Your message dated Mon, 04 Feb 2019 09:34:23 +0000
with message-id <e1gqadz-000dr7...@fasolo.debian.org>
and subject line Bug#921271: fixed in buildbot 2.0.0-1
has caused the Debian Bug report #921271,
regarding buildbot: CVE-2019-7313: CRLF injection in Buildbot login and logout
redirect code
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
921271: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921271
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: buildbot
Version: 1.8.0-1
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for buildbot.
CVE-2019-7313[0]:
| www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the
| Location header of /auth/login and /auth/logout via the redirect
| parameter. This affects other web sites in the same domain.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-7313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7313
[1]
https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: buildbot
Source-Version: 2.0.0-1
We believe that the bug you reported is fixed in the latest version of
buildbot, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 921...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Robin Jarry <ro...@jarry.cc> (supplier of updated buildbot package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 04 Feb 2019 10:06:17 +0100
Source: buildbot
Architecture: source
Version: 2.0.0-1
Distribution: unstable
Urgency: high
Maintainer: Python Applications Packaging Team
<python-apps-t...@lists.alioth.debian.org>
Changed-By: Robin Jarry <ro...@jarry.cc>
Closes: 920542 920710 920979 921089 921155 921271
Changes:
buildbot (2.0.0-1) unstable; urgency=high
.
[ Robin Jarry ]
* Set buildbot-doc as Multi-Arch: foreign
* New upstream version 2.0.0
* [CVE-2019-7313] Fix CRLF injection bug (Closes: #921271)
* d/patches: remove 0005-tests-use-explicit-python-executable-path
.
[ Adriano Rafael Gomes ]
* Add debconf translations: Brazilian Portuguese (Closes: #920542)
.
[ Jean-Pierre Giraud ]
* Add debconf translations: French (Closes: #920710)
.
[ Yangfl ]
* Add debconf translations: Chinese (Closes: #920979)
.
[ Frans Spiesschaert ]
* Add debconf translations: Dutch (Closes: #921089)
.
[ victory ]
* Add debconf translations: Japanese (Closes: #921155)
Checksums-Sha1:
98fc2eb6a716d89f858b54c3427b1f86877e1a15 3180 buildbot_2.0.0-1.dsc
b02205197a239a232060bd84163e370047845d7e 3941061 buildbot_2.0.0.orig.tar.gz
71f7b8d29cf0c8ae00b714e94b45f2f4fd1804be 537 buildbot_2.0.0.orig.tar.gz.asc
fca8fc65b45fb75ccedc311df1374b1a55dd6fae 25652 buildbot_2.0.0-1.debian.tar.xz
411d8814e0451f76c434a6259227876f1c4e0597 10290 buildbot_2.0.0-1_amd64.buildinfo
Checksums-Sha256:
0afff54741fd4a996c7ee727ab54dc9165efb780ca2a0c00169fccb63cd61dd4 3180
buildbot_2.0.0-1.dsc
51b3e839bf31edada6764d015c1172acef40c10687b350b0dc4338e909e0c586 3941061
buildbot_2.0.0.orig.tar.gz
5a0cb5266e47bdece8106f74c8c8218650682284a180a63e01ba615f38717851 537
buildbot_2.0.0.orig.tar.gz.asc
1b3c02283df6852ae5796918581ce871c48b16424c612f0f42a2598978737aa6 25652
buildbot_2.0.0-1.debian.tar.xz
b240e511ea5444a5b7273ff5c4a4f850019bc2caad868c7aea2d9ec93185d827 10290
buildbot_2.0.0-1_amd64.buildinfo
Files:
bd7f930f2c086dcc794ec38f13272a2f 3180 devel optional buildbot_2.0.0-1.dsc
080faea77fb0427494ef638237025b50 3941061 devel optional
buildbot_2.0.0.orig.tar.gz
5d4019019229fbc3789c04e6844a1061 537 devel optional
buildbot_2.0.0.orig.tar.gz.asc
8be0875351ffb77f77c5c5d6691ae4a0 25652 devel optional
buildbot_2.0.0-1.debian.tar.xz
deadd749fe9dc090ab773fb7723ad629 10290 devel optional
buildbot_2.0.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAlxYAw0ACgkQCBa54Yx2
K608xg//R/eTIrIVL5NlcwPkmimtIR6AZ9yMZt10EL9HbIOjFlM+YS2gYBQo6Y6k
QEooy5ZoP5D4jF8eHy93Kym4ulm4q/rePjTdnRNfx+0LKCdPcOC8ySGjA7bmu4gh
1B3KNbpm3IXP0Alch+ipeM78yfZV8+FTbZvED9UuOjEUFvvzUbFX0T21ESmy21LV
EMNluAR5EawdDzvf8UYMpnvQy+sCU+hQXPlyUIYdTgvTwERD0f3IJv1Xq83iWFU5
7i98WkkyRdCAMWcqBZX+42nHaHsN2+0/K3JuS3LHS0vc8i4gZYzxLRbC9gtBqGsk
iKBqk4ah1exjNOMOWonLDEkp3+uzCnBXERyru8X6Kk/j/UeltXiEvaMeALGAja6Q
AR8hNFqvyYuNd8saYN1BJrclIqBnJ213lAumVpIctQpCs7Jh0nFpD2uOj54pJcLt
MFtmcUa6vyIbqc6QrWKeWkW+mv4y+Oto5yAus3/Y0n5igcXJXFC0M/vdINr10zkO
ZO4umGs+XJYZfH+mp9bRRn4r0tttESdhdE0hDZejExXXQkJ7vpi6bKR4I9x8f178
cKzddtdY4i9+BqwJbFqioTP2ebSyBMNRL6FItgK8DJ6fJNEerAnzvB9/PwwKpqfl
wuP0a9Tji3cH6HfTSnD6jYxKtsm5o3ze/4IONjdoXDx0Idkt924=
=7XgI
-----END PGP SIGNATURE-----
--- End Message ---
