Your message dated Thu, 03 Sep 2020 19:04:27 +0000 with message-id <e1kdux5-0004qp...@fasolo.debian.org> and subject line Bug#969467: fixed in miller 5.9.1+dfsg-1 has caused the Debian Bug report #969467, regarding miller: CVE-2020-15167 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 969467: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969467 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: miller Version: 5.9.0-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for miller. CVE-2020-15167[0]: | In Miller (command line utility) using the configuration file support | introduced in version 5.9.0, it is possible for an attacker to cause | Miller to run arbitrary code by placing a malicious `.mlrrc` file in | the working directory. See linked GitHub Security Advisory for | complete details. A fix is ready and will be released as Miller 5.9.1. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-15167 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15167 [1] https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: miller Source-Version: 5.9.1+dfsg-1 Done: Stephen Kitt <sk...@debian.org> We believe that the bug you reported is fixed in the latest version of miller, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 969...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stephen Kitt <sk...@debian.org> (supplier of updated miller package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 03 Sep 2020 20:49:39 +0200 Source: miller Architecture: source Version: 5.9.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Stephen Kitt <sk...@debian.org> Changed-By: Stephen Kitt <sk...@debian.org> Closes: 969467 Changes: miller (5.9.1+dfsg-1) unstable; urgency=medium . * New upstream release, fixing CVE-2020-15167. Closes: #969467. * Adjust debian/copyright and debian/watch to exclude unlicensed Go code. Checksums-Sha1: bc3b8a5ba5a68a6f8fe961c5113e5fec84f9665f 1842 miller_5.9.1+dfsg-1.dsc 6f1368614d8a1a1e9e45634219577ebedd233716 4180508 miller_5.9.1+dfsg.orig.tar.xz bb8f01a4a961832d5b1ecfa94d9d4a76865b0caf 3980 miller_5.9.1+dfsg-1.debian.tar.xz d7dd1e8e112fef0b0b9fadf22cf49ad01c948b65 5907 miller_5.9.1+dfsg-1_source.buildinfo Checksums-Sha256: 13f95fec18ed70f8614fb0902bea683936208981c07dc222b62ca862842b6ede 1842 miller_5.9.1+dfsg-1.dsc 9405ad2b061208af0c03f5d8be2b2f8a45830085625903902ccd70689efb93f7 4180508 miller_5.9.1+dfsg.orig.tar.xz 233cfc2ba3e5ac9799f1b8bc0fa11891abf8d8af08aa46b04d2893a38f5d2d12 3980 miller_5.9.1+dfsg-1.debian.tar.xz f1c4be39081594d5c400efe0ec9aef2e643ec22a3ba399dfa279f49558905935 5907 miller_5.9.1+dfsg-1_source.buildinfo Files: aba9ee001c3f83a8eef5625f7f69817a 1842 utils optional miller_5.9.1+dfsg-1.dsc 7897004a2370ab21be7124b9fa509af0 4180508 utils optional miller_5.9.1+dfsg.orig.tar.xz b2ade89034787fe051b93bd22b0ff54f 3980 utils optional miller_5.9.1+dfsg-1.debian.tar.xz 5c65e6f19d32810700f9a55fd0eb71bd 5907 utils optional miller_5.9.1+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnPVX/hPLkMoq7x0ggNMC9Yhtg5wFAl9RO1IACgkQgNMC9Yht g5yL/A//Vqt7GFfpwm7pRy+LuOPwrUChwyci3Kg7MVSLGE0kAyOS7N9XNX6ras2F ik+4eVM0vic3RbfcxC6PBrtAMnWYUmwkLMvltC9B7AbTo3Mtbe/D+UD0KburUg6p z0tS9P0svflQX5xKe/bzMMQrxuJQJtj9urQ75k93s2l+DlyBd/1p4pBCOc5uboo6 mm4tGNpOcC9VnGCj/emeToFz1muzukpOoZaW0rM+GuqnPz83+MElaC7XYCfGmXiP C2dfdzT7ygOLKpjRQwUvuwjiUYM4McW5dB8mmlXGY3dnC3XeSmyOQqMo4QB/x2tO SlT6dAEUlhrdhEZPGx4RMsI69p+sD1JeiTXt6bTvrCKnz+ecKnqSNpUAu7NpBdDH SJN110xeEmSYcj5lDvdSXCQZHjJhj+6j0TNyQbdENoMS+iqkw5J5PDOFjs0+3fzh GYZp1S7GIBy911QqVIXWx6SPUco3FA9Ju8k1VELEeFmucpZccIWIDC48NbS1sSjl rI3/dN11YWY2GxkyRiI0vCr6oT+BOlmjjYtqcfDqaxUKx8jbXUsaxt6I9awV9ICg VhQbzw1uSfka90yj1nyHdgNs9QxNUl4MNuREs8kwx6t1zWEiEK4pZsiX9T1gVOY7 x74tU86v3yBgj+gU3mB51mUgd7tJUwaHNQLye6XDqgww2uAe1rQ= =s2ln -----END PGP SIGNATURE-----
--- End Message ---
