Your message dated Fri, 09 Feb 2018 21:51:34 +0000
with message-id <e1ekgzy-00054f...@fasolo.debian.org>
and subject line Bug#889753: fixed in uwsgi 2.0.15-10.2
has caused the Debian Bug report #889753,
regarding uwsgi: CVE-2018-6758: stack-based buffer overflow within 
uwsgi_expand_path
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
889753: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889753
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: uwsgi
Version: 2.0.7-1
Severity: important
Tags: patch security upstream

Hi

There is a stack-based buffer overflow flaw within the
uwsgi_expand_path function, cf.:

https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe

http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: uwsgi
Source-Version: 2.0.15-10.2

We believe that the bug you reported is fixed in the latest version of
uwsgi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 889...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated uwsgi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 09 Feb 2018 21:35:00 +0100
Source: uwsgi
Binary: uwsgi uwsgi-dbg uwsgi-src uwsgi-dev uwsgi-core uwsgi-emperor 
uwsgi-plugins-all uwsgi-infrastructure-plugins uwsgi-app-integration-plugins 
uwsgi-plugin-alarm-curl uwsgi-plugin-alarm-xmpp uwsgi-plugin-curl-cron 
uwsgi-plugin-emperor-pg uwsgi-plugin-glusterfs uwsgi-plugin-rados 
uwsgi-plugin-rbthreads uwsgi-plugin-fiber uwsgi-plugin-geoip 
uwsgi-plugin-graylog2 uwsgi-plugin-gevent-python uwsgi-plugin-greenlet-python 
uwsgi-plugin-asyncio-python uwsgi-plugin-asyncio-python3 
uwsgi-plugin-tornado-python uwsgi-plugin-gccgo uwsgi-plugin-jvm-openjdk-8 
uwsgi-plugin-jwsgi-openjdk-8 uwsgi-plugin-ring-openjdk-8 
uwsgi-plugin-servlet-openjdk-8 uwsgi-plugin-ldap uwsgi-plugin-lua5.1 
uwsgi-plugin-lua5.2 uwsgi-plugin-mono uwsgi-plugin-psgi uwsgi-plugin-python 
uwsgi-plugin-python3 uwsgi-plugin-rack-ruby2.3 uwsgi-plugin-router-access 
uwsgi-plugin-sqlite3 uwsgi-plugin-xslt libapache2-mod-proxy-uwsgi 
libapache2-mod-proxy-uwsgi-dbg libapache2-mod-uwsgi libapache2-mod-uwsgi-dbg
 libapache2-mod-ruwsgi libapache2-mod-ruwsgi-dbg python-uwsgidecorators 
python3-uwsgidecorators
 uwsgi-extra
Architecture: source
Version: 2.0.15-10.2
Distribution: unstable
Urgency: medium
Maintainer: uWSGI packaging team <pkg-uwsgi-de...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 889753
Description: 
 libapache2-mod-proxy-uwsgi - uwsgi proxy module for Apache2 (mod_uwsgi)
 libapache2-mod-proxy-uwsgi-dbg - debugging symbols for Apache2 mod_proxy_uwsgi
 libapache2-mod-ruwsgi - uwsgi module for Apache2 (mod_Ruwsgi)
 libapache2-mod-ruwsgi-dbg - debugging symbols for Apache2 mod_Ruwsgi
 libapache2-mod-uwsgi - uwsgi module for Apache2 (mod_uwsgi)
 libapache2-mod-uwsgi-dbg - debugging symbols for Apache2 mod_uwsgi
 python-uwsgidecorators - module of decorators for elegant access to uWSGI API 
(Python 2)
 python3-uwsgidecorators - module of decorators for elegant access to uWSGI API 
(Python 3)
 uwsgi      - fast, self-healing application container server
 uwsgi-app-integration-plugins - plugins for integration of uWSGI and 
application
 uwsgi-core - fast, self-healing application container server (core)
 uwsgi-dbg  - debugging symbols for uWSGI server and it's plugins
 uwsgi-dev  - fast, self-healing application container server (headers)
 uwsgi-emperor - fast, self-healing application container server (emperor 
scripts)
 uwsgi-extra - fast, self-healing application container server (extra files)
 uwsgi-infrastructure-plugins - infrastructure plugins for uWSGI
