Your message dated Sun, 02 Jul 2017 04:49:16 +0000 with message-id <e1drwou-0006eb...@fasolo.debian.org> and subject line Bug#866677: fixed in rkhunter 1.4.4-1 has caused the Debian Bug report #866677, regarding rkhunter: CVE-2017-7480: File download via http might lead to RCE to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 866677: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866677 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rkhunter Version: 1.4.2-0.4 Severity: grave Tags: upstream security Hi, the following vulnerability was published for rkhunter (somehow releated will be at least #765895) CVE-2017-7480[0]: File download via http might lead to RCE If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7480 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7480 [1] http://www.openwall.com/lists/oss-security/2017/06/29/2 [2] http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/CHANGELOG [3] http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rkhunter Source-Version: 1.4.4-1 We believe that the bug you reported is fixed in the latest version of rkhunter, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 866...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier <franc...@debian.org> (supplier of updated rkhunter package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 01 Jul 2017 20:37:36 -0700 Source: rkhunter Binary: rkhunter Architecture: source all Version: 1.4.4-1 Distribution: unstable Urgency: high Maintainer: Debian Forensics <forensics-devel@lists.alioth.debian.org> Changed-By: Francois Marier <franc...@debian.org> Description: rkhunter - rootkit, backdoor, sniffer and exploit scanner Closes: 815693 866677 Changes: rkhunter (1.4.4-1) unstable; urgency=high . * New upstream release (closes: #815693) - fix for CVE-2017-7480 (closes: #866677) - drop 20_fix-ipcs-language and 40_false-positive-deleted-files (applied upstream) - update 05_custom_conffile - update lintian overrides * Bump Standards-Version to 4.0.0 Checksums-Sha1: 81eb64734b8de21ecb11d230100110ba4b14aa53 2083 rkhunter_1.4.4-1.dsc 5543b88c93f949ee3353865933522aa7cd1c548f 297626 rkhunter_1.4.4.orig.tar.gz dd4e5fba4e96cec55a5d7a2e2ea22f75263e65d0 26432 rkhunter_1.4.4-1.debian.tar.xz eb90a354527b0ab73eb74b8ef0b1347a5305b9f5 250896 rkhunter_1.4.4-1_all.deb 850456a49d458d4ff9999d29c8a040d1cc1e352d 5589 rkhunter_1.4.4-1_amd64.buildinfo Checksums-Sha256: 9f83c7f4736c0f5c1f6218a5aeeeeedfad48ee8500f26a1b538cc02feb90a3ad 2083 rkhunter_1.4.4-1.dsc a8807c83f9f325312df05aa215fa75ad697c7a16163175363c2066baa26dda77 297626 rkhunter_1.4.4.orig.tar.gz 35b7c962517a27c046856a8a9b1fe69f198c8905a71717ca066d6ded012328e5 26432 rkhunter_1.4.4-1.debian.tar.xz 93a67d5b0fe4c7fabe9b3f8593927d46d9c785e667a579dbdfee6c768c1fcf09 250896 rkhunter_1.4.4-1_all.deb 84a1154450427930dbe0fe0aa7d941a73d677cd7164b7b2abaec04df11b321b8 5589 rkhunter_1.4.4-1_amd64.buildinfo Files: d8d09e3ebc60a966873fab0dddd8f934 2083 admin optional rkhunter_1.4.4-1.dsc c625bcb5e226d1f2a7a3a530b7e4fbd9 297626 admin optional rkhunter_1.4.4.orig.tar.gz 25854442e746f267a8c0e6191970289b 26432 admin optional rkhunter_1.4.4-1.debian.tar.xz d23c0c375643cbe69a16cf9f0eb731c6 250896 admin optional rkhunter_1.4.4-1_all.deb 842540b474ad08b517809254a3a34955 5589 admin optional rkhunter_1.4.4-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKoBAEBCgCSFiEEjEcLKgsxVo4RDUMlFigfLgB8mNEFAllYd9BfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDhD NDcwQjJBMEIzMTU2OEUxMTBENDMyNTE2MjgxRjJFMDA3Qzk4RDEUHGZyYW5jb2lz QGRlYmlhbi5vcmcACgkQFigfLgB8mNHa2g/+Mk+2KanIpISgnHaGaL/1alJekyTk qYxgWv4dgDcjOodQU2FfDED/8ZPsto0V1RWJJyQjJYdeuBDfYeOVUAE9zwq4OLMG 4G5iCVEzZrIawBc95lSwdy5rkO70RstzTaD4oWMGWIzomLVOZGWfz9qhqpCpcZ/y i+10qYrC2A4Mof7WKJ6y1G4bel8eC6qPdbrMQrntp33GT+yp4IPCDfzPXNdZPQrH qsZaDvg2v81toPYizn8S4pcKEfhs9CcX+g01Zy4HWbzG6a/Q+yvLpRbTkZ1Fkiki 9IuoUJbco/3jtv+gS7pZPssCTOrHq0hmiyP4qZzj2OW6B+0VOfVOHaxTgzfNGwn+ jUMFhWJD7KXHnW1go7SFGokFK9sVyw1bZE024lX/VwiT8t7JDQ9JXZOx5jObGivq jdANqa/KB68xX0WXGbgxa4LNZrB3yG6Inzluw9rif3l8aVIubOx9lSI0K42IkQRM V8kwvgIXvbMWEumBPLXmXtgtaFoGCuMywTOo3/0WTL47ue0IiV4Gh30RP9a/NZYW I9pT3BF85aAjV4hLoXf7/oT9fd2h+/D7+mctBtd+AW00C8g13QOgtf3PdJ2mt/A/ UbNQe8ASKo3FlM3YAoMfJcQlttjVLjBMaGxj/TLkV0P0WRFj2ze6cP6x+xiwqCOT Jaf6kSWK+NC2Hes= =N41N -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
