Your message dated Tue, 26 Dec 2017 12:08:47 +0000
with message-id <[email protected]>
and subject line Bug#885007: fixed in kildclient 3.2.0-1
has caused the Debian Bug report #885007,
regarding kildclient: CVE-2017-17511
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
885007: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885007
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: kildclient
Version: 2.11.1-1
Severity: normal
Tags: security upstream
Control: fixed -1 2.11.1-1+deb7u1
Hi,
the following vulnerability was published for kildclient. This is
possibly just a negliglible impact, but since LTS project did release
a DLA, think it is good to track the CVE and fix the issue similarly
in unstable, thus this bug. If you want to address the issue as well
for jessie and stretch, can you contact the SRM for it and schedule an
update via a point release?
CVE-2017-17511[0]:
| KildClient 3.1.0 does not validate strings before launching the program
| specified by the BROWSER environment variable, which might allow remote
| attackers to conduct argument-injection attacks via a crafted URL,
| related to prefs.c and worldgui.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-17511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17511
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: kildclient
Source-Version: 3.2.0-1
We believe that the bug you reported is fixed in the latest version of
kildclient, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eduardo M Kalinowski <[email protected]> (supplier of updated
kildclient package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Dec 2017 18:56:24 -0200
Source: kildclient
Binary: kildclient kildclient-doc
Architecture: source
Version: 3.2.0-1
Distribution: unstable
Urgency: low
Maintainer: Eduardo M Kalinowski <[email protected]>
Changed-By: Eduardo M Kalinowski <[email protected]>
Description:
kildclient - powerful MUD client with a built-in Perl interpreter
kildclient-doc - powerful MUD client with a built-in Perl interpreter - manual
Closes: 885007
Changes:
kildclient (3.2.0-1) unstable; urgency=low
.
* New upstream version: 3.2.0.
- Fix for CVE-2017-17511. New dependency 'gvfs' required in order to
use GTK+ function for opening URLs. Closes: #885007
.
* control: Require libgtk-3-dev >= 3.22.0.
.
* control: Removed unnecessary dependency on dh-autoreconf, as debhelper
enables it by default.
.
* control: Use https:// instead of git:// for Vcs-Git.
.
* compat, control: Use compatibility level 11.
.
* rules: Support nodoc in DEB_BUILD_OPTIONS.
.
* control: Updated policy compliance to 4.1.2: the only change was the
support for nodoc as described above.
Checksums-Sha1:
ae733f4463148390cb658d7412e5b9fcef648699 2373 kildclient_3.2.0-1.dsc
26347a958b84165e609bd485e41535692541efcf 2070767 kildclient_3.2.0.orig.tar.gz
0c8b72f916183d8c29fe3278229f95840b7af7b0 833 kildclient_3.2.0.orig.tar.gz.asc
bc75eb2e598ddf4bea30a7be8cab87950a13ecdb 9528 kildclient_3.2.0-1.debian.tar.xz
ed1adfa121bbd91a05ebc07fdb7a997e49c068d0 6844
kildclient_3.2.0-1_source.buildinfo
Checksums-Sha256:
652c72a7cd304e1e9dcf9f32ea16c728cf717b7c94ad17fe600b664f2e6b553d 2373
kildclient_3.2.0-1.dsc
b1c2119cb208056e3bee9ee8f8b8ac1dcd8197d088b2341a90554e9fa9ac159d 2070767
kildclient_3.2.0.orig.tar.gz
291c4ff8c16cdc71571999151dfec286e7a576997c997d2113ce753ae7dc9651 833
kildclient_3.2.0.orig.tar.gz.asc
9df1df76753b298b91f640e47f146b205141cf6eb216c383342339edc39fed68 9528
kildclient_3.2.0-1.debian.tar.xz
cf085eb72693ea6326f2d15fca87661ce83ed185cac7ce8e335bbc1811fe8b12 6844
kildclient_3.2.0-1_source.buildinfo
Files:
d3f11ff4b5eea0e5ddc7b8bc16177ffb 2373 games optional kildclient_3.2.0-1.dsc
ba97527c645d7b65864704ba8cca9606 2070767 games optional
kildclient_3.2.0.orig.tar.gz
d2c42df1c931df4d1862253e3c44fcaf 833 games optional
kildclient_3.2.0.orig.tar.gz.asc
cc9c2896adf12aa7677846570eebaaa5 9528 games optional
kildclient_3.2.0-1.debian.tar.xz
d6869169c73d4cfa5f6df59e87faadb4 6844 games optional
kildclient_3.2.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAlpCNh0ACgkQweDZLphv
fH6hYg//RY9LdH6Ah5UgQez3FUs1GT/qSGbqjZBl2G5IvzyCAWUOfUOdRO1zWtxX
n99OIVYyYY53Ljwu0/4M+R1sIIZXad7iEjvn1i8Ccb3m1MM1WHrqkZLkBow9ZgjK
biAhvWcukktEx2yvRRwxVcRkmoM6/y4kA3E9QN4Y4N0FilScENexYiHGl1nrabTi
Nm+X5PfOawSrUgw1Nr97lhZYMNcm0Vh0jXoMbV5eFjheKEmicymIkvTFMfsefWxo
2aCBV3RhG8hQwViORLtLPbk9G4Qu8PrgNm0AABk79IhYGSUn58lcB64s6QRzNJ7l
XPUvYtM47MfU9Tx+kSGe4gGyqlWCWrd3m6rBozS3QGJ3b92aGfXWfUMmVy1LKN/O
OPeQONPEe4ex3O95f6nG9WmkrgaPktBPZy2/gV9TngEtibSBUZa+5AhSTfAtKKc9
9cqirJQTdlDOAhE4qFNs4Qeq4cIeuPeYX73C4eF8xVilXMHqPrTSlIMDZNwb1qQB
B4PYSNHFTj8r/hOrXzYiJ9gTnVGBXF3NwpUGLp49/MiFAYsc3dHzHU4eSWz2xf4/
oO62ZPX0zsoIk9IhVE/3aIewjexBD0TRJkFBuzwF+2HILnzTbz7ZB1gz82vnuEXP
wxgokvOeT/hhiYG4t2yG3P29g2lgn7bBkar4eNxCsSLQTbd301k=
=ovqQ
-----END PGP SIGNATURE-----
--- End Message ---
