Bug#864569: marked as done (dolibarr: CVE-2017-9435)

Debian Bug Tracking System Fri, 30 Jun 2017 06:12:28 -0700

Your message dated Fri, 30 Jun 2017 13:08:52 +0000
with message-id <[email protected]>
and subject line Bug#864569: fixed in dolibarr 5.0.4+dfsg3-1
has caused the Debian Bug report #864569,
regarding dolibarr: CVE-2017-9435
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
864569: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864569
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: dolibarr
Version: 4.0.2+dfsg4-2
Severity: grave
Tags: upstream security patch
Justification: user security hole

Hi,

the following vulnerability was published for dolibarr.

CVE-2017-9435[0]:
| Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in
| user/index.php (search_supervisor and search_statut parameters).

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9435
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9435
[1] 
https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04

Please adjust the affected versions in the BTS as needed, only the
version 4.0.2+dfsg4-2 has been inspected source code wise.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: dolibarr
Source-Version: 5.0.4+dfsg3-1

We believe that the bug you reported is fixed in the latest version of
dolibarr, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laurent Destailleur (eldy) <[email protected]> (supplier of updated 
dolibarr package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 25 Jun 2017 02:47:10 +0200
Source: dolibarr
Binary: dolibarr
Architecture: source
Version: 5.0.4+dfsg3-1
Distribution: unstable
Urgency: medium
Maintainer: Laurent Destailleur (eldy) <[email protected]>
Changed-By: Laurent Destailleur (eldy) <[email protected]>
Description:
 dolibarr   - Web based software to manage a company or foundation
Closes: 858297 863544 864569
Changes:
 dolibarr (5.0.4+dfsg3-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fix missing dependency (Closes: #858297)
   * Fix CVE-2017-8879 CVE-2017-7888 CVE-2017-7887
     and CVE-2017-7886 (Closes: #863544)
   * Fix CVE-2017-9435 (Closes: #864569)
   * Fix can change setup option during install process
Checksums-Sha1:
 f79e1cde229a37c1b4587c623f5e5502a26d1fcf 1678 dolibarr_5.0.4+dfsg3-1.dsc
 cab0c9372817543d5abf29bced690360bb739323 21040804 
dolibarr_5.0.4+dfsg3.orig.tar.gz
 cd8ce81ae307bbe1e7b4396a3a62778ce9f8da40 12416 
dolibarr_5.0.4+dfsg3-1.debian.tar.xz
 0a62ff7b94d48989a458034eaa2306f5fa72a253 5352 
dolibarr_5.0.4+dfsg3-1_source.buildinfo
Checksums-Sha256:
 1a81117bc616b72a6204e0495c08a8ac884f41174a24c3a4b2f7dddad4a45031 1678 
dolibarr_5.0.4+dfsg3-1.dsc
 e537d79620f39991b9ef6872c42e19d42bdad74eab4189ccd952072d869eb1e7 21040804 
dolibarr_5.0.4+dfsg3.orig.tar.gz
 49038950953158b0e2903cefbe33fb49cf4b2bd58c306954d4226003303636f7 12416 
dolibarr_5.0.4+dfsg3-1.debian.tar.xz
 b311e2ca068d38dba2bc60eb14c9c2eeac712845405b0af5d67fd4e05e275158 5352 
dolibarr_5.0.4+dfsg3-1_source.buildinfo
Files:
 4d7ade0dd25e526d9b1e037924aea33e 1678 web optional dolibarr_5.0.4+dfsg3-1.dsc
 cb924297ee96ca9bbc164945bdda0511 21040804 web optional 
dolibarr_5.0.4+dfsg3.orig.tar.gz
 a93e1237d1430add46aa75bbb271bed1 12416 web optional 
dolibarr_5.0.4+dfsg3-1.debian.tar.xz
 754835e2b04f7ef88b7fad387a553d62 5352 web optional 
dolibarr_5.0.4+dfsg3-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----
Comment: Signed by Raphael Hertzog

iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAllWRYgACgkQA4gdq+vC
mrnq3AgAnmLkURrc+PqRL596qLAqL6MmUpHtYVX0GxRLDK1lK/RdskoL8LsLbR3z
orpZBD74lgOjxsBxoyUeiob15TvoCL9Xz+ijAOuSpjULmN4vzcSQI/YnMndVHD1H
DZSvFxjnx8kob3UzJsjdUfcaY6Hb6RvPeq4L+sslmmp1EErkn/HPJ8k6vAMyuMuQ
1eUHKDWsPkXe1qGFNsEn8jqxSscZQf3iBofL2ozGBaN61lsfLkcvZxaCc/PCICFI
lfHXR6WaIAu1RqnyKvWj6Budt2oUYK54YaQEp9L3XX06/NYCgXdT8UGxqAxJoxwm
dL/iFa3USq4oBEUTeNjETwIxgsXgkw==
=5k26
-----END PGP SIGNATURE-----

--- End Message ---

Bug#864569: marked as done (dolibarr: CVE-2017-9435)

Reply via email to