Your message dated Wed, 19 May 2021 20:20:34 +0000 with message-id <e1ljsge-000gx4...@fasolo.debian.org> and subject line Bug#988735: fixed in pglogical 2.3.3-3 has caused the Debian Bug report #988735, regarding pglogical: CVE-2021-3515 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 988735: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988735 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: pglogical Version: 2.3.3-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for pglogical, please lower the severity if you strongly disagree. CVE-2021-3515[0]: | Shell injection by pglogical users with CREATEDB access No description was found (try on a search engine) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3515 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3515 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1954112 [2] https://bugzilla.suse.com/show_bug.cgi?id=1186121 [3] https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: pglogical Source-Version: 2.3.3-3 Done: Michael Banck <michael.ba...@credativ.de> We believe that the bug you reported is fixed in the latest version of pglogical, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Banck <michael.ba...@credativ.de> (supplier of updated pglogical package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 19 May 2021 19:07:56 +0200 Source: pglogical Architecture: source Version: 2.3.3-3 Distribution: unstable Urgency: high Maintainer: Debian PostgreSQL Maintainers <team+postgre...@tracker.debian.org> Changed-By: Michael Banck <michael.ba...@credativ.de> Closes: 988735 Changes: pglogical (2.3.3-3) unstable; urgency=high . * debian/patches/cve-2021-3515.patch: New patch (taken from upstream commit 95c0e89), fixes shell injection by pglogical users with CREATEDB access (CVE-2021-3515, Closes: #988735). Checksums-Sha1: eab3fd1ee22ee2792c6f2bc412931bb23f11820b 2335 pglogical_2.3.3-3.dsc 001b180713b9528fdd3659bc25d35e44e8132e0b 182412 pglogical_2.3.3-3.debian.tar.xz fa3abc4747979784145c240e2d0e14c81360576b 7094 pglogical_2.3.3-3_source.buildinfo Checksums-Sha256: a7506fed1bec79229ad0afa668f77c8f2819ceb4e5887ba7ed9c9486edf8c736 2335 pglogical_2.3.3-3.dsc b7cd4312b6efc9f7ad84abde22ae2ec3f2b70fd1497eb9ad1044eae0dbd34950 182412 pglogical_2.3.3-3.debian.tar.xz c87dc9f061d89a42f807312018dcd31709c984015f336997f2485cff933724b7 7094 pglogical_2.3.3-3_source.buildinfo Files: f0a1d80ab5b72f60a68138d4d0247e4f 2335 database optional pglogical_2.3.3-3.dsc 9d18f6bcec11c8ff5dc5eda1756aaaff 182412 database optional pglogical_2.3.3-3.debian.tar.xz 2b936e28e5d23d227577208e2d8320f9 7094 database optional pglogical_2.3.3-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEnKh3dJ+rLk+paGLs3GhqJ7Q0gbAFAmClRlgACgkQ3GhqJ7Q0 gbAXTQ//ZAMKkw4gQsC2Oml4FIF+iNUfwYFMBMLpA0T5ffZq4pMdIgxDhfLMJHGu 1pFhVR5/tEJzVzUPiCK+7fB/NJcxR57ojWy92Ryco0n3MxQyTExhq3gbO9D4n5GW WLn28r8QfEM6mq/gBORMizhuD89VPeSSNMXJ2Aw5k747IFZwpD0MtIQe9PT1o7At Xx9/w7aLcVEgSs7++OTxWX1th8jvNtB6UzAwEQzcMIMI4oimiak7x92foeGEuev3 Atlx5p2fL9s4csW7KOwVEDeMXpvNpTeqUXXxlfreUXGZAnuxCe588hIuOrwJgnyd maA9MvYjalU/nkntWHqoNwvhjeE17d5VtXdOqHhszXnWMQr4ny4neJST4AysFXVQ 4dUExXUob3+2vpVU2nYtd3DttexXQcQwF/h8Dx+es/CCPOEeufaKajUIvY47W2J0 Hf/MvPiHJDj6J+VQOGtvrTlGW6W0ioGYvrlsc8YQn7FRCqcJMe+kQHA7Jm8UB6EV duGA7zLbFpjd8wAc7mCdBE/+LDN3XtVWqaPzc0s/41jbe+QxA/vusM1d2Rq9NHDp sYtPs3DdXZfDGbXUh7DKigzPjDrqEgdESOmiWjghAHC3Lx9Y1RalP3ux2/JWS70M gQ2A2plULm0ttIUi8Z/l0B1dgHnB1/iSt+YFhHzpyLP6fEDXkn8= =0XeG -----END PGP SIGNATURE-----
--- End Message ---
