Your message dated Thu, 12 Apr 2018 21:37:52 +0000 with message-id <e1f6jui-0002ot...@fasolo.debian.org> and subject line Bug#895314: fixed in pcs 0.9.164-1 has caused the Debian Bug report #895314, regarding pcs: CVE-2018-1079: Privilege escalation via authorized user malicious REST call to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 895314: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895314 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: pcs Version: 0.9.162-1 Severity: grave Tags: security upstream Hi, The following vulnerability was published for pcs. CVE-2018-1079[0]: Privilege escalation via authorized user malicious REST call If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1079 [1] http://www.openwall.com/lists/oss-security/2018/04/09/2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: pcs Source-Version: 0.9.164-1 We believe that the bug you reported is fixed in the latest version of pcs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 895...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Valentin Vidic <valentin.vi...@carnet.hr> (supplier of updated pcs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 12 Apr 2018 22:14:30 +0200 Source: pcs Binary: pcs Architecture: source Version: 0.9.164-1 Distribution: unstable Urgency: high Maintainer: Debian HA Maintainers <debian-ha-maintain...@lists.alioth.debian.org> Changed-By: Valentin Vidic <valentin.vi...@carnet.hr> Description: pcs - Pacemaker Configuration System Closes: 895313 895314 Changes: pcs (0.9.164-1) unstable; urgency=high . * New upstream version 0.9.164 fixing: - CVE-2018-1086: Debug parameter removal bypass, allowing information disclosure (Closes: #895313) - CVE-2018-1079: Privilege escalation via authorized user malicious REST call (Closes: #895314) * d/patches: revert changes from git * d/patches: update for new version * d/rules: update for new version * d/copyright: use https in Format url * d/control: update Vcs URLs to use salsa * d/changelog: cleanup trailing whitespace * d/control: update Standards-Version to 4.1.4 * d/compat: update debhelper to v11 * d/patches: fix seconds output in testsuite Checksums-Sha1: fb1e05ff8e58dfe6a8b89ce25e3c2d5215d71bce 2107 pcs_0.9.164-1.dsc 7f312a3e74ba2bbbfaf2cbacaa1a148f77099e26 1399228 pcs_0.9.164.orig.tar.gz 39b72f781b51bb7aedee3f8fc6f76efbba3f8a91 168364 pcs_0.9.164-1.debian.tar.xz 6089b5f96cabb0c29a7d3feff4d3b7bc8923787e 6266 pcs_0.9.164-1_source.buildinfo Checksums-Sha256: a1654692b4368cf0f0f080afc5eacaee4fcb66042d3719b64ec4c1d15a299d78 2107 pcs_0.9.164-1.dsc b8aa3045ba7fe6e9713d5d1f6a4a567490a3d3ec3ee10683898cd3eda13e266f 1399228 pcs_0.9.164.orig.tar.gz def0575bd9ee986101555ed059467a2378dc8235e68b5e5abc0744e3623ed794 168364 pcs_0.9.164-1.debian.tar.xz 4acb78fdd5a17e5368e04b6fd6472719201cae4028ee17ac3d20e75e706c5621 6266 pcs_0.9.164-1_source.buildinfo Files: f0d16629fb69809b35d88e006c05fe0f 2107 admin optional pcs_0.9.164-1.dsc f6b3bb0c913a01c4ea9441d1a64bfb63 1399228 admin optional pcs_0.9.164.orig.tar.gz d227386fe2bef7446356a7f5a700508e 168364 admin optional pcs_0.9.164-1.debian.tar.xz 298b8e7650f70421157870747c6881d4 6266 admin optional pcs_0.9.164-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJNBAEBCgA3FiEExaW53cM9k/u2PWfIMofYmpfNqHsFAlrPy2IZHHZhbGVudGlu LnZpZGljQGNhcm5ldC5ocgAKCRAyh9ial82oe7a1EAC+Jf/zhHL05wa9yYe7Gpcn DYCjJ9pMNkMzlArIoTe6na056RFP8fiDjyP7zi4mqW8epex6JmlaA0k0Y1RnGXha tQBPcNslc7fwxnX+virEYPOCwL8WuvU3nvVGz84Ml02nGs4a7Zlgh7eubyjAqLPt xgIAW5PuXLLG1rky6M9WS2YcN51pjE4LAeCVLz7/2OfiKMH60PTdl+s8BDcv6VtK DczOKNauPEvnm3B7UzFWYqhsQF5sG+lyVn+F7wrm9cwCMpBKpSHWmCAzYB9qA7TG 9MmJaRF18emCsfEVF5SIW2W4FoCUoC7YSxJMFSk2IOzy1T7t/SZcUD4b0dnimg8x HppBGBSPZV9Sn/Y8bDnDZxp+NSDbtu34mm/I80F3VMBaFByIPAjdJGUmbPNGc69w Cqt+TdjJaivlXo8+2Va1y1Ybcq672ZJ+UeG614xibZYr+Omrncyv3pY6taGsxoo0 tbAQ1T7BBhuBX5NzT07EOIXA3Z6vkkpaEEM2w/GDI0hyI1BxPt7J1yUa7ziBhRf1 2P3GajUdtvEXl9z3+EkbEb04vfrzTMp3cKDs2ey9QujLI/6B1nXqdWuZ+m1dkOKM b9gjiPvXMTozYm+HcSO2Kwqg0fk1pj8W/rnNX2qz2uFXkJCX1klYzizdKlMLntxy TO+wQPGEvRRg5Jjva4Q6Jg== =UTvA -----END PGP SIGNATURE-----
--- End Message ---
