Bug#615995: marked as done (CVE-2011-1018)

Debian Bug Tracking System Wed, 02 Mar 2011 08:51:17 -0800

Your message dated Wed, 02 Mar 2011 16:48:30 +0000
with message-id <e1pupdy-0004yk...@franck.debian.org>
and subject line Bug#615995: fixed in logwatch 7.3.6.cvs20090906-2
has caused the Debian Bug report #615995,
regarding CVE-2011-1018
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
615995: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615995
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: logwatch
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=680237
for references.

This is http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1018

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs35-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---

--- Begin Message ---

Source: logwatch
Source-Version: 7.3.6.cvs20090906-2

We believe that the bug you reported is fixed in the latest version of
logwatch, which is due to be installed in the Debian FTP archive:

logwatch_7.3.6.cvs20090906-2.diff.gz
  to main/l/logwatch/logwatch_7.3.6.cvs20090906-2.diff.gz
logwatch_7.3.6.cvs20090906-2.dsc
  to main/l/logwatch/logwatch_7.3.6.cvs20090906-2.dsc
logwatch_7.3.6.cvs20090906-2_all.deb
  to main/l/logwatch/logwatch_7.3.6.cvs20090906-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 615...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Willi Mann <wi...@wm1.at> (supplier of updated logwatch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 02 Mar 2011 08:57:07 +0100
Source: logwatch
Binary: logwatch
Architecture: source all
Version: 7.3.6.cvs20090906-2
Distribution: unstable
Urgency: high
Maintainer: Willi Mann <wi...@wm1.at>
Changed-By: Willi Mann <wi...@wm1.at>
Description: 
 logwatch   - log analyser with nice output written in Perl
Closes: 615995
Changes: 
 logwatch (7.3.6.cvs20090906-2) unstable; urgency=high
 .
   * CVE-2011-1018: Remote code execution by combination of
     - Logfile name by attacker's choice (e.g. samba log files) and
     - Missing sanitization of logfile names in system() call.
     - fix by encapsulating logfile names in ' and disallowing '.
       Taken from upstream.
     - closes: #615995
Checksums-Sha1: 
 0ef0c83995ba12417cdbc4cc81bbc58bd22660c0 1817 logwatch_7.3.6.cvs20090906-2.dsc
 0529236dee684b048934ba86065ea2f2b11e5365 88486 
logwatch_7.3.6.cvs20090906-2.diff.gz
 c6de469267a16291becd59a3b8eb0d074633754d 400212 
logwatch_7.3.6.cvs20090906-2_all.deb
Checksums-Sha256: 
 294eab0b0b144b952672d8330e795b317492ff7850e617c912f85003d9803b2e 1817 
logwatch_7.3.6.cvs20090906-2.dsc
 41f00f1ba160af0914238aabbdec6910a9e95eaa56b7cd6b99e5623197353a6c 88486 
logwatch_7.3.6.cvs20090906-2.diff.gz
 42c93d69d8b6360a19ff582927197f2ff693a07005c6de001ed46613b6d2d6be 400212 
logwatch_7.3.6.cvs20090906-2_all.deb
Files: 
 de44b2aee52a4ecd1466781bcdcd9559 1817 admin optional 
logwatch_7.3.6.cvs20090906-2.dsc
 989926c7678d7cdbdc8bb282e81fc2c2 88486 admin optional 
logwatch_7.3.6.cvs20090906-2.diff.gz
 b7ecbd90981771f8963839f0dd1ba7b9 400212 admin optional 
logwatch_7.3.6.cvs20090906-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJNbnFQAAoJECHSBYmXSz6WBhsQAMwNlJTwCZyhXYlrtoWGPaal
fy6J3L4nLqVKJBFurFBWqp/+vxrM1y6P2gkAwubUNkwdKeeZGLjhk4Y7hvx5knoK
cDAzxresIdf/K/xtA9wdYWrZI4DuUyzgTlLWMRNtSlg8pbUhcR5gEm+H+nz6DhaM
a/YT6k3nO/Upbuwx5xffAMKHLtzKBvySZPa0OstFkvVQn/dxT/7LETPNGYYgcSD2
nVkESTT6T1fcK49X4ohoenpTdzpPHR1pB6YT+lGZAePeoGFryrQf3Ri6H4rPCvAI
T3EFqBzlyLMmkmmQE3x5M0NVRMET+78poJZ19vX5S7hFZ4XTQq9KSoxudkT2JUQc
N7/UmtzOgfl3NPB9ExHbMBJU0SqCIBdTCy32XSq6+vGAG+ciCubcLswlwWxChWKN
KCt9rZUGIBRimjlZJJkE91wWgOLj2DTfKc5BnHjq6CNDP0OzxIhQ6cK0rpJzaYHB
Pqi++1fAXhJmdEVau1mfppH8BxCLNguJ3VUcTK/buCDC5NZC887h/+uWdJLxFJ77
8T7N4Ne3Ue1FEMNi9zOzkFnpFYAFvpHA+6JO4pcQA1usae3kdrw0QxiMyBFBODTJ
S5PetBrOkgpWGQcVp4P0hZVzmfjxTY0SeyXoHZzJu487WwiJt5zYvxdo4Up8UUJj
wrl7Bnbx+N+z/a0iovM5
=QzJq
-----END PGP SIGNATURE-----

--- End Message ---

Bug#615995: marked as done (CVE-2011-1018)

Reply via email to