Your message dated Fri, 21 May 2021 17:18:32 +0000 with message-id <e1lk8na-000iyp...@fasolo.debian.org> and subject line Bug#988141: fixed in impacket 0.9.22-2 has caused the Debian Bug report #988141, regarding impacket: CVE-2021-31800 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 988141: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988141 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: impacket Version: 0.9.22-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for impacket. CVE-2021-31800[0]: | Multiple path traversal vulnerabilities exist in smbserver.py in | Impacket through 0.9.22. An attacker that connects to a running | smbserver instance can list and write to arbitrary files via ../ | directory traversal. This could potentially be abused to achieve | arbitrary code execution by replacing /etc/shadow or an SSH authorized | key. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-31800 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31800 [1] https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: impacket Source-Version: 0.9.22-2 Done: Stefano Rivera <stefa...@debian.org> We believe that the bug you reported is fixed in the latest version of impacket, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefano Rivera <stefa...@debian.org> (supplier of updated impacket package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 May 2021 13:02:37 -0400 Source: impacket Architecture: source Version: 0.9.22-2 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+pyt...@tracker.debian.org> Changed-By: Stefano Rivera <stefa...@debian.org> Closes: 988141 Changes: impacket (0.9.22-2) unstable; urgency=medium . * Team upload. * Resolve CVE-2021-31800: Fix Path Traversal vulnerabilities by checking path prefix against incoming filename. (Closes: #988141) Checksums-Sha1: 3cc70df1546544dc0c8a088838bef45814060bc6 1497 impacket_0.9.22-2.dsc d6a96f51f8ab54a7feada339a344139a7c999fd2 40340 impacket_0.9.22-2.debian.tar.xz df185a2a8b3196fde0f556180155b58a5958d031 5547 impacket_0.9.22-2_source.buildinfo Checksums-Sha256: ab03c9731228be2db3d2b110e3623ee0b6c4f889d07e60b245c6213b308950eb 1497 impacket_0.9.22-2.dsc 58a63b219f79964d93f4ea92f57a4485256ba542d2a2f9093b6a51330ebc3067 40340 impacket_0.9.22-2.debian.tar.xz eb6b8de3d969983b454e426c27da74c29f650d3054dc387e6c10b8b65637a35a 5547 impacket_0.9.22-2_source.buildinfo Files: 74bca306f5e1ffaf5e94012e28439197 1497 python optional impacket_0.9.22-2.dsc 2a8e8aae1c064b60b43f8155d53d3bd5 40340 python optional impacket_0.9.22-2.debian.tar.xz f298d8f00627a2a6fa33fab905bd50e9 5547 python optional impacket_0.9.22-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQTumtb5BSD6EfafSCRHew2wJjpU2AUCYKfnvwAKCRBHew2wJjpU 2L8LAP9mWglgHrYj8SZiK/FuIQa5CBQ0OqeFgatS5mNt/XgiGAEA96NqWS4w/zJQ Hf5Ju2FKXzqpb+L50i+XIDtDZvPhvQo= =rlDY -----END PGP SIGNATURE-----
--- End Message ---
