Bug#870188: marked as done (CVE-2017-11610)
Your message dated Fri, 29 Sep 2017 21:32:16 + with message-idand subject line Bug#870187: fixed in supervisor 3.3.1-1+deb9u1 has caused the Debian Bug report #870187, regarding CVE-2017-11610 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870187 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: supervisor X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for supervisor. CVE-2017-11610[0]: Authenticated RCE This issue was fixed by upstream in version 3.3.3. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11610 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11610 Please adjust the affected versions in the BTS as needed. Regards, Markus signature.asc Description: OpenPGP digital signature --- End Message --- --- Begin Message --- Source: supervisor Source-Version: 3.3.1-1+deb9u1 We believe that the bug you reported is fixed in the latest version of supervisor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated supervisor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 12 Aug 2017 10:36:46 +0200 Source: supervisor Binary: supervisor supervisor-doc Architecture: source Version: 3.3.1-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Orestis Ioannou Changed-By: Salvatore Bonaccorso Description: supervisor - System for controlling process state supervisor-doc - Documentation for a supervisor Closes: 870187 Changes: supervisor (3.3.1-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Disable object traversal in XML-RPC dispatch (CVE-2017-11610) (Closes: #870187) Checksums-Sha1: 470f28256bcad718f41d88a49778c36febccdcbd supervisor_3.3.1-1+deb9u1.dsc d8dc4e7a091301cef1a212ac8ea9c12e3d157e29 415246 supervisor_3.3.1.orig.tar.gz 7cfc9ac153cc7c146926a60c1649790fce60ef70 34884 supervisor_3.3.1-1+deb9u1.debian.tar.xz f17aa4c231a9f391c9a2cfa7d3e47605f567f09e 6573 supervisor_3.3.1-1+deb9u1_source.buildinfo Checksums-Sha256: f529b5f882436e56663c955a2716baddc2fc85896c39da8da54f53d557571ccf supervisor_3.3.1-1+deb9u1.dsc fc3af22e5a7af2f6c3be787acf055c1c1f5607cd4dc935fe633ab97061fd 415246 supervisor_3.3.1.orig.tar.gz 15f063ff773949747e1e541a3cb44c25ee9bd2bde58fed1a8ba01b93ae8ed8d2 34884 supervisor_3.3.1-1+deb9u1.debian.tar.xz a05aa6fbf009a53c89a20ae37f8c185bca19480c1106f10af8e0f40a8a6572f3 6573 supervisor_3.3.1-1+deb9u1_source.buildinfo Files: 64b1269941a56b35013bad712a3270c8 admin optional supervisor_3.3.1-1+deb9u1.dsc 202f760f9bf4930ec06557bac73e5cf2 415246 admin optional supervisor_3.3.1.orig.tar.gz 009afbdd4663c04a0ea64aa0db539643 34884 admin optional supervisor_3.3.1-1+deb9u1.debian.tar.xz 808eac9fddf02bb9899f26949f02f8c6 6573 admin optional supervisor_3.3.1-1+deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmOweVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EZJkP/0//xteXzOPVqpAgs2Fh1rsFC+ZJlf1A yWuNQY8coknAezZF+sO/isx/El0QjPRmDWAj0Wykx/j4Vkz7eTblgrtwJjq71vRO ASgHwYpHCJx8vQgS4iGK02URg7m8xzgJQOhd5KeRe+zfMH+pyAF5ZyeWjxl58Pvo ItkbCIEvolbMtwxZPSLq39acqmGLECtSD9RfkQu9FVRdGlCuCPbuQbZ6ikdXVqua +nSojrQAndFYtreudYYwEInaufXLyfHl78rPpBJje5kOoQdqCsQ2eyCOWrGMm6Os f2NkY9SY0AuplWmJAf6XudHbp7RbFCv2MEbASG5rev78/8ViuBUEmtZwuegSEV2j oA9HOdfte8HSeBiKRR0HCUySp4yR0KH+cHAK0VdllmadNOBgp0kPB1p34LW2uyrk hC4rvB5KWs1aM5vX9Iys84dIb8nvWj6Iv5T6D17v+xiKpkNUvL09PowHyKEnzXfS
