Your message dated Wed, 17 Jun 2026 09:50:00 +0000
with message-id <[email protected]>
and subject line Bug#1139174: fixed in cfengine3 3.24.4-1
has caused the Debian Bug report #1139174,
regarding cfengine3: CVE-2026-24712
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1139174: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139174
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cfengine3
Version: 3.24.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for cfengine3.
CVE-2026-24712[0]:
| Northern.tech CFEngine Enterprise and Community before 3.21.8,
| 3.24.3, and 3.27.0 allows Command injection.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-24712
https://www.cve.org/CVERecord?id=CVE-2026-24712
[1]
https://cfengine.com/blog/2026/cve-2026-24710-and-cve-2026-24711-and-cve-2026-24712/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cfengine3
Source-Version: 3.24.4-1
Done: Christoph Martin <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cfengine3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Martin <[email protected]> (supplier of updated cfengine3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Jun 2026 11:02:17 +0200
Source: cfengine3
Architecture: source
Version: 3.24.4-1
Distribution: unstable
Urgency: medium
Maintainer: CFEngine Team <[email protected]>
Changed-By: Christoph Martin <[email protected]>
Closes: 1139174
Changes:
cfengine3 (3.24.4-1) unstable; urgency=medium
.
* [fc2679b] update salsa-ci.yml and disable licenserecon
* [67cb06b] wrap-and-sort debian/control
* [7cdd150] fix regex in debian/watch
* [06b5fff] update debian/watch version 5 format
* [bc5b888] add gbp.conf
* [e04b5df] use simple Matching-Pattern for uscan to work
* [21f3c42] New upstream version 3.24.4
* fixes CVE-2026-24712 (closes: #1139174)
Checksums-Sha1:
2a6b8076f8a4530d077a870f8ee867c19dd02573 2424 cfengine3_3.24.4-1.dsc
92cd48bf4ff2ae401ab8bbcbe32e914cbcd1fa2d 543626
cfengine3_3.24.4.orig-masterfiles.tar.gz
3d3af542bdd98951cd085ead8f99e0c632d59c5e 3404513 cfengine3_3.24.4.orig.tar.gz
9f9358513279cc42c7121f15474f900b772886d0 20424 cfengine3_3.24.4-1.debian.tar.xz
4e1e84789f06a5af9d2c70aa073dabc4b05a0fdf 9390
cfengine3_3.24.4-1_amd64.buildinfo
Checksums-Sha256:
85a69439fb3094a6597689271d17041c09d9305b242568d5bbe81efadff0b5fd 2424
cfengine3_3.24.4-1.dsc
714e81bbe23cdc9742d170cfb093bc9129ea2d88b164b5349ee95ee2456552aa 543626
cfengine3_3.24.4.orig-masterfiles.tar.gz
8b71578c07d21d4bbb7591c182f696d5f5501265443dadb4df82519bb8ea78e3 3404513
cfengine3_3.24.4.orig.tar.gz
9a01259b5c69b2297802673ef03c54bc75a405b65869758f3350402c2c80d580 20424
cfengine3_3.24.4-1.debian.tar.xz
4a118bdc7fb60a5392becce730d12ff61760a10397c9507d1391cb0095f7fc8e 9390
cfengine3_3.24.4-1_amd64.buildinfo
Files:
853edd40f56653f0d9d9cac06f269dae 2424 admin optional cfengine3_3.24.4-1.dsc
61844d1bf675a53c44feb6da6e8eddce 543626 admin optional
cfengine3_3.24.4.orig-masterfiles.tar.gz
d86dc665ea77625676926a38cee450b6 3404513 admin optional
cfengine3_3.24.4.orig.tar.gz
7c33ab7a17ec90d3ffd27087bf55c7c2 20424 admin optional
cfengine3_3.24.4-1.debian.tar.xz
8e644c3965179ba1f68f0646d2cb1bdb 9390 admin optional
cfengine3_3.24.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEbdFebnsTnCYy4y02kcMUbl2GabQFAmoyajIACgkQkcMUbl2G
abQV+A/+NiOBiQD6BWOKkMN0NAU43sKS5t8SQ5+Ou66B07flh/OcZEbJblUV/g6D
rQDNyhy3TPFALzU4utm/nyBZVwze/hNqPN5TFZif6T2xIWRoitnEwdVBXOSbRcrC
mHeNxdNHYffEEplOag8+oei5rMCMg+PCQmGIbOzQgrzD1fKgyPeoymww6gnuNkMp
St1ztG5JcKhV23JbfN8hkUyo8fucVfPfjrRRe6GMOj/19icoRcuLXKBzZOyH+ytf
eZBPqj5EYhnkGnhB9ytnO7biUVVZxDr6NI/D9/vyzLZqIWtVBwc98zL/AzKdVImU
e9WV69VqOlrW0SlW8tDl+8mFlMPATqUj47PH3IgtAjoy1IYp2kzFJxha2ncABXjA
mm7o5b+GLFEB+XqpgfFjb3hcQMVSAEtwhLtZAQqNTPDNKuzyylDppWF17LUmX1kB
fcIqh+HKtO+L6qa/YfPpSriV4f+Cl+cjJlpPbZiVRT4jRNKrBAXD87b3ui78TOXd
9iyk4Y6Z11U7u+tC/M0JDTDskKHsEUBoBFrU+mweZQX/D9I/3m9Sj52yLQDqrfK5
tD+nKTvlxf5S7OHo7+0TtD4/2GCsUw68jfjUcIDNAimCNqo06t3MqvTMdxmvduKT
sFt4VRj2jKpHW9hiwQQLjmlwcDSW8xXORiDgb36auvvocwSrE9g=
=J/1u
-----END PGP SIGNATURE-----
pgp43fbAZn4uA.pgp
Description: PGP signature
--- End Message ---
