subject:"Bug#870187\: marked as done \(supervisor\: CVE\-2017\-11610\: Command injection via malicious XML\-RPC request\)"

Bug#870187: marked as done (supervisor: CVE-2017-11610: Command injection via malicious XML-RPC request)

2017-09-29 Thread Debian Bug Tracking System

Your message dated Fri, 29 Sep 2017 21:32:16 +
with message-id 
and subject line Bug#870187: fixed in supervisor 3.3.1-1+deb9u1
has caused the Debian Bug report #870187,
regarding supervisor: CVE-2017-11610: Command injection via malicious XML-RPC 
request
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
870187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870187
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: supervisor
Version: 3.0r1-1
Severity: grave
Tags: upstream security patch
Forwarded: https://github.com/Supervisor/supervisor/issues/964

Hi,

the following vulnerability was published for supervisor.

CVE-2017-11610[0]:
Command injection via malicious XML-RPC request

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11610
[1] https://github.com/Supervisor/supervisor/issues/964

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: supervisor
Source-Version: 3.3.1-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
supervisor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated supervisor 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 12 Aug 2017 10:36:46 +0200
Source: supervisor
Binary: supervisor supervisor-doc
Architecture: source
Version: 3.3.1-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Orestis Ioannou 
Changed-By: Salvatore Bonaccorso 
Description:
 supervisor - System for controlling process state
 supervisor-doc - Documentation for a supervisor
Closes: 870187
Changes:
 supervisor (3.3.1-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Disable object traversal in XML-RPC dispatch (CVE-2017-11610)
 (Closes: #870187)
Checksums-Sha1:
 470f28256bcad718f41d88a49778c36febccdcbd  supervisor_3.3.1-1+deb9u1.dsc
 d8dc4e7a091301cef1a212ac8ea9c12e3d157e29 415246 supervisor_3.3.1.orig.tar.gz
 7cfc9ac153cc7c146926a60c1649790fce60ef70 34884 
supervisor_3.3.1-1+deb9u1.debian.tar.xz
 f17aa4c231a9f391c9a2cfa7d3e47605f567f09e 6573 
supervisor_3.3.1-1+deb9u1_source.buildinfo
Checksums-Sha256:
 f529b5f882436e56663c955a2716baddc2fc85896c39da8da54f53d557571ccf  
supervisor_3.3.1-1+deb9u1.dsc
 fc3af22e5a7af2f6c3be787acf055c1c1f5607cd4dc935fe633ab97061fd 415246 
supervisor_3.3.1.orig.tar.gz
 15f063ff773949747e1e541a3cb44c25ee9bd2bde58fed1a8ba01b93ae8ed8d2 34884 
supervisor_3.3.1-1+deb9u1.debian.tar.xz
 a05aa6fbf009a53c89a20ae37f8c185bca19480c1106f10af8e0f40a8a6572f3 6573 
supervisor_3.3.1-1+deb9u1_source.buildinfo
Files:
 64b1269941a56b35013bad712a3270c8  admin optional 
supervisor_3.3.1-1+deb9u1.dsc
 202f760f9bf4930ec06557bac73e5cf2 415246 admin optional 
supervisor_3.3.1.orig.tar.gz
 009afbdd4663c04a0ea64aa0db539643 34884 admin optional 
supervisor_3.3.1-1+deb9u1.debian.tar.xz
 808eac9fddf02bb9899f26949f02f8c6 6573 admin optional 
supervisor_3.3.1-1+deb9u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmOweVfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EZJkP/0//xteXzOPVqpAgs2Fh1rsFC+ZJlf1A
yWuNQY8coknAezZF+sO/isx/El0QjPRmDWAj0Wykx/j4Vkz7eTblgrtwJjq71vRO
ASgHwYpHCJx8vQgS4iGK02URg7m8xzgJQOhd5KeRe+zfMH+pyAF5ZyeWjxl58Pvo
ItkbCIEvolbMtwxZPSLq39acqmGLECtSD9RfkQu9FVRdGlCuCPbuQbZ6ikdXVqua
+nSojrQAndFYtreudYYwEInaufXLyfHl78rPpBJje5kOoQdqCsQ2eyCOWrGMm6Os
f2NkY9SY0AuplWmJAf6XudHbp7RbFCv2MEbASG5rev78/8ViuBUEmtZwuegSEV2j
oA9HOdfte8HSeBiKRR0HCUySp4yR0KH+cHAK0VdllmadNOBgp0kPB1p34LW2uyrk
hC4rvB5KWs1aM5vX9Iys84dIb8nvWj6Iv5T6D17v+xiKpkNUvL09PowHyKEnzXfS

Bug#870187: marked as done (supervisor: CVE-2017-11610: Command injection via malicious XML-RPC request)

2017-08-22 Thread Debian Bug Tracking System

Your message dated Tue, 22 Aug 2017 21:48:47 +
with message-id 
and subject line Bug#870187: fixed in supervisor 3.0r1-1+deb8u1
has caused the Debian Bug report #870187,
regarding supervisor: CVE-2017-11610: Command injection via malicious XML-RPC 
request
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
870187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870187
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: supervisor
Version: 3.0r1-1
Severity: grave
Tags: upstream security patch
Forwarded: https://github.com/Supervisor/supervisor/issues/964

Hi,

the following vulnerability was published for supervisor.

