Bug#893668: marked as done (adminer: CVE-2018-7667)
Your message dated Sun, 13 May 2018 20:51:51 + with message-id and subject line Bug#893668: fixed in adminer 3.3.3-1+deb8u1 has caused the Debian Bug report #893668, regarding adminer: CVE-2018-7667 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 893668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893668 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: adminer Version: 4.2.5-3 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for adminer. CVE-2018-7667[0]: | Adminer through 4.3.1 has SSRF via the server parameter. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7667 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- --- End Message --- --- Begin Message --- Source: adminer Source-Version: 3.3.3-1+deb8u1 We believe that the bug you reported is fixed in the latest version of adminer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 893...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb (supplier of updated adminer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 07 May 2018 09:06:51 -0700 Source: adminer Binary: adminer Architecture: source all Version: 3.3.3-1+deb8u1 Distribution: jessie Urgency: high Maintainer: Medhamsh V Changed-By: Chris Lamb Description: adminer- Web-based database administration tool Closes: 893668 Changes: adminer (3.3.3-1+deb8u1) jessie; urgency=high . * CVE-2018-7667: Adminer allowed unauthenticated connections to be initiated to arbitrary systems and ports which could bypass external firewalls to identify internal hosts and/or perform port scanning of other servers. (Closes: #893668) Checksums-Sha1: b31208291084d5c6087c18248f714cda05fa63d8 1851 adminer_3.3.3-1+deb8u1.dsc 152c4969356d6330382d28dd22e6f16e0d9653bf 3404 adminer_3.3.3-1+deb8u1.debian.tar.xz 60a5a781ce2ba73955f1bd148598b08987606a1e 242238 adminer_3.3.3-1+deb8u1_all.deb Checksums-Sha256: f02979dd83d45231319325ec33ee1c3956589a598fb15746910463e5aa8cef57 1851 adminer_3.3.3-1+deb8u1.dsc 168cbe44a91fc809a8ff37a5ac7f077252b00d75810b2a1c18500a0bee1f4f63 3404 adminer_3.3.3-1+deb8u1.debian.tar.xz b836b655330e4966879b72e8779b766cc457ec3a65fd3de7a8e71556a957f7ff 242238 adminer_3.3.3-1+deb8u1_all.deb Files: 4ef4480574c57b6ed93165e06414aea2 1851 web extra adminer_3.3.3-1+deb8u1.dsc fe7be26d19e366eb8667cd43dd01d080 3404 web extra adminer_3.3.3-1+deb8u1.debian.tar.xz 5019c04c412f7f3e1a460f33b0e10f28 242238 web extra adminer_3.3.3-1+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrweeIACgkQHpU+J9Qx HlhpdA//YHKcK623ufQYm+Ad4GJb986YEk1p2YZy7Nv31kcCtnZsutHqihcXlhPT WQSKGEfmaCORXzhlqx+qOjmrG+3QZa943+vUmUWgzpVIF39s/JuE2YjHSW6M5yYU +JJCrVJ4l7kezEdMwYWd2EqjBuXCShDeEtSE8ytPAIMNnICuPF02CwCoQPDsUoDM nXAeSZQxUUskqaZWLKOWgu3i7n5tBqYAYoN36f4Tj1PEp+ou7i/EZ80Z2jmf6W65 X6eqVYxU7LjiAuzDeVRhYEiIuPpbSnAoBA5aL5OfIe7YjQyB3ICPCXwZ60DQSA0U gsuZf4GuPCLahaYYxmNES3vPdc3rPVmVTYNIEyfsaPLUTbU+E9rGp8lq6hQbO6kM 3jxI5AVUl3h+JCTEw213lWzXdKUdi0grkBRSsPL8aS52r5gQvZ6aG4XNlsectest S2Kg9iKv1zR0Lg1NSV3esjpMwEnHYpaiOwyhsMMV2I6Q5KneZn73eMK/P49ODdBg xmtH2GK8At1U6fEuYMkgnHstcpIC/oog3ZvdAicTBCU1OkrVKLkJrxhGdb7OwmsO szJvOvfx6Hlwp++C5ko/sIxMh7axcNBQE0VwA/U9kkik1ekpNmyl5SnYDY7q+nBo XxCRtKS4z7SnbFmshjTzPyNrJYfIEpOuQ/2uQr4ZPnP2lDT/mz8= =wlHB -END PGP SIGNATURE End Message ---
Bug#893668: marked as done (adminer: CVE-2018-7667)
