Your message dated Thu, 07 Jun 2018 21:34:40 +0000
with message-id <e1fr2yk-000d70...@fasolo.debian.org>
and subject line Bug#900942: fixed in libpgobject-util-dbadmin-perl 0.130.1-1
has caused the Debian Bug report #900942,
regarding CVE-2018-9246
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
900942: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900942
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libpgobject-util-dbadmin-perl
Severity: grave
Tags: security
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9246
---------- Forwarded message ---------
From: Erik Huelsmann <ehu...@gmail.com>
Date: Wed, Jun 6, 2018 at 6:36 PM
Subject: [ledgersmb-announce] Security announcement for CVE-2018-9246
/ PGObject::Util::DBAdmin
To: <annou...@lists.ledgersmb.org>
This mail is sent to this mailing list because PGObject::Util::DBAdmin
itself doesn't have a mailing list to send the disclosure to. We'll
update its repository to reflect the announcement below.
Please take note of the security advisory below, known as CVE-2018-9246
Nick Prater discovered that the PGObject::Util::DBAdmin insufficiently
sanitizes or escapes variable values used as part of shell command
execution, resulting in shell code injection.
The vulnerability allows an attacker to execute arbitrary code with the
same privileges as the running application through the create(), run_file(),
backup() and restore() functions.
Affected versions:
PGObject::Util::DBAdmin versions 0.110.0 and lower.
Vulnerability type:
Insufficiently sanitized arguments in external program invocation
Discoverer:
Nick Prater (NP Broadcast LTD)
Resolution:
Upgrade to PGObject::Util::DBAdmin 0.120.0 or newer. (0.130.0
available on CPAN).
--- End Message ---
--- Begin Message ---
Source: libpgobject-util-dbadmin-perl
Source-Version: 0.130.1-1
We believe that the bug you reported is fixed in the latest version of
libpgobject-util-dbadmin-perl, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 900...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Robert James Clay <j...@rocasa.us> (supplier of updated
libpgobject-util-dbadmin-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 Jun 2018 10:55:23 -0400
Source: libpgobject-util-dbadmin-perl
Binary: libpgobject-util-dbadmin-perl
Architecture: source
Version: 0.130.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: Robert James Clay <j...@rocasa.us>
Closes: 900942
Description:
libpgobject-util-dbadmin-perl - PostgreSQL Database Management Facilities for
PGObject
Changes:
libpgobject-util-dbadmin-perl (0.130.1-1) unstable; urgency=medium
.
[ Salvatore Bonaccorso ]
* Update Vcs-* headers for switch to salsa.debian.org
.
[ gregor herrmann ]
* Update years of upstream and packaging copyright.
* Don't run new perlcritic test during build and autopkgtest.
* Add (build) dependency on libnamespace-clean-perl.
* Declare compliance with Debian Policy 4.1.4.
* Bump debhelper compatibility level to 10.
.
[ Robert James Clay ]
* Update my copyright years in debian/copyright.
* Import upstream version 0.130.1, resolving CVE-2018-9246. (Closes: #900942)
* Correct the upstream URL metadata in debian/upstream/metadata.
* Add 't/boilerplate.t' to the debian/tests/pkg-perl/smoke-skip file.
Checksums-Sha1:
fa378b9bd7e1661f7ed689e77a6715196ba4ac51 2491
libpgobject-util-dbadmin-perl_0.130.1-1.dsc
2eae41cb3f42cf006136beafe9ed5277557520d3 14844
libpgobject-util-dbadmin-perl_0.130.1.orig.tar.gz
7d2cd75d1b3e8cbfeb41bea2bfb95240be04702b 2784
libpgobject-util-dbadmin-perl_0.130.1-1.debian.tar.xz
Checksums-Sha256:
7675ea2459f998f53ae1c1230d9b355bbcb4967d7868f2ce8d73b12a3323e14f 2491
libpgobject-util-dbadmin-perl_0.130.1-1.dsc
4042d6d19941ec2429540287f926218c94ef93eb9997b1dfeffb390abf08e053 14844
libpgobject-util-dbadmin-perl_0.130.1.orig.tar.gz
ae5674781a14a017222ac5bfc47b3f45105544948a7bdb013695791c9b413bc0 2784
libpgobject-util-dbadmin-perl_0.130.1-1.debian.tar.xz
Files:
2947da490ce2845e2aa4a87ea9a818b4 2491 perl optional
libpgobject-util-dbadmin-perl_0.130.1-1.dsc
3fa8dc7802156505aabb9467dff02744 14844 perl optional
libpgobject-util-dbadmin-perl_0.130.1.orig.tar.gz
8f94c227d7d8771d1954226b98e932a3 2784 perl optional
libpgobject-util-dbadmin-perl_0.130.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAlsZoldfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgZIHxAAkA+IVuKfGRyZSrY12UZyXR7eHpTiBcAtbLw7wpJi13Tc2ZxFA/SIabnM
9NLp4iRImkqgQufF1a2arH11vt6ovau/jINJqMaGXhIl9nAJ72LhWjZL6PL/SokE
WqaMNDHGfRVWvAIW7n63W7hU5JmKpL29xlgMvsI7wl2VtN0HNSnLh6oaC4Py1/q2
y7H2oOatf2OBFr98hR/6QY7p2FJMXry+krr/b9qhypM2frPlwjyH2AXi3DLgkiCg
TAKr0orjhhJI0lDy3BzyK2UyBYlfwj3788Q8FAiRMpP6mB9kVnTPRRrFXjEJvShc
joM0uOsk2qdGm//padwowETRomTxyioSSYq+DQiPADqBA9gRfqib0607hA9Dhmq5
MC0lBpuKfZ1KgQ6jMh09tpAxGdkvh6384cvTBliNBoBpWO1Ike7EWzrjXLPYqD1s
oYIO01pWQ8KTdMl6BU2TRk2zJLxBtsAkh7qgimRFL3BdUMYLy2+e+7i/7mwp2Acx
cblmUo5HiKufOYGBzTY96CNibZnqCqWW/qLQXvbqVvdr3g/WVyzc3K4qsmzJjsKn
FPRRelzLJ4Etf/agcxUUCDGw4G1dB7s32ZUFbbrdsrwrotpGNXwx5Bo60QmPJ2vL
0auMUjn3K+m13V7gd5+wtCSjo1Ym0KvkJTtogRqmYKJ5X78DCQw=
=4fC2
-----END PGP SIGNATURE-----
--- End Message ---
