Your message dated Wed, 09 Dec 2020 05:06:52 +0000
with message-id <[email protected]>
and subject line Bug#972795: fixed in nomad 0.10.9+dfsg1-1
has caused the Debian Bug report #972795,
regarding nomad: CVE-2020-27195: Nomad File Sandbox Escape via Template and
Artifact Stanzas
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
972795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972795
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nomad
Version: 0.10.5+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/hashicorp/nomad/issues/9129
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for nomad.
CVE-2020-27195[0]:
| HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client
| file sandbox feature can be subverted using either the template or
| artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-27195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27195
[1] https://github.com/hashicorp/nomad/issues/9129
[2]
https://github.com/hashicorp/nomad/commit/a8ea7c5f421297db434b45046fca7a9deef6df85
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nomad
Source-Version: 0.10.9+dfsg1-1
Done: Arnaud Rebillout <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nomad, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Arnaud Rebillout <[email protected]> (supplier of updated nomad package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 07 Dec 2020 12:02:25 +0700
Source: nomad
Architecture: source
Version: 0.10.9+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Dmitry Smirnov <[email protected]>
Changed-By: Arnaud Rebillout <[email protected]>
Closes: 972795 973166 976593
Changes:
nomad (0.10.9+dfsg1-1) unstable; urgency=medium
.
[ Arnaud Rebillout ]
* New upstream release (Closes: #973166, #972795, #976593).
* Vendor mitchellh-go-testing-interface-dev
* Vendor hashicorp-go-plugin-dev
* New patch to build against consul 1.8
.
* lintian: Drop source-contains-empty-directory (see #907727)
.
[ Dmitry Smirnov ]
* Tightened Consul dependency version (>= 1.8.6~).
Checksums-Sha1:
3a6e14dbecbbd9157d727f22542a020607decfd4 7492 nomad_0.10.9+dfsg1-1.dsc
8e82f680640a7ba483542268aeea7341513dff4f 4223452 nomad_0.10.9+dfsg1.orig.tar.xz
d3710e04febd65a43cff1fa3bef05bc8bd0c3923 39932
nomad_0.10.9+dfsg1-1.debian.tar.xz
4848c147cdd4ff98d9e342307dfe548b91b1c5f3 23148
nomad_0.10.9+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
6c2fcbc4a5caff22c761e4aab03e3da6fc81f3e95ab12510d1af9f798ff5e444 7492
nomad_0.10.9+dfsg1-1.dsc
f38b14797e60ccb78ee1c9dbb7a52ddf964ac21535fed8d9e71723008ea9d45c 4223452
nomad_0.10.9+dfsg1.orig.tar.xz
15bbbe9cc3d161f52a3486c3a96030c8674a1fb7ab4faa871553e1dcbdfc18e6 39932
nomad_0.10.9+dfsg1-1.debian.tar.xz
a304d43eadcba1abd6d5bc5ddbfccf9509b6cadd8c3b5635dcb570ae3efff8bd 23148
nomad_0.10.9+dfsg1-1_amd64.buildinfo
Files:
475031bbb392966ea088e5fcf42a0094 7492 devel optional nomad_0.10.9+dfsg1-1.dsc
9a4c2220dbde835fdb59c4f7d43e7bf2 4223452 devel optional
nomad_0.10.9+dfsg1.orig.tar.xz
8ce33566dbc041efd2cdc56847503969 39932 devel optional
nomad_0.10.9+dfsg1-1.debian.tar.xz
ba3cdb10477489b36ff94211216987f1 23148 devel optional
nomad_0.10.9+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEULx8+TnSDCcqawZWUra72VOWjRsFAl/QVi0ACgkQUra72VOW
jRsssA//cdMbI3V3jJFGOFM8Z3X75MvmK4mPEt6W2NhqS/Tl/6TJdV7l8SXdvvmr
9MKN+mkW4VNUXn9eBKY7Eu/3zuxSE8or5zygiNh5Pv1oiBXT99oFjLpOQaPKniMV
XOw2DhMlREP+4iOtV6mjFJaKjgva1xRWLk/YKwQWV0WHlV4a3rV+pLqX9LtJ92iu
kF6stAv3DeuUeK5BbIJqp/T5KPNsASE3ZwlExrc+n0KfSP+KH2WwOn/xpdW2rRtC
NBC+t2wo1kSR5ERN08Yk86J5JgR8HDSOFMKXsxm1Rf/cb3+vG1KqLjmsK3tV6QVI
HAzvokscc6QOvCKBB5OoeH5+UwtPAgcCiF6o2GDy9al5gkrkifITcqRDyREr6fxr
H65DwazQYpr7Y8cJQQOEQ48T/kIlfyokOOQWYppcHQi5ySxWz4lubu2HBCoDU0K1
PYJ98iiqFgE7PM0VQgj1OBUsEjolhneX6ApW2wolvVnEvM3T3r6XjDhZt6Jqz8Ui
PXfLfeQSpQ+oRQwbE1Ccmhujb+ahe/r6nnhzsx8D9c6e2tVBC37hX0qUTTdCewpP
vFuDkf7qOeb7jn37zn4cdkh/tnX/Ma5xiIVJOwS5Qz4wvnj84E7+Jt1Sow0x9+GN
omnMwSoi+1GlJiYPpD1hjdyvnAiWf0647bGJLJSqsd8/xKku0iA=
=EIJE
-----END PGP SIGNATURE-----
--- End Message ---
