Your message dated Wed, 22 Mar 2017 07:33:44 +0000
with message-id <[email protected]>
and subject line Bug#858379: fixed in pcs 0.9.155+dfsg-2
has caused the Debian Bug report #858379,
regarding pcs: CVE-2017-2661: Improper node name field validation when creating
clusters leads to XSS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
858379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858379
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pcs
Version: 0.9.155+dfsg-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for pcs.
CVE-2017-2661[0]:
Improper node name field validation when creating clusters leads to XSS
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-2661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2661
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1428948
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pcs
Source-Version: 0.9.155+dfsg-2
We believe that the bug you reported is fixed in the latest version of
pcs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Valentin Vidic <[email protected]> (supplier of updated pcs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 21 Mar 2017 20:37:55 +0100
Source: pcs
Binary: pcs
Architecture: source
Version: 0.9.155+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian HA Maintainers
<[email protected]>
Changed-By: Valentin Vidic <[email protected]>
Description:
pcs - Pacemaker Configuration System
Closes: 858379
Changes:
pcs (0.9.155+dfsg-2) unstable; urgency=medium
.
* Add upstream fix for CVE-2017-2661 (Closes: #858379)
Checksums-Sha1:
372af5565d20185b3bf5544b20759f6c961b4b25 2213 pcs_0.9.155+dfsg-2.dsc
2e4e5ed29a0572eed06be7c425aede8f356ee770 168388
pcs_0.9.155+dfsg-2.debian.tar.xz
4c7a01d64ccc006d89fb5cca3cccebcca75486b6 5383
pcs_0.9.155+dfsg-2_amd64.buildinfo
Checksums-Sha256:
fdef612a5b7fc4bb49ca3b5c80e8a04d9598bb7e41c1ba08241059c1c6414ecf 2213
pcs_0.9.155+dfsg-2.dsc
adbf9767fac392fbee94d3f2a0dff8bbaa6dc3a3a583a07236b0c5d41deb5251 168388
pcs_0.9.155+dfsg-2.debian.tar.xz
1bd49e6767e20afbb8198c8df5c15ced1cac6473a5898c002dcf3d323f738f55 5383
pcs_0.9.155+dfsg-2_amd64.buildinfo
Files:
7c39007ca6815bcbee87458081662171 2213 admin extra pcs_0.9.155+dfsg-2.dsc
ad4ced877ffb51906b6be2ee70a828dd 168388 admin extra
pcs_0.9.155+dfsg-2.debian.tar.xz
95370825a114976c682bfd5be03f49e3 5383 admin extra
pcs_0.9.155+dfsg-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEIznqOD6ZG1g01Vr2YfeYXbhOCwQFAljSJNsACgkQYfeYXbhO
CwQdSw/+IHdX1/bpGJJtBM3jEtqbKVaGU71NLF+snkKUY0U6D3I3BmtR9sGzL+/V
XELeJIpHnZ0nhGsy168t/+gROJ3SR0I5xImjQ6BFtgCYi/h/EbCfKBKMt//lQucp
OkbANkLFblSJMP6LFn0dFJ1lEJUJDo0/7HqzM+hVkMdlFKlKNaDnDlp5leVy6zil
D7kURYAkHpQuXzt8ThBKZz1CQnQhmO00h4b42a5vgacE/+4KDsXfA507n/Zop3jx
45yVfq2cUGH4qJtMUatnXqvzvhF5bxm5mxzwa2BwCu0/ZqP4iq5tWG1YtW73MoVb
T/kAMtT7+nnoBiXe8RA9zulsZHCwSNJ5qltmzLMxqi2ZyLoU1/X7reNQUcn7Us57
jHwKYMKd48pHtGEYMiF9V8q/Pe9l5YRQu75oc+MXXTQV3bwZJGNvm4+YL7fujS/2
8esgJ2rofbEoGKRjWbU2i7ARerRWcLpcZ+y1zz7zWafufyMfx0bQd1IM1ws9MBRK
T193S8YIlQw6Y+mHmL6OlWJoqGCsGrhPXzCRO/SflGknU8L+3194hoC15ehlrWYy
6/WBau9UmvuIYZzwFBYAZOycKoKnQrCUJH0c9hiiAMlBBeLsHvpi2ZgGbLJ1lLSS
M2zcazwkcsuyPusu3njIhScNLsSYds27udyrwo7DVS/RUB7UhBk=
=hPgl
-----END PGP SIGNATURE-----
--- End Message ---
