Your message dated Fri, 29 Sep 2017 21:32:16 +0000 with message-id <e1dy2tm-0001zp...@fasolo.debian.org> and subject line Bug#870187: fixed in supervisor 3.3.1-1+deb9u1 has caused the Debian Bug report #870187, regarding CVE-2017-11610 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870187 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: supervisor X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for supervisor. CVE-2017-11610[0]: Authenticated RCE This issue was fixed by upstream in version 3.3.3. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11610 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11610 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: supervisor Source-Version: 3.3.1-1+deb9u1 We believe that the bug you reported is fixed in the latest version of supervisor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated supervisor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 12 Aug 2017 10:36:46 +0200 Source: supervisor Binary: supervisor supervisor-doc Architecture: source Version: 3.3.1-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Orestis Ioannou <ores...@oioannou.com> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: supervisor - System for controlling process state supervisor-doc - Documentation for a supervisor Closes: 870187 Changes: supervisor (3.3.1-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Disable object traversal in XML-RPC dispatch (CVE-2017-11610) (Closes: #870187) Checksums-Sha1: 470f28256bcad718f41d88a49778c36febccdcbd 2222 supervisor_3.3.1-1+deb9u1.dsc d8dc4e7a091301cef1a212ac8ea9c12e3d157e29 415246 supervisor_3.3.1.orig.tar.gz 7cfc9ac153cc7c146926a60c1649790fce60ef70 34884 supervisor_3.3.1-1+deb9u1.debian.tar.xz f17aa4c231a9f391c9a2cfa7d3e47605f567f09e 6573 supervisor_3.3.1-1+deb9u1_source.buildinfo Checksums-Sha256: f529b5f882436e56663c955a2716baddc2fc85896c39da8da54f53d557571ccf 2222 supervisor_3.3.1-1+deb9u1.dsc fc3af22e5a7af2f6c3be787acf055c1c17777f5607cd4dc935fe633ab97061fd 415246 supervisor_3.3.1.orig.tar.gz 15f063ff773949747e1e541a3cb44c25ee9bd2bde58fed1a8ba01b93ae8ed8d2 34884 supervisor_3.3.1-1+deb9u1.debian.tar.xz a05aa6fbf009a53c89a20ae37f8c185bca19480c1106f10af8e0f40a8a6572f3 6573 supervisor_3.3.1-1+deb9u1_source.buildinfo Files: 64b1269941a56b35013bad712a3270c8 2222 admin optional supervisor_3.3.1-1+deb9u1.dsc 202f760f9bf4930ec06557bac73e5cf2 415246 admin optional supervisor_3.3.1.orig.tar.gz 009afbdd4663c04a0ea64aa0db539643 34884 admin optional supervisor_3.3.1-1+deb9u1.debian.tar.xz 808eac9fddf02bb9899f26949f02f8c6 6573 admin optional supervisor_3.3.1-1+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmOweVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EZJkP/0//xteXzOPVqpAgs2Fh1rsFC+ZJlf1A yWuNQY8coknAezZF+sO/isx/El0QjPRmDWAj0Wykx/j4Vkz7eTblgrtwJjq71vRO ASgHwYpHCJx8vQgS4iGK02URg7m8xzgJQOhd5KeRe+zfMH+pyAF5ZyeWjxl58Pvo ItkbCIEvolbMtwxZPSLq39acqmGLECtSD9RfkQu9FVRdGlCuCPbuQbZ6ikdXVqua +nSojrQAndFYtreudYYwEInaufXLyfHl78rPpBJje5kOoQdqCsQ2eyCOWrGMm6Os f2NkY9SY0AuplWmJAf6XudHbp7RbFCv2MEbASG5rev78/8ViuBUEmtZwuegSEV2j oA9HOdfte8HSeBiKRR0HCUySp4yR0KH+cHAK0VdllmadNOBgp0kPB1p34LW2uyrk hC4rvB5KWs1aM5vX9Iys84dIb8nvWj6Iv5T6D17v+xiKpkNUvL09PowHyKEnzXfS /jWNj9sRh4vuu2r2kG+vvnsmEs0XbgZqf6IUHUmKtpVz0boJhbPcS7gq2kUcDr2X CQQmoghoVaTQfc5lu2uz1KBce6sSgYr+s+OjXW4UL/dfRXY6ZSzb/IOxE3BK1Srl BgfBsLWJsQ0BYQgprBQCsEte+RDHM3F9sD+zkjbKKrJiySzVa04Q22eIWPUKGY/i TJ4JFFd3c8xt =mV0F -----END PGP SIGNATURE-----
--- End Message ---