Your message dated Mon, 02 Apr 2018 17:17:08 + with message-id and subject line Bug#893668: fixed in adminer 4.2.5-3+deb9u1 has caused the Debian Bug report #893668, regarding adminer: CVE-2018-7667 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 893668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893668 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: adminer Version: 4.2.5-3 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for adminer. CVE-2018-7667[0]: | Adminer through 4.3.1 has SSRF via the server parameter. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7667 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- --- End Message --- --- Begin Message --- Source: adminer Source-Version: 4.2.5-3+deb9u1 We believe that the bug you reported is fixed in the latest version of adminer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 893...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb (supplier of updated adminer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 20 Mar 2018 22:40:06 -0400 Source: adminer Binary: adminer Architecture: source all Version: 4.2.5-3+deb9u1 Distribution: stretch Urgency: high Maintainer: Chris Lamb Changed-By: Chris Lamb Description: adminer- Web-based database administration tool Closes: 893668 Changes: adminer (4.2.5-3+deb9u1) stretch; urgency=high . * CVE-2018-7667: Adminer allowed unauthenticated connections to be initiated to arbitrary systems and ports which could bypass external firewalls to identify internal hosts and/or perform port scanning of other servers. (Closes: #893668) Checksums-Sha1: 8ae7c258df2749666d955a13663fd28af904b5dc 1809 adminer_4.2.5-3+deb9u1.dsc 05db4eb98bf092afe04052733612c2841ad97317 409762 adminer_4.2.5.orig.tar.bz2 2497a8541adf1f352942658dc352b75ea92ef99a 2732 adminer_4.2.5-3+deb9u1.debian.tar.xz ed939788115cd89e7d002ecf2d757f1772378601 386380 adminer_4.2.5-3+deb9u1_all.deb 46244b1a3b17f2f484b0968fe04f2468b076545a 5709 adminer_4.2.5-3+deb9u1_amd64.buildinfo Checksums-Sha256: 718c5bc1144f8f7e2b817387e236ac6a49dc96a402383d368f7b47add691a013 1809 adminer_4.2.5-3+deb9u1.dsc 69a177ba87ed0cf8d7633799248511d1c7d4cffb66c9a5742795e1de506f1946 409762 adminer_4.2.5.orig.tar.bz2 6109a0042955d441878280aa25073e97de5ad3b64384873e3914bf4a6fc4a7b6 2732 adminer_4.2.5-3+deb9u1.debian.tar.xz 1a885eeb402f1470d94908832471c397ac116ada6c24b8585ed0fe1d7a3c9a6d 386380 adminer_4.2.5-3+deb9u1_all.deb fc17a857cd8d2fe3121530b3a3d09c3683669573b7912f6bac1394f56de8a9d9 5709 adminer_4.2.5-3+deb9u1_amd64.buildinfo Files: ffbbce0f60a274e0853977838cb49608 1809 web extra adminer_4.2.5-3+deb9u1.dsc e4b85ffc6b5b674b83daadd9e9d23cfd 409762 web extra adminer_4.2.5.orig.tar.bz2 450a9aeb8d877e1bb98f914122ae213e 2732 web extra adminer_4.2.5-3+deb9u1.debian.tar.xz 29481fc81488b6f06259df8583e47b0a 386380 web extra adminer_4.2.5-3+deb9u1_all.deb 7a08ca773b4b524408408a3387d7b4da 5709 web extra adminer_4.2.5-3+deb9u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrAmi4ACgkQHpU+J9Qx Hlg95Q/+PYGMzgrH9Yb+fT/KppD5FanIZE79COauHORKLEBuG4OtQLTAomldvolu FIBcZ3rgf6Y8X0iwIAlaIQivYJgF9SstHRIdBqbxDBBc238XvBApo5lhFjoXvzmJ Iz6NIT57ozFODzqQdlV1AyfQcO1fdi6+e1PSuxXt5t7zN9Ujx8dAW2sIIj+IbGCW LpwVBd+ZmWn00kZO3nbxVIneGhKQ7513gCBwv+qGf0g5mOmZqKM1oHRLiNW28Uwg 9np4btZKAVlrxomyzmN8c6idfCOGRdApXrg1er/Z+dXGf35NO9lbCQfAavEL8+nO pekOOR/eAvznIWxneAF5Jr0sky2xnVa4GmlD8HI8vt4bSPPucLBsA2mh1hoxt0SN VKGMwX07gv65eso8hdrNBIsFsJY7U6YsIHv0iQgSWdqcyor3bA4HbbOG8WKcjEwR X7BsQwmlyQN4vBg3fG0B6q/WqKy6cTt6bqvqCDm95ZinIUyDke5NGGb0a4R4bBbl ppSgVSYx/YfbipZOx8WcT20ax1cGwA3iJkl9478DBV02bRyHP428FH7bpIECp+4W W4poozeQ3PtCa+cneulx9nCeJQ7Iv6gt0mH943ZTnJePr+u9GJjIra5Bayu0T0+G rvexGzOvGy3F5kZMZ0qAmPbounc