Your message dated Tue, 18 Oct 2016 02:26:27 +0000
with message-id <cdc98995-3f72-4036-9fc9-999bc1472...@hpe.com>
and subject line Bug#838300: fixed in golang-github-appc-docker2aci 
0.12.3+dfsg-2
has caused the Debian Bug report #840711,
regarding golang-github-appc-docker2aci: CVE-2016-8579
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
840711: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840711
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: golang-github-appc-docker2aci
Version: 0.12.0+dfsg-1
Severity: grave
Tags: security upstream patch
Forwarded: https://github.com/appc/docker2aci/issues/203

Hi,

the following vulnerability was published for golang-github-appc-docker2aci.

CVE-2016-8579[0]:
infinite loop in deps walking

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-8579
[1] https://github.com/appc/docker2aci/issues/203
[2] 
https://github.com/lucab/docker2aci/commit/54331ec7020e102935c31096f336d31f6400064f

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: golang-github-appc-docker2aci
Source-Version:  0.12.3+dfsg-2

Marking as closed by hand, because I screwed up the changelog.  )-:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 18 Oct 2016 09:09:26 +1100
Source: golang-github-appc-docker2aci
Binary: golang-github-appc-docker2aci-dev docker2aci
Architecture: source amd64 all
Version: 0.12.3+dfsg-2
Distribution: unstable
Urgency: high
Maintainer: Debian Go Packaging Team 
<pkg-go-maintainers@lists.alioth.debian.org>
Changed-By: Tim Potter <t...@hpe.com>
Description:
 docker2aci - CLI tool to convert Docker images to ACIs
 golang-github-appc-docker2aci-dev - library to convert Docker images to ACIs
Changes:
 golang-github-appc-docker2aci (0.12.3+dfsg-2) unstable; urgency=high
 .
   * Fix infinite loop in deps walking, CVE-2016-8579. (Closes #840711).
Checksums-Sha1:
 fe6ea2fbb74122b8d811762ef6b298c56c73f8a4 2523 
golang-github-appc-docker2aci_0.12.3+dfsg-2.dsc
 3e92f8fc24e69613168cf98fa2a31b2e6f02db15 35656 
golang-github-appc-docker2aci_0.12.3+dfsg.orig.tar.xz
 f75010ac56a5f05dad140a71bf776ff413965746 3240 
golang-github-appc-docker2aci_0.12.3+dfsg-2.debian.tar.xz
 d2466ea5eb2615a80c9bb1e4e0866be8c63e18f5 1398420 
docker2aci_0.12.3+dfsg-2_amd64.deb
 c8b5195a5a5957cfce72e0337fc9019c5a112b01 28712 
golang-github-appc-docker2aci-dev_0.12.3+dfsg-2_all.deb
Checksums-Sha256:
 b3c4b9ee86a8f937301953844e881e2830cd51d30e3850e02f2155b694c3146b 2523 
golang-github-appc-docker2aci_0.12.3+dfsg-2.dsc
 49d9869d25a9bab4187ca070e77a23a8d20d39b92cdb24b8b4b45df0e1549aa5 35656 
golang-github-appc-docker2aci_0.12.3+dfsg.orig.tar.xz
 8168069f7267b546513db34af625dd5f17c743d704c92233057c7842132445fa 3240 
golang-github-appc-docker2aci_0.12.3+dfsg-2.debian.tar.xz
 9513b2116f16f277a1a66fb45c54ef7f0f3cca793070c30e733cacb348ee0e8c 1398420 
docker2aci_0.12.3+dfsg-2_amd64.deb
 f6a82e6e4e24b242e534aabb2bc3dd44ce1317fae02fc963830609d0478906f8 28712 
golang-github-appc-docker2aci-dev_0.12.3+dfsg-2_all.deb
Files:
 c0ce393b80ea8a8c4b532afdf32a8335 2523 devel extra 
golang-github-appc-docker2aci_0.12.3+dfsg-2.dsc
 e9b4bf8b201f78017e70c52a9e693b79 35656 devel extra 
golang-github-appc-docker2aci_0.12.3+dfsg.orig.tar.xz
 507c63c047d98ed8af76cbeca74b71c3 3240 devel extra 
golang-github-appc-docker2aci_0.12.3+dfsg-2.debian.tar.xz
 5b2ee5d96f74e36ba77ccffab2f59fc9 1398420 devel extra 
docker2aci_0.12.3+dfsg-2_amd64.deb
 f4973b710d4f5d3cf86739d41db6ab63 28712 devel extra 
golang-github-appc-docker2aci-dev_0.12.3+dfsg-2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYBU/WAAoJELJMpj9uu+hNOA4QAMS++qIX1f1NgUdcZulFLs/i
K/WiluRhQcVGMMqA9+NRHa21MC67q97+Aovy7DsJbjCo/40jWwfLISmedzNW5rOc
10ox9KAYkt3/h/SlZNjHsPw7wHPmyWiy4NQEjXD/+gYZg15zQG2gcG3AeVUnZSyK
vSpJQktOAu4Ukj2/KwrG87jZ6SQN8erusP+zxN1oGfDGIGG1HPS8eII5B882jVkT
cdU/qOOFFtTR6mMFuPUcHsvPQcQFUD34bWqLFHBRvu0TrUaYuYH0mptBkM6udYGg
HCHfaxumwPSFv5fQkQ95b85H3P1SNSMmPIDPYQLQ70tuAhkVXvx9atfjgpenzBmF
Ge7yRCHbRSNsdXqhydzISugs5Xj5SO8sBF/y7E7Uy04u+SWliLt2M0fyrYMk05rP
oAdD/ctmblfk63jb9LXPRCslVEKZQeZWUCaJKl5dOUe9VmSGgmbvnEufMa3djHbG
O2hzZQnhhv2B08AIPCeLS1BNx+u+LcnwqiWewOUxsnQC/1LT2hjxyP26tkqlb+Y/
re7HrhNi9BP+jcG8g2RmBhur4wG+F5KJ5mNEwxTaVA2N/ygurYoWyXMeeYsfBrZ1
IY4KSDQ+ZlY9YD2XWqH0Edb0P+XFTMIHiDkofyb+Y2VfrbO1sP9vboxukNQTmEBn
0GZ+8uiwjccEJXwzVQgV
=EpjT
-----END PGP SIGNATURE-----

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail


--- End Message ---
_______________________________________________
Pkg-go-maintainers mailing list
Pkg-go-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-go-maintainers

Reply via email to