CVE-2017-11610[0]:
Command injection via malicious XML-RPC request

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11610
[1] https://github.com/Supervisor/supervisor/issues/964

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: supervisor
Source-Version: 3.0r1-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
supervisor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated supervisor 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 12 Aug 2017 08:08:04 +0200
Source: supervisor
Binary: supervisor
Architecture: all source
Version: 3.0r1-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Qijiang Fan 
Changed-By: Salvatore Bonaccorso 
Closes: 870187
Description: 
 supervisor - A system for controlling process state
Changes:
 supervisor (3.0r1-1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Disable object traversal in XML-RPC dispatch (CVE-2017-11610)
 (Closes: #870187)
Checksums-Sha1: 
 d3a6bf5a01fa81a2239ef8838b4c7f7a844bb35c 2088 supervisor_3.0r1-1+deb8u1.dsc
 560ed627498e51a147d98749d11fb908d5c70f9e 460340 supervisor_3.0r1.orig.tar.gz
 f4301bdbbe3b36d92e1b36e4ac5b0f0657413baa 10864 
supervisor_3.0r1-1+deb8u1.debian.tar.xz
 fe9000671ec3f618a2de165ccdd114e0b02564d1 266718 
supervisor_3.0r1-1+deb8u1_all.deb
Checksums-Sha256: 
 71d86a09a64ead4210265e833474386c10f79c7a4ce1022a137b0a379346e75a 2088 
supervisor_3.0r1-1+deb8u1.dsc
 f46aec68df0ea74fe76c6cdea04b4b61fa4ad883f6f9ba4fb667223dc06ac20d 460340 
supervisor_3.0r1.orig.tar.gz
 afa6075c352437c5f0ba329d2516fe84d3516cf180d3a4626b3ec236e6eedda1 10864 
supervisor_3.0r1-1+deb8u1.debian.tar.xz
 da3b7ecb28d8d830632d6f9efaf6438aaea72960eec5e80a13e60ad5fc263327 266718 
supervisor_3.0r1-1+deb8u1_all.deb
Files: 
 5182b444c142de8d8bf3f8c6bcecbf2d 2088 admin extra supervisor_3.0r1-1+deb8u1.dsc
 fe9bbfaf5eb9cc3156d35dd1662354ca 460340 admin extra 
supervisor_3.0r1.orig.tar.gz
 4d35718ffa70ee002ebde4ca2a196381 10864 admin extra 
supervisor_3.0r1-1+deb8u1.debian.tar.xz
 97bf2a8145eab1b1d144ca3cfa6a8436 266718 admin extra 
supervisor_3.0r1-1+deb8u1_all.deb

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmOuGhfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EA1sP/AgyzSp814GcmQbARyWkgKNkL5WP9C9S
7URqnIaulwPi5RJSlYUmnfHYVzh7xTIIeyJAvzxvQRk2CFjSju4B9CIIS7vumVUL
cViOLK6d58alUAZI2677/E9MYmrjrqw9Sw8nuTIEulfMhyJmx7qt6IPRiQQD095Q
TSVulTvqKdUuBkYJ3k9zC4hsDdxSSF7gnvbObXzxK+thyIfMdhI8fJX+jQ26gdbT
3XJX9oxO41aiOjaKhO6R26SLudmAiDd0gQlvQHhy4+3t7Wr1T0MJQojeUBYIbpLG
s0d49BS4wyHXHCYs0IDHJbhA7Qsc7+66NDeF25fjWdw+1RsgijB/QhcmS0iAX7wh
PuDLji6sGIVt7Wl1DkSBZ48fFAkQgeO/M7QeM/GonwIkjV/EKFA9oUB6h9AnDg/h
gE7LX8fcpShJ5sUybjswPd7GhyFdeHoghtMDCIKys9pdj6C9/lsU5JiFxElSGKJx
avJdMMMs7ECLx2QBA8q4RBSvO4j0mr8V0xB/RC0OxqFbYdpWG8cRdGz/NsjMhkH4

Bug#870187: marked as done (supervisor: CVE-2017-11610: Command injection via malicious XML-RPC request)

2017-08-14 Thread Debian Bug Tracking System

Your message dated Mon, 14 Aug 2017 09:34:39 +
with message-id 
and subject line Bug#870187: fixed in supervisor 3.3.1-1.1
has caused the Debian Bug report #870187,
regarding supervisor: CVE-2017-11610: Command injection via malicious XML-RPC 
request
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
870187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870187
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: supervisor
Version: 3.0r1-1
Severity: grave
Tags: upstream security patch
Forwarded: https://github.com/Supervisor/supervisor/issues/964

Hi,

the following vulnerability was published for supervisor.

