Your message dated Wed, 18 Apr 2018 12:19:41 +0000
with message-id <[email protected]>
and subject line Bug#893690: fixed in dogtag-pki 10.6.0-2
has caused the Debian Bug report #893690,
regarding dogtag-pki: CVE-2018-1080: Mishandled ACL configuration in 
AAclAuthz.java reverses rules that allow and deny access
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
893690: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893690
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dogtag-pki
Version: 10.5.5-1
Severity: grave
Tags: security upstream
Forwarded: https://pagure.io/freeipa/issue/7453

Hi,

the following vulnerability was published for dogtag-pki.

CVE-2018-1080[0]:
Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and 
deny access

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-1080
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1080
[1] https://pagure.io/freeipa/issue/7453
[2] https://review.gerrithub.io/#/c/404435/

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: dogtag-pki
Source-Version: 10.6.0-2

We believe that the bug you reported is fixed in the latest version of
dogtag-pki, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated dogtag-pki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 18 Apr 2018 15:07:20 +0300
Source: dogtag-pki
Binary: dogtag-pki pki-base pki-base-java python3-pki-base pki-tools pki-server 
pki-ca dogtag-pki-console-theme dogtag-pki-server-theme pki-console pki-kra 
pki-ocsp pki-tks pki-tps pki-tps-client pki-javadoc libsymkey-java libsymkey-jni
Architecture: source
Version: 10.6.0-2
Distribution: experimental
Urgency: medium
Maintainer: Debian FreeIPA Team <[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Description:
 dogtag-pki - Dogtag Public Key Infrastructure (PKI) Suite
 dogtag-pki-console-theme - Certificate System - PKI Console User Interface
 dogtag-pki-server-theme - Certificate System - PKI Server User Interface
 libsymkey-java - Symmetric Key Java library
 libsymkey-jni - Symmetric Key JNI Library
 pki-base   - Certificate System - PKI Framework
 pki-base-java - Certificate System - PKI Framework -- java client support
 pki-ca     - Certificate System - Certificate Authority
 pki-console - Certificate System - PKI Console
 pki-javadoc - Certificate System - PKI Framework Javadocs
 pki-kra    - Certificate System - Data Recovery Manager
 pki-ocsp   - Certificate System - Online Certificate Status Protocol Manager
 pki-server - Certificate System - PKI Server Framework
 pki-tks    - Certificate System - Token Key Service
 pki-tools  - Certificate System - PKI Tools
 pki-tps    - Certificate System - Token Processing System
 pki-tps-client - Certificate System - Token Processing System client
 python3-pki-base - Certificate System - PKI Framework -- python3 client support
Closes: 893690
Changes:
 dogtag-pki (10.6.0-2) experimental; urgency=medium
 .
   * rules: Build everything in one pass.
   * Fix ACL evaluation in allow,deny mode. (Closes: #893690)
     - CVE-2018-1080
Checksums-Sha1:
 6ccbb5d35c52f92a2a9910c2c0705f02492447b3 3709 dogtag-pki_10.6.0-2.dsc
 a211a46e56ae28d3e9cf407c694ace203c4c6feb 32584 
dogtag-pki_10.6.0-2.debian.tar.xz
 3688da8ee57f57ebbb09eec3eb323f94d869f09a 17932 
dogtag-pki_10.6.0-2_source.buildinfo
Checksums-Sha256:
 6bd3401e9afaebc8369e2c50dc3ade4c7c060f2a22134730d9230abd559b7f0e 3709 
dogtag-pki_10.6.0-2.dsc
 54fe3534494dd22c7dd23ede490a49515a4d3ce0a238d71cc24ac424e3e30083 32584 
dogtag-pki_10.6.0-2.debian.tar.xz
 d7e902752d2944fdda262051999618090c347af8bf699028b6ffce4fba53325c 17932 
dogtag-pki_10.6.0-2_source.buildinfo
Files:
 09597b27529fd80763ad92966a99ca1f 3709 java optional dogtag-pki_10.6.0-2.dsc
 3f193ab6d0ea88446943370304e03efc 32584 java optional 
dogtag-pki_10.6.0-2.debian.tar.xz
 aa9dcf4900bcd484ab8a76b2ff4ab310 17932 java optional 
dogtag-pki_10.6.0-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAlrXNRsUHHRqYWFsdG9u
QGRlYmlhbi5vcmcACgkQy3AxZaiJhNxSJQ//R8yLU6np9GcBQnRdSFeMxt1TssPW
8TrZZF1mTq8Q5qjjEq/NzRqn3PBCiE3fP0YlSF8iwJGLY2ipSlp8DEAnGcdv7Sfq
Ac58O7ZZy/M1AAD/YiDwUWCAGyML2qG5htWimt7t/wDVNR9SDvUtmeJb4+OlqTlp
wtH21Fwm1uaZU9OrXmV3Jl+0RZFGk3JNqtWf0kaYP7yZyM1Jj6Z2hWBHyVYLlxjP
jCop5r8Wz7FGfrARan3Vimde/pLNQ2I2r8rKupDU6VNJPl1CMFV7vW+pxPS5WUEi
FkPXkvRJw4XXDggQPp2ECLCYjsViTmiRKehYECPn/JNgjh+ut30+8liw6qQMu2Hm
ehdDIQoW861UdY3kkt4oDpQaOZ++aC9KVwrOsC9qW1nmlP+MbrvRfi2zmU7Y5kTE
ZBBg8CsKr3bEu6oSAKBaOrC+ngnZGvmw0YmGswdOohqMaARvDN3kybh9IeRYtw+4
wQF+zT4VX4615viWi/Y+kAU9B9i2E3Jqqpq3aFo/hGPjrNzlj6YBeLrEvUYasO5N
42SXJJ84aPvIvFob+2W8AgQ/uJWXaQ3K7aWb/AOBUNCKIC4VzI/w8s8Re382Xmui
u3DacbgBRCFlfS5IgjP0iAb2XbB/KaU1C97azB0E1scKgDjRNJCteASlW/gn1SKA
fDKhNE3JfLVdLiA=
=Reeo
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to