Your message dated Fri, 19 May 2017 19:48:41 +0000
with message-id <[email protected]>
and subject line Bug#862689: fixed in flightgear 1:2016.4.4+dfsg-3
has caused the Debian Bug report #862689,
regarding flightgear: CVE-2017-8921
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
862689: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862689
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: flightgear
Version: 1:2016.4.4+dfsg-2
Severity: grave
Tags: upstream patch security
Control: found -1 3.0.0-5
Hi,
the following vulnerability was published for flightgear.
CVE-2017-8921[0]:
| In FlightGear before 2017.2.1, the FGCommand interface allows
| overwriting any file the user has write access to, but not with
| arbitrary data: only with the contents of a FlightGear flightplan
| (XML). A resource such as a malicious third-party aircraft could
| exploit this to damage files belonging to the user. Both this issue and
| CVE-2016-9956 are directory traversal vulnerabilities in
| Autopilot/route_mgr.cxx - this one exists because of an incomplete fix
| for CVE-2016-9956.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8921
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: flightgear
Source-Version: 1:2016.4.4+dfsg-3
We believe that the bug you reported is fixed in the latest version of
flightgear, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dr. Tobias Quathamer <[email protected]> (supplier of updated flightgear package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 May 2017 21:10:15 +0200
Source: flightgear
Binary: flightgear
Architecture: source
Version: 1:2016.4.4+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian FlightGear Crew <[email protected]>
Changed-By: Dr. Tobias Quathamer <[email protected]>
Description:
flightgear - Flight Gear Flight Simulator
Closes: 862689
Changes:
flightgear (1:2016.4.4+dfsg-3) unstable; urgency=medium
.
* Team upload.
* Fix RouteMgr security: don't allow overwriting arbitrary files.
This fixes CVE-2017-8921.
Thanks to Salvatore Bonaccorso <[email protected]> (Closes: #862689)
Checksums-Sha1:
fa203d81442dbae20768e0e1df871f23bba5f9d7 2617 flightgear_2016.4.4+dfsg-3.dsc
608554e3a7f289196838fe25633bc30ff5771fd0 24260
flightgear_2016.4.4+dfsg-3.debian.tar.xz
44fe685b8c5bba440a9cf2b10b230e4f6eaed68e 16627
flightgear_2016.4.4+dfsg-3_amd64.buildinfo
Checksums-Sha256:
3e2d823a448de0555bf5d69d735820833612b1454f5c1deb03678121e8078807 2617
flightgear_2016.4.4+dfsg-3.dsc
21aca663b6536eaed2b7c5c368ba3e36468cc4362ea2ad7bdd27cdf0096feb53 24260
flightgear_2016.4.4+dfsg-3.debian.tar.xz
b08e3494515546ae4649a4f7f75d2b83575022e3559be8993504c5d871780510 16627
flightgear_2016.4.4+dfsg-3_amd64.buildinfo
Files:
845442557d68fcab00df7613c1850b88 2617 games extra
flightgear_2016.4.4+dfsg-3.dsc
ce28e30a3003b4ce433206720279d065 24260 games extra
flightgear_2016.4.4+dfsg-3.debian.tar.xz
b715c07029b98d418b75ce1c97311531 16627 games extra
flightgear_2016.4.4+dfsg-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJZH0UgAAoJEBMC8fA26+sZJLMP/iCzDd1kzHC0gK5ARMTdGux+
JxNN0KJhbqe6TRQxBZkJT6gxLZ+a263qCH2BbjIoXRPfXEXdEzmCsOo4F+q9nzn6
12LR322FN629sUgGCjYBr2i+4qq175vlmSWaCxlGQZZZzOnvv5/xruAiFNVSUYYU
kq1jONgcgXVOq3rBcwM/doOa42djjiwP1w3PiiofHfWvTz5xTjhub6imfqVOloxo
95cLOZW+wX3nb+hoz7wiGeePZid7JsPf/w9xKooQBrxJI0S7UBp2LX2X106sDjv7
Jwhis1dZSddITQw3lW8jGaH0PS3n4vDV9nZiBaqDtEsd+e9wNF9B8etW43qfpNVK
rbjcBU27GcQ5w3X8VE9dD4Q+nHjEa954iksoQHXQc5vpUc6F3I8w0UGwvjlWB38g
2Kne4DoRqHA8aXcN3zO+J+gdTUqsZfG+ZB1WP5ZVDf0sue+4dKjSblSwBfYS+CFB
abCwSaQT00IAYYaNZZHBzQxKt+pP80OcAs6rpGjFzVQG2i+G6A5dNv0BQpNFybVh
QOy3a6qvYqcYhTmBsTM0p0MEsyxIhRYKZ7/LzyU2i8Y8oI+KNM6kyvg5ezxcpVGV
0+BdbPBP7cUF2KpF2nTRFXL9i+K4lMgturNxOrauYccDWXJQSKmXMGTOiGtXgqiR
jyuoWCYqNojGH8F2SKfP
=qPnQ
-----END PGP SIGNATURE-----
--- End Message ---