CVE-2017-11610[0]:
Command injection via malicious XML-RPC request

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11610
[1] https://github.com/Supervisor/supervisor/issues/964

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: supervisor
Source-Version: 3.3.1-1.1

We believe that the bug you reported is fixed in the latest version of
supervisor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated supervisor 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 12 Aug 2017 10:55:14 +0200
Source: supervisor
Binary: supervisor supervisor-doc
Architecture: source
Version: 3.3.1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Orestis Ioannou 
Changed-By: Salvatore Bonaccorso 
Description:
 supervisor - System for controlling process state
 supervisor-doc - Documentation for a supervisor
Closes: 870187
Changes:
 supervisor (3.3.1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Disable object traversal in XML-RPC dispatch (CVE-2017-11610)
 (Closes: #870187)
Checksums-Sha1:
 933d06eb5198b75b2129ba8d30285e9035e3b4df 2202 supervisor_3.3.1-1.1.dsc
 d8dc4e7a091301cef1a212ac8ea9c12e3d157e29 415246 supervisor_3.3.1.orig.tar.gz
 9f0bd7de2797cc15759810436778ce7e5ef41b44 34864 
supervisor_3.3.1-1.1.debian.tar.xz
 b00ef39a22593c532782867b152987445f4bde98 6553 
supervisor_3.3.1-1.1_source.buildinfo
Checksums-Sha256:
 44bf2dd0da13e4c69300ccfcc0966485158c69d133fa283cbdd81de1d267859f 2202 
supervisor_3.3.1-1.1.dsc
 fc3af22e5a7af2f6c3be787acf055c1c1f5607cd4dc935fe633ab97061fd 415246 
supervisor_3.3.1.orig.tar.gz
 a4cccfaa35e22bd081ae2a01f184e7493270d0cee8d4e242099e9383002746e6 34864 
supervisor_3.3.1-1.1.debian.tar.xz
 bf886b75f6e4f8ca69fd7f6b0176af708e435c8d5170e84ab21ea4f46e4f300b 6553 
supervisor_3.3.1-1.1_source.buildinfo
Files:
 7d15aff5e2472e972e83bc540531f208 2202 admin optional supervisor_3.3.1-1.1.dsc
 202f760f9bf4930ec06557bac73e5cf2 415246 admin optional 
supervisor_3.3.1.orig.tar.gz
 659160561fbc467ef329e94756863fb3 34864 admin optional 
supervisor_3.3.1-1.1.debian.tar.xz
 b1227a5383eeb9d5c18200af29effe9a 6553 admin optional 
supervisor_3.3.1-1.1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmOw5VfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ec9oP/i5zLLNv7cE/QLoaUQ3xr/JPW/uv8693
f0w5lP+c+VB6faFOP5ZQI/MvYDS5pwHzN6GKS8uvmlJlQ0xCFKDLDKuj4rBmJgcJ
dxkKz04v4KOU9NOUVgkwESg7vINac46XCl20Tv+qGzaOBNt5Pxssmi5F2/78O3ri
tSjw3Kz5qfqPENYRq+xCO6BRLwAbr6lIpD3D5id3nvRw6/ma6wnMwKF663jhz6L8
B1GvvUxIihnAvzoJ165cHPTuNZrB6afm8n+fxD5jiEXQbZOuzbl/Fcx0EJJYMxmg
EL084NJxGeK97tYUsjAPyEBgy1y+xXNTyQSX79Hfb7neJCjIe3wi1A8NNaDt8Zfn
lXHMft4WiX1pxc3TlpbI7TYgNgaXr78y57lMuUDU2BYvSUcdjpRSbEnIViFNfkvA
n6+JnVj7llezLMGYCNpzZKZ7gvKrrmnyV9hqbFJkaktQFC6YQFFkfK2OQc1UZj3q
4vJQ0WsgABcqsQ4UJlAzZi00x2W1ifbRIRi1skfpJKusK/0fKpcRRXL7BmL+COeT

Bug#870187: marked as done (supervisor: CVE-2017-11610: Command injection via malicious XML-RPC request)

Bug#870187: marked as done (supervisor: CVE-2017-11610: Command injection via malicious XML-RPC request)

Bug#870187: marked as done (supervisor: CVE-2017-11610: Command injection via malicious XML-RPC request)

3 matches

Site Navigation

Mail list logo

Footer information