 yum-utils_1.1.31-2.1.dsc
178461a6b6bd4db6160e695d2b9155c57f23bd6b 18856
yum-utils_1.1.31-2.1.debian.tar.xz
9bf668dd8e4838b70d296574a548b68900b99342 6295
yum-utils_1.1.31-2.1_source.buildinfo
Checksums-Sha256:
18eb08d102532ea3ca193c348c5cc35e76a72c88b893fac4bd57a9e65f11fbaa 1929
yum-utils_1.1.31-2.1.dsc
fbb3a69ec9b07d193755d79c545a86c4e1e405220944e30e9db6cfeef21ebef7 18856
yum-utils_1.1.31-2.1.debian.tar.xz
58f9fc58ed5b3b5e977e5f05a30d556c5bb4eb0a056c4ea8ece02300483c5718 6295
yum-utils_1.1.31-2.1_source.buildinfo
Files:
2b0afc6ceff56301afae4abcf91bfbe0 1929 admin extra yum-utils_1.1.31-2.1.dsc
9088c04bfb4ab36d3a22bd530aaf952a 18856 admin extra
yum-utils_1.1.31-2.1.debian.tar.xz
26b568acc158cd3db93347263236cadf 6295 admin extra
yum-utils_1.1.31-2.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAlxgWoEACgkQCRq4Vgaa
qhybGg/+NszqsFxgxQBC8B36UupANUBXjT80UyMPYReS49Yb+b6kTFvXpZAeZMWz
Berx5+sx2Y+y/ul2YV3zNGIVOuya1M9gXeEs4CwAOD4KZxeJptYlRs4XMuKQ/FXP
fxO2JaA6hrd8mdDBM/JbNWxI72EARWTqN1RSmZ73tT792OvkpP5KJe0EZDQSIBMX
SCH2Y0cKykcFus+klgw9WUzYwUU8NWz4CkVJ8LVc2G4YfkO30MCAYWYziea2rlSF
fkJIQOYRo14O1hzgv8a8VJ+BSGoAVKKdNPgXtRVHpwd+I5ag4UcyCyO3oIcLvgVK
ei1X8f2VJW2/vIHeDu1PK+oRhvW+VJBf1xABIbmNu5v54lMWHFLUOindXJoTvCjZ
FVYv0ez8HF5Eu6UPr7jCFNXSlrCcWD34RgdN3VBjMTaidK9ALzGys0vg8ubkW+4T
iADuFugs42g69en7Z+4RjipipuITcrFZlt2uGKVsRpLQmm8ldFXBY4Uhyxjbbv/o
8UdDFeOFvd5Om88ZqZfTS5LJzGQwq0UidqqACC5DRgwbethH8vjzlu0yBnysxPW4
eR28tZU/Hfj9dm5JprWO+KwQrUFVpUddRCrq+raRrKyEUYuaa4VUlVOpWP2kHlY0
2zIvna7Yn5qqKOAO+lcCjEKctIwwnWheOn6R8L4Obgb86budPCU=
=1/g6
-----END PGP SIGNATURE-----
--- End Message ---
