Your message dated Sat, 22 Dec 2018 18:34:55 +0000
with message-id <[email protected]>
and subject line Bug#916930: fixed in netatalk 2.2.6-2
has caused the Debian Bug report #916930,
regarding netatalk: CVE-2018-1160: Unauthenticated remote code execution in
Netatalk
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
916930: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916930
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: netatalk
Version: 2.2.5-2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Control: found -1 2.2.6-1.1
Control: fixed -1 2.2.5-2+deb9u1
Hi,
The following vulnerability was published for netatalk.
CVE-2018-1160[0]:
Unauthenticated remote code execution in Netatalk
More information and patches for 2.2 branch can be found in [1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-1160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1160
[1] https://bugzilla.samba.org/show_bug.cgi?id=13711
[2] http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: netatalk
Source-Version: 2.2.6-2
We believe that the bug you reported is fixed in the latest version of
netatalk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonas Smedegaard <[email protected]> (supplier of updated netatalk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Dec 2018 19:04:35 +0100
Source: netatalk
Binary: netatalk netatalk-dbg
Architecture: source
Version: 2.2.6-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Netatalk team <[email protected]>
Changed-By: Jonas Smedegaard <[email protected]>
Description:
netatalk - AppleTalk user binaries
netatalk-dbg - Debug symbols for netatalk
Closes: 864125 907958 912091 916930
Changes:
netatalk (2.2.6-2) unstable; urgency=medium
.
* Acknowledge NMUs.
Closes: Bug#864125, #916930.
Thanks to Salvatore Bonaccorso and Andreas Metzler.
* Simplify rules:
+ Stop resolve build-dependencies in rules file.
* Update notes on local build linked with OpenSSL:
+ Rephrase centered on usage needs (not legalese).
+ Use apt (not aptitude or apt-get) in interactive commands.
+ Stop reference obsolete unofficial package repository.
+ Move build details to README.source.
* Update Vcs-* fields: Maintenance moved to Salsa.
* Stop build-depend on dh-buildinfo.
* Update copyright info:
+ Extend coverage of packaging.
+ Use https protocol in format URL.
* Wrap and sort control file, and strip trailing spaces.
* Use package priority optional (not extra).
* Declare compliance with Debian Policy 4.2.1.
* Fix depend on lsb-base.
* Configure with --enable-a2boot.
Closes: Bug#907958. Thanks to T. Joseph Carter.
* Add patch 106
to fix detect Berkeley DB installed in multiarch location.
Closes: Bug#912091. Thanks to Helmut Grohne.
* Add patches cherry-picked upstream
to fix unauthenticated remote code execution
(replacing semantically identical patch 115 added in 2.2.6-1.2).
Checksums-Sha1:
a17a6e609e160528eaf9091f7e3238ac588e26aa 2261 netatalk_2.2.6-2.dsc
75f207454715b8a49b77a7ed81968491ad61629b 47368 netatalk_2.2.6-2.debian.tar.xz
c02858497410810e8431ba50f7d50be2fe107728 7378 netatalk_2.2.6-2_amd64.buildinfo
Checksums-Sha256:
0023051d66fc8cae4dccf37c753967fb78c687298560c5d37d8632ba6019ae37 2261
netatalk_2.2.6-2.dsc
cc1f277ffd106a200e58f3631942c82b40f105c60e869a549c4ef59f3b061651 47368
netatalk_2.2.6-2.debian.tar.xz
da822faee160c133f3dc9895da72b96dd1a64042d0da4902b815de1688e39fb7 7378
netatalk_2.2.6-2_amd64.buildinfo
Files:
3af48f549e154cfbc9a155adfcb516bc 2261 net optional netatalk_2.2.6-2.dsc
f598132892ea0401ed7f387b4f657783 47368 net optional
netatalk_2.2.6-2.debian.tar.xz
99fc01465d8da1d187fed0dd42a73f3a 7378 net optional
netatalk_2.2.6-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlwef2YACgkQLHwxRsGg
ASGyig//f5jcrENw3uqCaIfM8rrB7EpNX4W+LNvv8M4UG+I6uSD4524T06rZ5nNf
eU+d4MAxjWF1ynsHbBxjmV7n1ng+DA3amfSZGW7CoTHCFbXOGLjM7NUftL9Vp2tu
DGeokZGDP/U1VwHWPKm9Rz6Rsso8DvU1xy5AotNtYs8GwvuysjlMuRV0xlSyYEED
vht4rrWlKniY+yEbSgL49/B2mOeByJiDT4rYJRkc6o5S29O3ks6vvwCtfJ8AmrwA
KseZloAnVlgmAXx2o4DBw2S2mYOOe4wGORaVpI/PYlYA8REgEzT9yeWC6XmMhOjc
rPs11o2edd+KXxqJI84EeTbM+b49Lv3Uh1oEuDUFIx887BTY2chF7idaHVUl8F/o
G5F/H8bNskdKWcEt1BwSrOnKxjmK1nKu4KHJ364au6R387DZP2qmu42BEtpXSb8I
lxVvM3CDKgPV+5mmYdoItl7euGg8C8369m21VF9htQyRCGOEzxMIRYa45zxBTaRm
QUtMz/dpiv2BJxoWjfKYn2ApcVOSgVKY622N1Mo23NYtXWO0ctKCDMeB3YAGn0pI
XY6/yHVeEpNLcYjnWspTgPS6W5+SKJpJ34392+2UTkMxVe8is2HlPTzNLj3SHJoQ
jBSclLreBnxg8qnQ/z25yuZN4QEItC/J1QyEyJSFB967Ogxsx50=
=qdsN
-----END PGP SIGNATURE-----
--- End Message ---
