Your message dated Mon, 30 Apr 2018 20:52:31 +0000
with message-id <[email protected]>
and subject line Bug#896195: fixed in psensor 1.1.3-2+deb8u1
has caused the Debian Bug report #896195,
regarding psensor: directory traversal flaw
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
896195: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896195
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: psensor
Version: 1.1.3-2
Severity: important
Tags: patch security upstream fixed-upstream
Control: fixed -1 1.1.5-1
See
http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=48739caa745f9f8002e87af574f03e5dc6ae3447
and upstream commit
http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
A directory traversal flaw exits in psensor, allowing to retrieve
files which are not under the webserver directory.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: psensor
Source-Version: 1.1.3-2+deb8u1
We believe that the bug you reported is fixed in the latest version of
psensor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated psensor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Apr 2018 21:23:26 +0200
Source: psensor
Binary: psensor psensor-server psensor-common
Architecture: source amd64 all
Version: 1.1.3-2+deb8u1
Distribution: jessie
Urgency: high
Maintainer: Jean-Philippe Orsini <[email protected]>
Changed-By: Markus Koschany <[email protected]>
Description:
psensor - display graphs for monitoring hardware temperature
psensor-common - common files for Psensor and Psensor server
psensor-server - Psensor server for monitoring hardware sensors remotely
Closes: 896195
Changes:
psensor (1.1.3-2+deb8u1) jessie; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2014-10073: The create_response function in server/server.c in
Psensor allows Directory Traversal because it lacks a check for whether a
file is under the webserver directory. (Closes: #896195)
Checksums-Sha1:
ad66a8fe55e5d8d0159f4bc83f216de77a28f587 2490 psensor_1.1.3-2+deb8u1.dsc
ca492ce31d7de16a6731bb735f2bdb63cab861b3 8392
psensor_1.1.3-2+deb8u1.debian.tar.xz
168805674c6fad4f3b3c84a290f2be40a15f8903 61548 psensor_1.1.3-2+deb8u1_amd64.deb
a66cb0633d080b1da191124bdeab2c00fa2aa33d 107986
psensor-server_1.1.3-2+deb8u1_amd64.deb
da09d6a8ce756a85031618422e1633398248715f 53488
psensor-common_1.1.3-2+deb8u1_all.deb
Checksums-Sha256:
8d1fd309c4002b8d4d6b1d200068adacb772949e666fb1d9bb6c3ef84e4ffe26 2490
psensor_1.1.3-2+deb8u1.dsc
b221608e0ad203b5122801f702d1a6bd2b9d7316218d71911da67a7350061436 8392
psensor_1.1.3-2+deb8u1.debian.tar.xz
dbded24f96249e3f631fe903703dfec5c9d9f8f463c527d6c4a5417aa3e22b2f 61548
psensor_1.1.3-2+deb8u1_amd64.deb
38f879edb021dfa860cc2cf681c9a5a42a61305d00f44336936cf452de573b92 107986
psensor-server_1.1.3-2+deb8u1_amd64.deb
d3d565ff8181d96b3fa46a4e450a9e3ace08f0aecd66ea0040e3679745c9d4dc 53488
psensor-common_1.1.3-2+deb8u1_all.deb
Files:
65241204c5c0990eb05ce9b6dc84da9c 2490 utils optional psensor_1.1.3-2+deb8u1.dsc
81ede8d8d29434669386eac0b042de28 8392 utils optional
psensor_1.1.3-2+deb8u1.debian.tar.xz
095a1cd49682c3807bff25af4f60c37a 61548 utils optional
psensor_1.1.3-2+deb8u1_amd64.deb
358c6cf68f9d7a2f735cfd41fd93d4f9 107986 utils optional
psensor-server_1.1.3-2+deb8u1_amd64.deb
1c6ac6aef094e6629bf5c3b0be0b818c 53488 utils optional
psensor-common_1.1.3-2+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrfnDZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkZlIP/25ohqmrk/yZ4MgVwgDsYnz4XmAa7FFIjcnY
g1ht8bxJuKGN6Rj1FeLrLp/aO1ecDOFLZIHxUsJ4JJ3QB1ptPGVdjkRmXP8+s0cT
lW/Xd31p4w6AGwF/iyLWsNr/jNCR8o8AtwNTirMet62d9FiiArnMhWH5v4sxSWWF
5uLWGlJP2zEj6lxZA+SdpkAly/HMMhovEtohe1g0U1wIp4GoDE3t1DlmustHiF83
aSctTYPRlINeafUc1LRqsh1HvBuPtJddgiHMmePMWfpaD7/SPSLHw4OrAHZHCo5a
USOeeZnWMJEAatNRkmVTlgo/Wo8arRJJsaIZ5oAUdT98waz00oX9FmNATmwPs0RF
noiNLlqxWYFHrG8ln7oClb44cgN1SOmWPpMPrrMslLWLmWa9BMm+EQ5SvOky5e5K
jHQFP+7wDzJ2gJ8U4vPLjM7lUrEagslmDsKwfuWXhKY1iqtB+HDQqsLPdgfJ6GTv
gSwzoCfrJgDBtA9AMLcZtb2jOW41h2SIMN9V3yDLsnKcZNi0lcE48RSurBTc+Eq7
uOoT8iDtd1wbQMgR5S7J16hCyHCPctsz9/EDRNXJ+lt5itsN+hGipiHJFUxmMPzD
Z1Iu8iQaz0xvOBp22KpUFxY06+FeFAlCrucPpRxotJjTU6vmx9DXpbAG1Oi78pp2
l99sHZdI
=TJrP
-----END PGP SIGNATURE-----
--- End Message ---