Bug#870188: marked as done (CVE-2017-11610)
Your message dated Tue, 22 Aug 2017 21:48:47 + with message-idand subject line Bug#870187: fixed in supervisor 3.0r1-1+deb8u1 has caused the Debian Bug report #870187, regarding CVE-2017-11610 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870187 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: supervisor X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for supervisor. CVE-2017-11610[0]: Authenticated RCE This issue was fixed by upstream in version 3.3.3. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11610 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11610 Please adjust the affected versions in the BTS as needed. Regards, Markus signature.asc Description: OpenPGP digital signature --- End Message --- --- Begin Message --- Source: supervisor Source-Version: 3.0r1-1+deb8u1 We believe that the bug you reported is fixed in the latest version of supervisor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated supervisor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 12 Aug 2017 08:08:04 +0200 Source: supervisor Binary: supervisor Architecture: all source Version: 3.0r1-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Qijiang Fan Changed-By: Salvatore Bonaccorso Closes: 870187 Description: supervisor - A system for controlling process state Changes: supervisor (3.0r1-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Disable object traversal in XML-RPC dispatch (CVE-2017-11610) (Closes: #870187) Checksums-Sha1: d3a6bf5a01fa81a2239ef8838b4c7f7a844bb35c 2088 supervisor_3.0r1-1+deb8u1.dsc 560ed627498e51a147d98749d11fb908d5c70f9e 460340 supervisor_3.0r1.orig.tar.gz f4301bdbbe3b36d92e1b36e4ac5b0f0657413baa 10864 supervisor_3.0r1-1+deb8u1.debian.tar.xz fe9000671ec3f618a2de165ccdd114e0b02564d1 266718 supervisor_3.0r1-1+deb8u1_all.deb Checksums-Sha256: 71d86a09a64ead4210265e833474386c10f79c7a4ce1022a137b0a379346e75a 2088 supervisor_3.0r1-1+deb8u1.dsc f46aec68df0ea74fe76c6cdea04b4b61fa4ad883f6f9ba4fb667223dc06ac20d 460340 supervisor_3.0r1.orig.tar.gz afa6075c352437c5f0ba329d2516fe84d3516cf180d3a4626b3ec236e6eedda1 10864 supervisor_3.0r1-1+deb8u1.debian.tar.xz da3b7ecb28d8d830632d6f9efaf6438aaea72960eec5e80a13e60ad5fc263327 266718 supervisor_3.0r1-1+deb8u1_all.deb Files: 5182b444c142de8d8bf3f8c6bcecbf2d 2088 admin extra supervisor_3.0r1-1+deb8u1.dsc fe9bbfaf5eb9cc3156d35dd1662354ca 460340 admin extra supervisor_3.0r1.orig.tar.gz 4d35718ffa70ee002ebde4ca2a196381 10864 admin extra supervisor_3.0r1-1+deb8u1.debian.tar.xz 97bf2a8145eab1b1d144ca3cfa6a8436 266718 admin extra supervisor_3.0r1-1+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmOuGhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EA1sP/AgyzSp814GcmQbARyWkgKNkL5WP9C9S 7URqnIaulwPi5RJSlYUmnfHYVzh7xTIIeyJAvzxvQRk2CFjSju4B9CIIS7vumVUL cViOLK6d58alUAZI2677/E9MYmrjrqw9Sw8nuTIEulfMhyJmx7qt6IPRiQQD095Q TSVulTvqKdUuBkYJ3k9zC4hsDdxSSF7gnvbObXzxK+thyIfMdhI8fJX+jQ26gdbT 3XJX9oxO41aiOjaKhO6R26SLudmAiDd0gQlvQHhy4+3t7Wr1T0MJQojeUBYIbpLG s0d49BS4wyHXHCYs0IDHJbhA7Qsc7+66NDeF25fjWdw+1RsgijB/QhcmS0iAX7wh PuDLji6sGIVt7Wl1DkSBZ48fFAkQgeO/M7QeM/GonwIkjV/EKFA9oUB6h9AnDg/h gE7LX8fcpShJ5sUybjswPd7GhyFdeHoghtMDCIKys9pdj6C9/lsU5JiFxElSGKJx avJdMMMs7ECLx2QBA8q4RBSvO4j0mr8V0xB/RC0OxqFbYdpWG8cRdGz/NsjMhkH4
Bug#870188: marked as done (CVE-2017-11610)
