Your message dated Mon, 12 Sep 2016 19:48:47 +0000 with message-id <e1bjxdj-0006mh...@franck.debian.org> and subject line Bug#836505: fixed in elog 3.1.2-1-1 has caused the Debian Bug report #836505, regarding elog: CVE-2016-6342: posting entry as arbitrary username by improper authentication to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 836505: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836505 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: elog Version: 2.9.2+2014.05.11git44800a7-2 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for elog. CVE-2016-6342[0]: posting entry as arbitrary username by improper authentication If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6342 Using severity grave, since for at least stretch this should be fixed to be in a fixed version. I OTOH do not know elog well enough to see if the affected setup is actual a frequent one. Could you as well schedule a fix for the stable version via a point-release, cf. https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: elog Source-Version: 3.1.2-1-1 We believe that the bug you reported is fixed in the latest version of elog, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 836...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roger Kalt <roger.k...@gmail.com> (supplier of updated elog package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 06 Sep 2016 20:00:00 +0100 Source: elog Binary: elog Architecture: source amd64 Version: 3.1.2-1-1 Distribution: unstable Urgency: low Maintainer: Roger Kalt <roger.k...@gmail.com> Changed-By: Roger Kalt <roger.k...@gmail.com> Description: elog - Logbook system to manage notes through a Web interface Closes: 816209 836505 Changes: elog (3.1.2-1-1) unstable; urgency=low . * new upstream version grabbed, (Closes: #836505, CVE-2016-6342) * update debian/rules - allow reproducible builds (Closes: #816209) - enable all hardening build flags * update debian/source/lintian-overrides for contrib/elogsubmit.js insane-line-length-in-source-file, removed unused overrides * update Standards-Version to 3.9.8 (debian/control) Checksums-Sha1: 593d14f9d481f18397531af266918af06fec7f52 1676 elog_3.1.2-1-1.dsc e22f0eebc632b5b4e129311d36174ec18b47d703 1494648 elog_3.1.2-1.orig.tar.gz b84635f6368b3975557fe2404728f11cdfbeeee1 18380 elog_3.1.2-1-1.debian.tar.xz 4e668189fcdd12e81559c1a8069d91e841dc5526 1468352 elog_3.1.2-1-1_amd64.deb Checksums-Sha256: c8b1c4968a975b67ea2a68bea4918860d4ff5e3adf2f10d6705737c2deb118e3 1676 elog_3.1.2-1-1.dsc 5de1057b4071d76a17a90c3a8044d3b4c3e6d973904518f8dac0cc3b7a2ffeaa 1494648 elog_3.1.2-1.orig.tar.gz f87422a637cf27b2dce3f0c2a7fc14cad776ef70827d044eb439d438a1bd6b3e 18380 elog_3.1.2-1-1.debian.tar.xz 8ca9ce2ec6988e00dc82af05c8a36f4091d12a7a2bdfdce84e54edfbce84cd37 1468352 elog_3.1.2-1-1_amd64.deb Files: d83286e34736ef7dc131d7227bbcc874 1676 web optional elog_3.1.2-1-1.dsc dde6a95b2e322a1a4eca3b0bfc7b59f6 1494648 web optional elog_3.1.2-1.orig.tar.gz 31caf44c22392a6b190d978935220762 18380 web optional elog_3.1.2-1-1.debian.tar.xz deec07c7d81a5def85a976a709d2b154 1468352 web optional elog_3.1.2-1-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJX1v3PAAoJEGvmY8daNcl1oEoQAKaTmCf2HNTui77MWR9bpyXA f1we38vHCbpuaI/DFES1etB2luKIMItcljozZiVqvnYb0c8jQvZSVYonSDrKZhxQ YKxt2XqaI4n+BeSIZOC6/PC+mcD4voKpXQR0O6vPQxLgacDcSOSJwH7fryv52LEA kHDuSa09ZiXxPxjaUE0oWg4Pdm3Rf1YnsMu4q0fAhSBMssns7AjvLetyZTkzD7v0 IsY7MnA8gop2HCG1pSz6eK5Es3Hf8uV50n/7RMeSkf4C0uHCL0pUz+Kgliz7XX/t OO4yA8K4PJqXcxv1785OLomP6JoZ+Gp+UxMpZDmJc6cDJYMkf/dK/KsCkIcm+KJt 7l66FOQsR/+aVXLwXx+p2IU/CdQ0+inidPY/tN2UdXyVdxJvmU+cvzQqHMSGTTJ+ koU6cPOOGsZt+3Tflk5aDRGMNTLmvrqW1rLREPfpf9EOra6eNyHw/4LzIkQN/aaJ K6znogmkXZJqu2JwqQoMTiUdroShVvwkKvnBBhduEQnDq/Q+DngW1YfcXZAzSSfE l8nzeYXoJH0010eQU/JlKn+7UGRXxHDaM4jnZ/OzcKtZgYIDitzwDpD787+wN2bz s0WKmu8Qiu1xmgPCClq4lCpjAaC4JGFufL2ewX4D6wriBQAojKlCNplc6ocQwEyc ovKc2FQahD/WwlQ0cBjF =C2Bu -----END PGP SIGNATURE-----
--- End Message ---
