Your message dated Thu, 20 Jul 2023 08:34:41 +0000
with message-id <[email protected]>
and subject line Bug#1040880: fixed in nsis 3.09-1
has caused the Debian Bug report #1040880,
regarding nsis: CVE-2023-37378
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1040880: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040880
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nsis
Version: 3.08-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 3.06.1-1
Hi,
The following vulnerability was published for nsis.
CVE-2023-37378[0]:
| Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles
| access control for an uninstaller directory.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-37378
https://www.cve.org/CVERecord?id=CVE-2023-37378
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nsis
Source-Version: 3.09-1
Done: Thomas Gaugler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nsis, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Gaugler <[email protected]> (supplier of updated nsis package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 20 Jul 2023 09:58:41 +0200
Source: nsis
Built-For-Profiles: pkg.linux.nokerneldbg pkg.linux.nokerneldbginfo
pkg.linux.nosource pkg.linux.nometa
Architecture: source
Version: 3.09-1
Distribution: unstable
Urgency: medium
Maintainer: Thomas Gaugler <[email protected]>
Changed-By: Thomas Gaugler <[email protected]>
Closes: 1040880
Changes:
nsis (3.09-1) unstable; urgency=medium
.
* New upstream version 3.09. Fixes CVE-2023-37378. Closes: #1040880
* Drop obsolete halibut patch for version '3.09'
Checksums-Sha1:
81f23a74584039c07a59271d1863f9abb2ad1e68 1590 nsis_3.09-1.dsc
607449100dc907f5a06f805d8a4a5869d0c64006 2108487 nsis_3.09.orig.tar.gz
381c1185573c6739ff0ad929528e1beea9509dc5 25344 nsis_3.09-1.debian.tar.xz
Checksums-Sha256:
eac18c6148737c2043e6fd041fc7c242ff357d38402f758b62ccb17b6ba7f777 1590
nsis_3.09-1.dsc
a87b6779c5365722cdde54268b7ef8e30ceb173aec6c3050c6f20592934b3407 2108487
nsis_3.09.orig.tar.gz
74e68140452102f7f7c78eef7191cfbb1c43c7563366285036f490950da51833 25344
nsis_3.09-1.debian.tar.xz
Files:
6dffdca3a4d3ded7d5b10787b9c383e3 1590 devel optional nsis_3.09-1.dsc
d46170e980ae1fa95c77da504bae01f6 2108487 devel optional nsis_3.09.orig.tar.gz
b2f10b5ce692b9a366e6165106db2664 25344 devel optional nsis_3.09-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQTjpQ0b6NokWkvBQbzqgwvGpoTNfAUCZLjsZwAKCRDqgwvGpoTN
fHZVAQD0t+GqUUvsDhpm/Xf+ifnkLxiEimChCWAh3SXZksIdrQD/b2PqH3FCzhSi
voivYpisyAWO8sL6VSpUFQMjdjqRjww=
=KFU7
-----END PGP SIGNATURE-----
--- End Message ---
