Your message dated Sat, 16 Feb 2019 13:34:48 +0000
with message-id <[email protected]>
and subject line Bug#909933: fixed in jekyll 3.8.3+dfsg-3.1
has caused the Debian Bug report #909933,
regarding jekyll: CVE-2018-17567: bypass of symlink checking
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
909933: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909933
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: jekyll
Version: 3.8.3+dfsg-3
Severity: grave
Tags: patch security upstream
Forwarded: https://github.com/jekyll/jekyll/pull/7224
Control: found -1 3.1.6+dfsg-3
Hi,
The following vulnerability was published for jekyll.
CVE-2018-17567[0]:
| Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3
| allows attackers to access arbitrary files by specifying a symlink in
| the "include" key in the "_config.yml" file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-17567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17567
[1] https://github.com/jekyll/jekyll/pull/7224
[2] https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: jekyll
Source-Version: 3.8.3+dfsg-3.1
We believe that the bug you reported is fixed in the latest version of
jekyll, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dr. Tobias Quathamer <[email protected]> (supplier of updated jekyll package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 16 Feb 2019 13:46:27 +0100
Source: jekyll
Architecture: source
Version: 3.8.3+dfsg-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Dr. Tobias Quathamer <[email protected]>
Closes: 909933
Changes:
jekyll (3.8.3+dfsg-3.1) unstable; urgency=medium
.
[ Jelmer Vernooij ]
* Non-maintainer upload.
* Use secure URI in Homepage field.
.
[ Dr. Tobias Quathamer ]
* Fix CVE-2018-17567, patch by Youhei SASAKI <[email protected]>
(Closes: #909933)
Checksums-Sha1:
d2f264b74f6013766d5a049f2ec188bb67cc3efa 2690 jekyll_3.8.3+dfsg-3.1.dsc
28dc4004219998f643b5e083b0bcd04b77785e58 30452
jekyll_3.8.3+dfsg-3.1.debian.tar.xz
cb26414bb1db55baafcab4e1ed3e92fd14f27f45 20615
jekyll_3.8.3+dfsg-3.1_amd64.buildinfo
Checksums-Sha256:
74b27a9e51dbccb3c46f8ae436889cecc692d87b7f13f88b9d002a1198e4c43b 2690
jekyll_3.8.3+dfsg-3.1.dsc
c28b7929424e0fead30bf4685a0caa67af431891d6b543ad2a3d77bf8a3dc6a8 30452
jekyll_3.8.3+dfsg-3.1.debian.tar.xz
cfcf0398589fcd8bf19f79cf5d044cd63a3365ab7555710e2e5a2bceea18c973 20615
jekyll_3.8.3+dfsg-3.1_amd64.buildinfo
Files:
7b3b40508f5ebf860dbb8445a061716a 2690 web optional jekyll_3.8.3+dfsg-3.1.dsc
3898f898d804331ec4bf0f00a170f84c 30452 web optional
jekyll_3.8.3+dfsg-3.1.debian.tar.xz
10b399b528babc9a9023c28521064065 20615 web optional
jekyll_3.8.3+dfsg-3.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAlxoCKYACgkQEwLx8Dbr
6xlsww/9F1XHJdK3dLukIUlkkWpwLyNFGkiAHgXrCW5uosFrbqOFPrbo7wjC1TFg
hsUJLlD2NbqpCteluRuz3QEeC9NgKNCj3Qep794Wzl/Xf2rC6YWMpy+7WgMGiKJX
qqdKmo/weFRWSTIIgGfGJbpxP/GIbMbDeRDgSIJC2ktw2QppDlk2wr/mZKDYzNBT
elukI9DArIP0VNy0VyKDKivBnC+F/NOHPkl9nVcCsF8Sm3WOzVM5NXVbd9FIZfQI
SAWkW4Qx3lYmR8/0qdpdUULhbjpbJ1LTue4zKgRpCWyZ5gFg8dlpXtYtnnb347Ef
wveA11ZNbGl2sj+h1TLgfFFw/aR7RlK0VNlx1wGCOjDsddIx5S7We6leNez7j4mu
jG/i3TqHhc4q7cloSZLpNGnvKBrK5riPS9kj/mHkKXVad42tNHsdfopRyqtFcKCY
Z1KPlfHJd7URhvOQ/i2RBb9IGtZYOmSdeQzfpxY02e4yRABU7tNv3B4ZolxP853w
f5vZmy1TnHaekI30xAFc4IZPapV6eD8FhNvRYn143TfdHw6LMOckmSGIw0e9B7yz
JHgqRh2o1v1QaWfO5szw5E56R8qJac7YgVqmLIpHsqkctx9t09mHyluCiZWhLKB2
x2doYI+WIAkq8pdYvMQm2HPa8aHtID6B36kesuNe57lqJAO/7/I=
=EVhy
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