 uwsgi-plugin-alarm-curl - cURL alarm plugin for uWSGI
 uwsgi-plugin-alarm-xmpp - XMPP alarm plugin for uWSGI
 uwsgi-plugin-asyncio-python - asyncio plugin for uWSGI (Python 2)
 uwsgi-plugin-asyncio-python3 - asyncio plugin for uWSGI (Python 3)
 uwsgi-plugin-curl-cron - cron cURL plugin for uWSGI
 uwsgi-plugin-emperor-pg - Emperor PostgreSQL plugin for uWSGI
 uwsgi-plugin-fiber - Fiber plugin for uWSGI
 uwsgi-plugin-gccgo - GNU Go plugin for uWSGI
 uwsgi-plugin-geoip - GeoIP plugin for uWSGI
 uwsgi-plugin-gevent-python - gevent plugin for uWSGI (Python 2)
 uwsgi-plugin-glusterfs - GlusterFS storage plugin for uWSGI
 uwsgi-plugin-graylog2 - graylog2 plugin for uWSGI
 uwsgi-plugin-greenlet-python - greenlet plugin for uWSGI (Python 2)
 uwsgi-plugin-jvm-openjdk-8 - Java plugin for uWSGI (OpenJDK 8)
 uwsgi-plugin-jwsgi-openjdk-8 - JWSGI plugin for uWSGI (OpenJDK 8)
 uwsgi-plugin-ldap - LDAP plugin for uWSGI
 uwsgi-plugin-lua5.1 - Lua WSAPI plugin for uWSGI (Lua 5.1)
 uwsgi-plugin-lua5.2 - Lua WSAPI plugin for uWSGI (Lua 5.2)
 uwsgi-plugin-mono - Mono/ASP.NET plugin for uWSGI
 uwsgi-plugin-psgi - Perl PSGI plugin for uWSGI
 uwsgi-plugin-python - WSGI plugin for uWSGI (Python 2)
 uwsgi-plugin-python3 - WSGI plugin for uWSGI (Python 3)
 uwsgi-plugin-rack-ruby2.3 - Rack plugin for uWSGI ()
 uwsgi-plugin-rados - Ceph/RADOS storage plugin for uWSGI
 uwsgi-plugin-rbthreads - Ruby native threads plugin for uWSGI ()
 uwsgi-plugin-ring-openjdk-8 - Closure/Ring plugin for uWSGI (OpenJDK 8)
 uwsgi-plugin-router-access - Access router plugin for uWSGI
 uwsgi-plugin-servlet-openjdk-8 - JWSGI plugin for uWSGI (OpenJDK 8)
 uwsgi-plugin-sqlite3 - SQLite 3 configurations plugin for uWSGI
 uwsgi-plugin-tornado-python - tornado plugin for uWSGI (Python 2)
 uwsgi-plugin-xslt - XSLT request plugin for uWSGI
 uwsgi-plugins-all - all available plugins for uWSGI
 uwsgi-src  - sources for uWSGI plugins
Changes:
 uwsgi (2.0.15-10.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Stack-based buffer overflow in uwsgi_expand_path function (CVE-2018-6758)
     (Closes: #889753)
Checksums-Sha1: 
 436e5e1867eef512d674c5a64a274691da6232ca 8121 uwsgi_2.0.15-10.2.dsc
 a56d55d132e6575be08bb143cc0a0adbefdc1bd8 54796 uwsgi_2.0.15-10.2.debian.tar.xz
Checksums-Sha256: 
 5706dc9890ec41d33981b1931d1fb133d84f946e7edf1599287913d244a33188 8121 
uwsgi_2.0.15-10.2.dsc
 6fb1f008dd9cf2798c09d5b6a8e0d068dcee2f2ba2015a5ec403807a4774f572 54796 
uwsgi_2.0.15-10.2.debian.tar.xz
Files: 
 be4af3004ea01875430503c5ca6a07ea 8121 httpd optional uwsgi_2.0.15-10.2.dsc
 69657c67e3f342e61eb20244f567725a 54796 httpd optional 
uwsgi_2.0.15-10.2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlp+E3NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E63QP/iKCxZAzdLqkttJf8/bRlulsyrEagdxc
MO02CuabeRVJhMIcIZDnSSLp9LMu+qGW/S1irKkhICWzc6MIQbM/xfrLkt0jrWYU
SdA6B0uTpLhRyLtllIiP84hCiZPAWNeEPWk8Vle0z6xqOUmXQVgMt/PtDVzQgHP4
cI1jxY21bcYnDJurMfBEP/FFdO/ELNUFG0XsKoZNc1ENGsnjpOuSqKpr44NWP9xV
lu0rKUDahzhMSg1LoJ7c5zmtB5plGiAU8Z8sRhLXniiaK5h4ZMNQl0bnmB8rtI3G
AsRe11dVBz7WlU4zyECN1DTsT/FfV2sv4U9grbtdjYEm+rFm6kzzGZL60HU210so
PNaFmc5lo4GZcOcltVy83WrZc7h4YuntBaZcJ+RUN7y0oQql6rGspBi6e6kHkDIG
l6jmBkvRCj1GIs+6tJAVth66eayFNsOlSAdFmspTjoEkPVWG1crO9LuyH8g7rxuR
HYpGS2tZQ8vUYQvkZN4x9PXgzRPbuG3yijGjNJXqBNbCtcEond4vzmhsI04FyeQZ
ZS1X3ltKBSxg5pndOwrEfrDM+TnC60XShRwcK/7DI0htkBdpLfC8fWN67rKJOTbU
w9en+BXL8BqwzQvm4Q87hvkgyJydVGyZFJIa5R61PyF1qwECcIUhZj2+zBi7BFfm
Ad9seMvaw5w4
=VTZj
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to