Your message dated Mon, 16 Apr 2018 18:32:55 +0000 with message-id <e1f88vv-00016p...@fasolo.debian.org> and subject line Bug#893202: fixed in squirrelmail 2:1.4.23~svn20120406-2+deb8u2 has caused the Debian Bug report #893202, regarding squirrelmail: CVE-2018-8741: path traversal vulnerability to be marked as done.
Advertising
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 893202: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893202 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: squirrelmail Version: 2:1.4.23~svn20120406-2 Severity: grave Tags: security upstream Hi Sice there is no CVE assigned fill a Debian bug to have a reference. See http://www.openwall.com/lists/oss-security/2018/03/17/2 for additional information. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: squirrelmail Source-Version: 2:1.4.23~svn20120406-2+deb8u2 We believe that the bug you reported is fixed in the latest version of squirrelmail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 893...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated squirrelmail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Apr 2018 15:24:43 +0200 Source: squirrelmail Binary: squirrelmail Architecture: all source Version: 2:1.4.23~svn20120406-2+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Jeroen van Wolffelaar <jer...@wolffelaar.nl> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 893202 Description: squirrelmail - Webmail for nuts Changes: squirrelmail (2:1.4.23~svn20120406-2+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Path traversal vulnerability (CVE-2018-8741) Directory traversal flaw in Deliver.class.php can allow a remote attacker to retrieve or delete arbitrary files. (Closes: #893202) Checksums-Sha1: 979c050944cec020109ca236f7b1cba48749c492 2186 squirrelmail_1.4.23~svn20120406-2+deb8u2.dsc 48c5a43d231b33d8e6e4c6d3655c126fd90dd7ae 35032 squirrelmail_1.4.23~svn20120406-2+deb8u2.debian.tar.xz 96f163637b5a94b78d3477c6d07b5daa7472fc31 499632 squirrelmail_1.4.23~svn20120406-2+deb8u2_all.deb Checksums-Sha256: 0d7fb031fea6ef72de78aeb5cf3841f37767a40b1c706d57b5bc23e9eaf4bf5c 2186 squirrelmail_1.4.23~svn20120406-2+deb8u2.dsc aec6f8157e10bc0a490dd12c48b76791c8fc027141086c01895b629358219e18 35032 squirrelmail_1.4.23~svn20120406-2+deb8u2.debian.tar.xz b5f652a746391b0368dfe7e75bdc12c5c6eaaaa77a9e6bd12406e5ef276032bc 499632 squirrelmail_1.4.23~svn20120406-2+deb8u2_all.deb Files: 80640afa1147ccf9cd9fa41222e4d4e6 2186 web optional squirrelmail_1.4.23~svn20120406-2+deb8u2.dsc 97ffd7598b81a2ff78fd50e45ada8a1b 35032 web optional squirrelmail_1.4.23~svn20120406-2+deb8u2.debian.tar.xz f7523f175880000052e5ebd9da26061c 499632 web optional squirrelmail_1.4.23~svn20120406-2+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrIyHlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EaJ8P/2LczzJHLQ7kfcVTgGPazLfrqIf15eKK brJfjrT/k8BPeSh9xF0enqPy05fqCFXzrTDpO8U4zvvrPixdVclW2W5HcUZFx0q9 J2/2RJHmwUPwTjUFCXaNrci0bXlvTb2hgwJVxz3apiYLpEEEWtJSEFBFudyKYtM5 kdScgiHbvLjLh5QWHlL6T/Y3/0xwqOjDnlIukdA+Ht8EJwURF7P4Qh7dMNQ16RwW r4FWrXzobI6NHZeo7yvgGte1GYw8DegpAixlRwQxRpP/PdyA30247O4FYIjMIH0o NiqSaelNLc41xtpTGfkFLlYi0cPVoFVyP4uG4Vv3AmiJ4R5vcNvaF9eAw9M/TL+S WJn3NGnt/ieNqCy+T7p0HHJKBIxbHqwgmJeG0kpPsUQ1yXgyMEUj46xfnTkQ5jBA z2u+6i5/O3pDGmExJoeuLPe0F+ez5WgA9figfONh9Av4ytAakerq2ZX3gWtoasgT UU+7U4SmF1Tpe6t7p/OkUGDiUX9p+C4W4efr2F/wdMrXyxLL5f2oWTl1qlTzfdbn MhPA9pcIxrUUh8Ahy53tHx6kxwQ74ai3Z30Fo0Kvblfw1+mNoTg6XBLCIXYGQzyH 3SeqHv/Goxl2u+jwfF4nBMu9K0UuanGy6fImWG/fkEnfSpaoVwCvVFrnQHHlepEK lLmDIhFn4mHi =2lkj -----END PGP SIGNATURE-----
--- End Message ---
