Your message dated Sun, 25 Feb 2018 15:02:18 +0000
with message-id <[email protected]>
and subject line Bug#889753: fixed in uwsgi 2.0.14+20161117-3+deb9u1
has caused the Debian Bug report #889753,
regarding uwsgi: CVE-2018-6758: stack-based buffer overflow within
uwsgi_expand_path
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
889753: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889753
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: uwsgi
Version: 2.0.7-1
Severity: important
Tags: patch security upstream
Hi
There is a stack-based buffer overflow flaw within the
uwsgi_expand_path function, cf.:
https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: uwsgi
Source-Version: 2.0.14+20161117-3+deb9u1
We believe that the bug you reported is fixed in the latest version of
uwsgi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated uwsgi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 06 Feb 2018 22:31:14 +0100
Source: uwsgi
Binary: uwsgi uwsgi-dbg uwsgi-src uwsgi-core uwsgi-emperor uwsgi-plugins-all
uwsgi-infrastructure-plugins uwsgi-app-integration-plugins
uwsgi-mongodb-plugins uwsgi-plugin-alarm-curl uwsgi-plugin-alarm-xmpp
uwsgi-plugin-curl-cron uwsgi-plugin-emperor-pg uwsgi-plugin-glusterfs
uwsgi-plugin-rados uwsgi-plugin-rbthreads uwsgi-plugin-fiber uwsgi-plugin-geoip
uwsgi-plugin-graylog2 uwsgi-plugin-gevent-python uwsgi-plugin-greenlet-python
uwsgi-plugin-asyncio-python uwsgi-plugin-asyncio-python3
uwsgi-plugin-tornado-python uwsgi-plugin-gccgo uwsgi-plugin-jvm-openjdk-8
uwsgi-plugin-jwsgi-openjdk-8 uwsgi-plugin-ring-openjdk-8
uwsgi-plugin-servlet-openjdk-8 uwsgi-plugin-ldap uwsgi-plugin-lua5.1
uwsgi-plugin-lua5.2 uwsgi-plugin-luajit uwsgi-plugin-mono uwsgi-plugin-psgi
uwsgi-plugin-python uwsgi-plugin-python3 uwsgi-plugin-rack-ruby2.3
uwsgi-plugin-router-access uwsgi-plugin-sqlite3 uwsgi-plugin-v8
uwsgi-plugin-php uwsgi-plugin-xslt libapache2-mod-proxy-uwsgi
libapache2-mod-proxy-uwsgi-dbg libapache2-mod-uwsgi libapache2-mod-uwsgi-dbg
libapache2-mod-ruwsgi libapache2-mod-ruwsgi-dbg python-uwsgidecorators
python3-uwsgidecorators
uwsgi-extra
Architecture: source
Version: 2.0.14+20161117-3+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: uWSGI packaging team <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 889753
Description:
libapache2-mod-proxy-uwsgi - uwsgi proxy module for Apache2 (mod_uwsgi)
libapache2-mod-proxy-uwsgi-dbg - debugging symbols for Apache2 mod_proxy_uwsgi
libapache2-mod-ruwsgi - uwsgi module for Apache2 (mod_Ruwsgi)
libapache2-mod-ruwsgi-dbg - debugging symbols for Apache2 mod_Ruwsgi
libapache2-mod-uwsgi - uwsgi module for Apache2 (mod_uwsgi)
libapache2-mod-uwsgi-dbg - debugging symbols for Apache2 mod_uwsgi
python-uwsgidecorators - module of decorators for elegant access to uWSGI API
(Python 2)
python3-uwsgidecorators - module of decorators for elegant access to uWSGI API
(Python 3)
uwsgi - fast, self-healing application container server
uwsgi-app-integration-plugins - plugins for integration of uWSGI and
application
uwsgi-core - fast, self-healing application container server (core)
uwsgi-dbg - debugging symbols for uWSGI server and it's plugins
uwsgi-emperor - fast, self-healing application container server (emperor
scripts)
uwsgi-extra - fast, self-healing application container server (extra files)
uwsgi-infrastructure-plugins - infrastructure plugins for uWSGI
uwsgi-mongodb-plugins - MongoDB/GridFS plugins for uWSGI
uwsgi-plugin-alarm-curl - cURL alarm plugin for uWSGI
uwsgi-plugin-alarm-xmpp - XMPP alarm plugin for uWSGI
