Your message dated Tue, 17 May 2022 21:33:46 +0000
with message-id <e1nr4p8-0005tg...@fasolo.debian.org>
and subject line Bug#992297: fixed in gitit 0.15.1.0+dfsg-1
has caused the Debian Bug report #992297,
regarding gitit: CVE-2021-38711
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
992297: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992297
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gitit
Version: 0.13.0.0+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 0.12.3.1+dfsg-1
Hi,
The following vulnerability was published for gitit.
CVE-2021-38711[0]:
| In gitit before 0.15.0.0, the Export feature can be exploited to leak
| information from files.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-38711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38711
[1] https://github.com/jgm/gitit/commit/eed32638f4f6e3b2f4b8a9a04c4b72001acf9ad8
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gitit
Source-Version: 0.15.1.0+dfsg-1
Done: Scott Talbert <s...@techie.net>
We believe that the bug you reported is fixed in the latest version of
gitit, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 992...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott Talbert <s...@techie.net> (supplier of updated gitit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 10 May 2022 23:05:19 -0400
Source: gitit
Architecture: source
Version: 0.15.1.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Haskell Group
<pkg-haskell-maintain...@lists.alioth.debian.org>
Changed-By: Scott Talbert <s...@techie.net>
Closes: 992297 1009770 1010067
Changes:
gitit (0.15.1.0+dfsg-1) unstable; urgency=medium
.
* Team Upload.
* Update to new upstream release 0.15.1.0 (Closes: #992297, #1010067)
* Replace mime-support with media-types in Recommends (Closes: #1009770)
Checksums-Sha1:
242b58a0ebcf72b59c27c426d1e8c77c0286c277 6287 gitit_0.15.1.0+dfsg-1.dsc
0555f5b2d4a525ecf32c299dcc023a9efa988c6e 164604 gitit_0.15.1.0+dfsg.orig.tar.xz
3bb20af1cdbfaa85aa6baa023dcc4242087e3c84 10968
gitit_0.15.1.0+dfsg-1.debian.tar.xz
516e6efaf99800425295827784036cc20f99b88b 23658
gitit_0.15.1.0+dfsg-1_amd64.buildinfo
Checksums-Sha256:
f5094474a5a6cc6e579212a9bba04f8b262d8cfb1ad6f07186410a73b7fbced7 6287
gitit_0.15.1.0+dfsg-1.dsc
3ddc4de66e797a90b4cd25fa655b57619e53f80501fcc57434bd4f81040e8f0e 164604
gitit_0.15.1.0+dfsg.orig.tar.xz
245380746fb6bd6c661d3c67546b53d3318162318dc69257a81ae2463f451907 10968
gitit_0.15.1.0+dfsg-1.debian.tar.xz
859e0b93afdc4b636018b17948a09c0b4d26e52fbabcd1581361c3338093ec21 23658
gitit_0.15.1.0+dfsg-1_amd64.buildinfo
Files:
a42366c50da983afeb1c1c04ee61d2b7 6287 haskell optional
gitit_0.15.1.0+dfsg-1.dsc
d92206cddf64c2189ba48799b9457156 164604 haskell optional
gitit_0.15.1.0+dfsg.orig.tar.xz
d3bd615d2f7505f5160ada9be3b7e231 10968 haskell optional
gitit_0.15.1.0+dfsg-1.debian.tar.xz
0602c2f095d9037343ddd6029f1bac01 23658 haskell optional
gitit_0.15.1.0+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEbnQ09Yl9Q7F/zVe3U9W8ZLUjeKIFAmKEEmEPHHN3dEB0ZWNo
aWUubmV0AAoJEFPVvGS1I3iiqDUP+wU2YEi8NgV2Z1hTSQ1dYXGbu8gtijUFmHnk
YFu2s2HEJoMPPuSUnYXAhfkjHqlIwVlZtqtn8PrxTz1a2W0SMXB6e3D7oMezEwO3
e6/ytOns3xlU2H9280CDDJHV8P+Viw6969aNK5zNdK7BSvYv18g7uM6b4W0YvXsn
NFK96JStNT/aY7nHPTSzkOWyfGhx1nXWwfEtJX9MmwuM6h52YRXJAwOgz5LM7vwx
z+AFQ7x4BPHkNIuk3CU8W45/QQWgTLxGa0yRn/tBPQcJOF36EIrUV189Z/2m2Wwk
CbbPkiXwL1N9ysKmUDleyxh3BdYixL2gOnWetPHY7QvY6RJ+bz96oOFs0knlAEyc
+KX3G+P/qdX4SM/32vRV60/yPz6NmuThaYmJYvzkiFhc+oHOHdIkfU0EngiWGlsC
9k7ZVfmhCaRcoGLL6yLV+1n6xJyIdF97GeIsiBHREz7K1n4hrXrKEUk5NTGVWOJI
R46whOcAZKQFllCWs8a1UHKWne1Sdm3LMQ3fFvVjY6WGB0otM32Pf67IckgdKh/o
Fuh0JSL43epOH07eKJZctBoP1yLwUZ8rz7ZY+oa7otQrcXKJ5X13i2oLrCRQQr/7
IZeqx0rqoMRzH+pVqjZn3JQoFJTaink5t0DuS2uqPXON37yZHnuGBrF7hoCfnhdA
mPssWpj+
=QqRk
-----END PGP SIGNATURE-----
--- End Message ---
