Your message dated Mon, 05 Aug 2019 10:50:10 +0000 with message-id <e1huaz8-000cb9...@fasolo.debian.org> and subject line Bug#933002: fixed in docker.io 18.09.1+dfsg1-8 has caused the Debian Bug report #933002, regarding docker.io: CVE-2019-13139 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 933002: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: docker.io Version: 18.09.1+dfsg1-7.1 Severity: grave Tags: security upstream Forwarded: https://github.com/moby/moby/pull/38944 Control: fixed -1 18.09.5+dfsg1-1 Hi, The following vulnerability was published for docker.io. CVE-2019-13139[0]: command injection due to a missing validation of the git ref command If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13139 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139 [1] https://github.com/moby/moby/pull/38944 [2] https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: docker.io Source-Version: 18.09.1+dfsg1-8 We believe that the bug you reported is fixed in the latest version of docker.io, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 933...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Arnaud Rebillout <arnaud.rebill...@collabora.com> (supplier of updated docker.io package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 05 Aug 2019 15:27:57 +0700 Source: docker.io Architecture: source Version: 18.09.1+dfsg1-8 Distribution: unstable Urgency: medium Maintainer: Arnaud Rebillout <arnaud.rebill...@collabora.com> Changed-By: Arnaud Rebillout <arnaud.rebill...@collabora.com> Closes: 932673 933002 Changes: docker.io (18.09.1+dfsg1-8) unstable; urgency=medium . * Make myself the maintainer, and Dmitry uploader. (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908868) * Add upstream patches for CVE-2019-13509 (Closes: #932673). * Add upstream patch for CVE-2019-13139 (Closes: #933002). Checksums-Sha1: 91511db1c88d949f537599c93d4468d87a72842f 8976 docker.io_18.09.1+dfsg1-8.dsc 272d2865048e4cf609fe28be8ebbe9ba32e58371 51164 docker.io_18.09.1+dfsg1-8.debian.tar.xz 9beaf7c51b8b8ee69515b2dd50d4d61dd67f4e31 7145 docker.io_18.09.1+dfsg1-8_source.buildinfo Checksums-Sha256: 776b87288940d0edee6d84e12d65f6363a914ae06513b30a70fa201f44c6a01e 8976 docker.io_18.09.1+dfsg1-8.dsc 602ae70c7880c231fb7f0aaf2abd15ffa188dd3aafba1c8f943e625d10068a39 51164 docker.io_18.09.1+dfsg1-8.debian.tar.xz c00cd7742477a1eae7a5b931a31313b207a0e9f0acb6c3e346744f7cd0f4f047 7145 docker.io_18.09.1+dfsg1-8_source.buildinfo Files: 2532282651d4c1e5b6521c99cf4e84f1 8976 admin optional docker.io_18.09.1+dfsg1-8.dsc 03e729db977bcc4f3214c76463185a04 51164 admin optional docker.io_18.09.1+dfsg1-8.debian.tar.xz 63d32952f619d5cb016966b4ca6d4630 7145 admin optional docker.io_18.09.1+dfsg1-8_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJTBAEBCgA9FiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAl1IBn4fHGFybmF1ZC5y ZWJpbGxvdXRAY29sbGFib3JhLmNvbQAKCRDnJeh5FGACFth7D/4lct1ivGkbzyN3 aw9Gk6iXgh4Vkk5gbnPANtb/Maky2g7fNO1gBQDibr+/WVZ5ZadmuhgvSh6HqK1F LnzvQKiUJ7iwtJTy3/mBItmrxB3gRE7OJMuQwY57aZy4V9ayN+7E/Exerz4HA4vk 7220f31rdK8JDiwJMG1dFjEFvlvh4Rvnic8iW49p78NSr+b1GjOBkqFiKx99ZMDF PORhOieFbFjxyeQTmiveFx22vLW+SW+WQjJvlpIMGmP7LUZNkGeFq0thdnau1C3k R6P1mckZbauJW7JWddUAUsOf0uEHYwtRhuCPNjH7xQUl4auINCXUHunxhQWkD7Eg mapg1GOttKrC/JxwVF9Q57vYXWN1fBzf0plulJ7MejTSHjmHO+2dWFF3f8m2Fmq2 hnnf01zzP6wNpyCcdF6gjeO8iTAmrtfqOxD5pA+vLyTHy/NHSqL650yC+S9bdv+H FlZaI43UmkcBarJ1UI7U1jOCLkA6O+reDgcFwt1VbTh4TNZ1N0gS9xi1sy4+W9Ts o8z8sj6D5ld11+pLyhRDoKNq4L1Al6URqljZxCnNntMzIeq5W0kS8SQAKDpA5T9v 0cnU3ZfimyjQKilVNXxOUGwYHlgyUjVfHL+2sPzkE4fP7jksIyvYkpuaZsJV/0hy eD+8wSpYfx1X+orGoPqxgbRcxC2giQ== =NP8A -----END PGP SIGNATURE-----
--- End Message ---