uwsgi-plugin-asyncio-python - asyncio plugin for uWSGI (Python 2)
uwsgi-plugin-asyncio-python3 - asyncio plugin for uWSGI (Python 3)
uwsgi-plugin-curl-cron - cron cURL plugin for uWSGI
uwsgi-plugin-emperor-pg - Emperor PostgreSQL plugin for uWSGI
uwsgi-plugin-fiber - Fiber plugin for uWSGI
uwsgi-plugin-gccgo - GNU Go plugin for uWSGI
uwsgi-plugin-geoip - GeoIP plugin for uWSGI
uwsgi-plugin-gevent-python - gevent plugin for uWSGI (Python 2)
uwsgi-plugin-glusterfs - GlusterFS storage plugin for uWSGI
uwsgi-plugin-graylog2 - graylog2 plugin for uWSGI
uwsgi-plugin-greenlet-python - greenlet plugin for uWSGI (Python 2)
uwsgi-plugin-jvm-openjdk-8 - Java plugin for uWSGI (OpenJDK 8)
uwsgi-plugin-jwsgi-openjdk-8 - JWSGI plugin for uWSGI (OpenJDK 8)
uwsgi-plugin-ldap - LDAP plugin for uWSGI
uwsgi-plugin-lua5.1 - Lua WSAPI plugin for uWSGI (Lua 5.1)
uwsgi-plugin-lua5.2 - Lua WSAPI plugin for uWSGI (Lua 5.2)
uwsgi-plugin-luajit - Lua WSAPI plugin for uWSGI (LuaJIT)
uwsgi-plugin-mono - Mono/ASP.NET plugin for uWSGI
uwsgi-plugin-php - PHP plugin for uWSGI
uwsgi-plugin-psgi - Perl PSGI plugin for uWSGI
uwsgi-plugin-python - WSGI plugin for uWSGI (Python 2)
uwsgi-plugin-python3 - WSGI plugin for uWSGI (Python 3)
uwsgi-plugin-rack-ruby2.3 - Rack plugin for uWSGI (${uwsgi:RubyKind})
uwsgi-plugin-rados - Ceph/RADOS storage plugin for uWSGI
uwsgi-plugin-rbthreads - Ruby native threads plugin for uWSGI
(${uwsgi:RubyDefaultkind})
uwsgi-plugin-ring-openjdk-8 - Closure/Ring plugin for uWSGI (OpenJDK 8)
uwsgi-plugin-router-access - Access router plugin for uWSGI
uwsgi-plugin-servlet-openjdk-8 - JWSGI plugin for uWSGI (OpenJDK 8)
uwsgi-plugin-sqlite3 - SQLite 3 configurations plugin for uWSGI
uwsgi-plugin-tornado-python - tornado plugin for uWSGI (Python 2)
uwsgi-plugin-v8 - JavaScript V8 plugin for uWSGI
uwsgi-plugin-xslt - XSLT request plugin for uWSGI
uwsgi-plugins-all - all available plugins for uWSGI
uwsgi-src - sources for uWSGI plugins
Changes:
uwsgi (2.0.14+20161117-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Stack-based buffer overflow in uwsgi_expand_path function (CVE-2018-6758)
(Closes: #889753)
Checksums-Sha1:
9da3c681ab6956c61979bdbbf5d3186e2c70e452 9170
uwsgi_2.0.14+20161117-3+deb9u1.dsc
efc5031a79d67278d927c9248ac5c4b1ef06700c 52192
uwsgi_2.0.14+20161117-3+deb9u1.debian.tar.xz
Checksums-Sha256:
39f8a1b4c14e5212fdbe2368056dfe9f02c2e0209932baaac213567d8d78b093 9170
uwsgi_2.0.14+20161117-3+deb9u1.dsc
6037a7938ef5d04afed3bb8b9f81144ed9738f84c0ecd0b1d463c3db41ac948f 52192
uwsgi_2.0.14+20161117-3+deb9u1.debian.tar.xz
Files:
2a6c9731117068fc2484fd146be3d5bd 9170 web extra
uwsgi_2.0.14+20161117-3+deb9u1.dsc
0921238145b92ab943659d3c0ebb5cbc 52192 web extra
uwsgi_2.0.14+20161117-3+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqQWWtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ej6YQAIquGohA8yaOJInbKNUot4PBOKOTXXGh
S2e3Izx9inEx/reetzFXkOpQHKf9V1YHk+Nm3teTlNdQnAY/RTxKZU1kJAQo+5kG
5jr6E6TtNEbRkQpSOmJOxcUN5cmqaextRE9BY7TROXOaAZqWLUF+6FOHai9Ynr3O
FoxoBT3rSP0xijTC8myn278BZ4P64SnTh2N1QLR95Kj8t5Eae1oj9et5fVZyj6xE
R1WFpfNBEo5zozyae/kzQbnLXZkIEykKuNCfRftXex1t3Ea+MYz4FkY3qIWlvPAY
7tcacu526/FGh4MKPURnjKvuiUqmBlhBrF26njVNDR3qzk4I1eEId93SJNBnaXi1
OE0nyNxV7WwE2gO+zUeuikSOpbk2zwu98AZu2aK2qLht8/IY3+GHyy0jlMFnc8Vf
kWu26o6xvxvBmJsdhayatyhuljUxwf453V+X5zqTxGQHZO4kFlVGM8doAx58UuoK
zq0XIUmx/k87r1yNKrQffXEKoe4Zd7p//TusIolPB6QTCIMSLTIhEKwImzTZquOF
8wv2SXPeilECr3dQKpA0qtlozZuN5D3YH+YijpzuXgVDFl6UU83S67WVf7SN4XRN
3yelCzVzvP/h4OvVUBWEoReyN2zdxnCBteGeoAXHJkM5vAx4uHXk2EqqEACNbYqe
raOUvUTKoUNE
=GWYN
-----END PGP SIGNATURE-----
--- End Message ---
