Your message dated Thu, 12 Apr 2018 21:37:52 +0000
with message-id <e1f6jui-0002on...@fasolo.debian.org>
and subject line Bug#895313: fixed in pcs 0.9.164-1
has caused the Debian Bug report #895313,
regarding pcs: CVE-2018-1086: Debug parameter removal bypass, allowing 
information disclosure
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
895313: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895313
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pcs
Version: 0.9.155+dfsg-2
Severity: important
Tags: security upstream
Control: fixed -1 0.9.155+dfsg-2+deb9u1

Hi,

The following vulnerability was published for pcs.

CVE-2018-1086[0]:
Debug parameter removal bypass, allowing information disclosure

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-1086
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1086
[1] http://www.openwall.com/lists/oss-security/2018/04/09/2

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: pcs
Source-Version: 0.9.164-1

We believe that the bug you reported is fixed in the latest version of
pcs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 895...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Valentin Vidic <valentin.vi...@carnet.hr> (supplier of updated pcs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 12 Apr 2018 22:14:30 +0200
Source: pcs
Binary: pcs
Architecture: source
Version: 0.9.164-1
Distribution: unstable
Urgency: high
Maintainer: Debian HA Maintainers 
<debian-ha-maintain...@lists.alioth.debian.org>
Changed-By: Valentin Vidic <valentin.vi...@carnet.hr>
Description:
 pcs        - Pacemaker Configuration System
Closes: 895313 895314
Changes:
 pcs (0.9.164-1) unstable; urgency=high
 .
   * New upstream version 0.9.164 fixing:
     - CVE-2018-1086: Debug parameter removal bypass,
       allowing information disclosure (Closes: #895313)
     - CVE-2018-1079: Privilege escalation via authorized
       user malicious REST call (Closes: #895314)
   * d/patches: revert changes from git
   * d/patches: update for new version
   * d/rules: update for new version
   * d/copyright: use https in Format url
   * d/control: update Vcs URLs to use salsa
   * d/changelog: cleanup trailing whitespace
   * d/control: update Standards-Version to 4.1.4
   * d/compat: update debhelper to v11
   * d/patches: fix seconds output in testsuite
Checksums-Sha1:
 fb1e05ff8e58dfe6a8b89ce25e3c2d5215d71bce 2107 pcs_0.9.164-1.dsc
 7f312a3e74ba2bbbfaf2cbacaa1a148f77099e26 1399228 pcs_0.9.164.orig.tar.gz
 39b72f781b51bb7aedee3f8fc6f76efbba3f8a91 168364 pcs_0.9.164-1.debian.tar.xz
 6089b5f96cabb0c29a7d3feff4d3b7bc8923787e 6266 pcs_0.9.164-1_source.buildinfo
Checksums-Sha256:
 a1654692b4368cf0f0f080afc5eacaee4fcb66042d3719b64ec4c1d15a299d78 2107 
pcs_0.9.164-1.dsc
 b8aa3045ba7fe6e9713d5d1f6a4a567490a3d3ec3ee10683898cd3eda13e266f 1399228 
pcs_0.9.164.orig.tar.gz
 def0575bd9ee986101555ed059467a2378dc8235e68b5e5abc0744e3623ed794 168364 
pcs_0.9.164-1.debian.tar.xz
 4acb78fdd5a17e5368e04b6fd6472719201cae4028ee17ac3d20e75e706c5621 6266 
pcs_0.9.164-1_source.buildinfo
Files:
 f0d16629fb69809b35d88e006c05fe0f 2107 admin optional pcs_0.9.164-1.dsc
 f6b3bb0c913a01c4ea9441d1a64bfb63 1399228 admin optional pcs_0.9.164.orig.tar.gz
 d227386fe2bef7446356a7f5a700508e 168364 admin optional 
pcs_0.9.164-1.debian.tar.xz
 298b8e7650f70421157870747c6881d4 6266 admin optional 
pcs_0.9.164-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEExaW53cM9k/u2PWfIMofYmpfNqHsFAlrPy2IZHHZhbGVudGlu
LnZpZGljQGNhcm5ldC5ocgAKCRAyh9ial82oe7a1EAC+Jf/zhHL05wa9yYe7Gpcn
DYCjJ9pMNkMzlArIoTe6na056RFP8fiDjyP7zi4mqW8epex6JmlaA0k0Y1RnGXha
tQBPcNslc7fwxnX+virEYPOCwL8WuvU3nvVGz84Ml02nGs4a7Zlgh7eubyjAqLPt
xgIAW5PuXLLG1rky6M9WS2YcN51pjE4LAeCVLz7/2OfiKMH60PTdl+s8BDcv6VtK
DczOKNauPEvnm3B7UzFWYqhsQF5sG+lyVn+F7wrm9cwCMpBKpSHWmCAzYB9qA7TG
9MmJaRF18emCsfEVF5SIW2W4FoCUoC7YSxJMFSk2IOzy1T7t/SZcUD4b0dnimg8x
HppBGBSPZV9Sn/Y8bDnDZxp+NSDbtu34mm/I80F3VMBaFByIPAjdJGUmbPNGc69w
Cqt+TdjJaivlXo8+2Va1y1Ybcq672ZJ+UeG614xibZYr+Omrncyv3pY6taGsxoo0
tbAQ1T7BBhuBX5NzT07EOIXA3Z6vkkpaEEM2w/GDI0hyI1BxPt7J1yUa7ziBhRf1
2P3GajUdtvEXl9z3+EkbEb04vfrzTMp3cKDs2ey9QujLI/6B1nXqdWuZ+m1dkOKM
b9gjiPvXMTozYm+HcSO2Kwqg0fk1pj8W/rnNX2qz2uFXkJCX1klYzizdKlMLntxy
TO+wQPGEvRRg5Jjva4Q6Jg==
=UTvA
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to