Bug#845670: marked as done (xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub)

Sun, 27 Nov 2016 03:30:38 -0800 

Your message dated Sun, 27 Nov 2016 12:28:04 +0100
with message-id <[email protected]>
and subject line Re: [Pkg-xen-devel] Bug#845663: xen: CVE-2016-9386: x86 null 
segments not always treated as unusable
has caused the Debian Bug report #845663,
regarding xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities 
in pygrub
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
845663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845663
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: xen
Version: 4.4.1-9
Severity: important
Tags: security upstream patch

Hi,

the following vulnerabilities were published for xen.

CVE-2016-9379[0]:
delimiter injection vulnerabilities in pygrub

CVE-2016-9380[1]:
delimiter injection vulnerabilities in pygrub

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9379
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9379
[1] https://security-tracker.debian.org/tracker/CVE-2016-9380
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9380
[2] https://xenbits.xen.org/xsa/advisory-198.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Hi Salvatore

On Fri, Nov 25, 2016 at 07:35:18PM +0100, Salvatore Bonaccorso wrote:
> Source: xen
> Version: 4.4.1-9

Security bugs in stable are handled by the security team.  There is no
need to write bugs.  I'm closing them.

Regards,
Bastian

-- 
Vulcans never bluff.
                -- Spock, "The Doomsday Machine", stardate 4202.1

--- End Message ---

Reply via email to