Your message dated Mon, 14 Aug 2017 09:34:39 + with message-idand subject line Bug#870187: fixed in supervisor 3.3.1-1.1 has caused the Debian Bug report #870187, regarding CVE-2017-11610 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870187 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: supervisor X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for supervisor. CVE-2017-11610[0]: Authenticated RCE This issue was fixed by upstream in version 3.3.3. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11610 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11610 Please adjust the affected versions in the BTS as needed. Regards, Markus signature.asc Description: OpenPGP digital signature --- End Message --- --- Begin Message --- Source: supervisor Source-Version: 3.3.1-1.1 We believe that the bug you reported is fixed in the latest version of supervisor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated supervisor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 12 Aug 2017 10:55:14 +0200 Source: supervisor Binary: supervisor supervisor-doc Architecture: source Version: 3.3.1-1.1 Distribution: unstable Urgency: medium Maintainer: Orestis Ioannou Changed-By: Salvatore Bonaccorso Description: supervisor - System for controlling process state supervisor-doc - Documentation for a supervisor Closes: 870187 Changes: supervisor (3.3.1-1.1) unstable; urgency=medium . * Non-maintainer upload. * Disable object traversal in XML-RPC dispatch (CVE-2017-11610) (Closes: #870187) Checksums-Sha1: 933d06eb5198b75b2129ba8d30285e9035e3b4df 2202 supervisor_3.3.1-1.1.dsc d8dc4e7a091301cef1a212ac8ea9c12e3d157e29 415246 supervisor_3.3.1.orig.tar.gz 9f0bd7de2797cc15759810436778ce7e5ef41b44 34864 supervisor_3.3.1-1.1.debian.tar.xz b00ef39a22593c532782867b152987445f4bde98 6553 supervisor_3.3.1-1.1_source.buildinfo Checksums-Sha256: 44bf2dd0da13e4c69300ccfcc0966485158c69d133fa283cbdd81de1d267859f 2202 supervisor_3.3.1-1.1.dsc fc3af22e5a7af2f6c3be787acf055c1c1f5607cd4dc935fe633ab97061fd 415246 supervisor_3.3.1.orig.tar.gz a4cccfaa35e22bd081ae2a01f184e7493270d0cee8d4e242099e9383002746e6 34864 supervisor_3.3.1-1.1.debian.tar.xz bf886b75f6e4f8ca69fd7f6b0176af708e435c8d5170e84ab21ea4f46e4f300b 6553 supervisor_3.3.1-1.1_source.buildinfo Files: 7d15aff5e2472e972e83bc540531f208 2202 admin optional supervisor_3.3.1-1.1.dsc 202f760f9bf4930ec06557bac73e5cf2 415246 admin optional supervisor_3.3.1.orig.tar.gz 659160561fbc467ef329e94756863fb3 34864 admin optional supervisor_3.3.1-1.1.debian.tar.xz b1227a5383eeb9d5c18200af29effe9a 6553 admin optional supervisor_3.3.1-1.1_source.buildinfo -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmOw5VfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ec9oP/i5zLLNv7cE/QLoaUQ3xr/JPW/uv8693 f0w5lP+c+VB6faFOP5ZQI/MvYDS5pwHzN6GKS8uvmlJlQ0xCFKDLDKuj4rBmJgcJ dxkKz04v4KOU9NOUVgkwESg7vINac46XCl20Tv+qGzaOBNt5Pxssmi5F2/78O3ri tSjw3Kz5qfqPENYRq+xCO6BRLwAbr6lIpD3D5id3nvRw6/ma6wnMwKF663jhz6L8 B1GvvUxIihnAvzoJ165cHPTuNZrB6afm8n+fxD5jiEXQbZOuzbl/Fcx0EJJYMxmg EL084NJxGeK97tYUsjAPyEBgy1y+xXNTyQSX79Hfb7neJCjIe3wi1A8NNaDt8Zfn lXHMft4WiX1pxc3TlpbI7TYgNgaXr78y57lMuUDU2BYvSUcdjpRSbEnIViFNfkvA n6+JnVj7llezLMGYCNpzZKZ7gvKrrmnyV9hqbFJkaktQFC6YQFFkfK2OQc1UZj3q 4vJQ0WsgABcqsQ4UJlAzZi00x2W1ifbRIRi1skfpJKusK/0fKpcRRXL7BmL+COeT