Your message dated Tue, 22 Aug 2017 21:32:15 +0000
with message-id <e1dkgmv-0000vh...@fasolo.debian.org>
and subject line Bug#871810: fixed in cvs 2:1.12.13+real-22+deb9u1
has caused the Debian Bug report #871810,
regarding cvs: CVE-2017-12836: CVS and ssh command injection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
871810: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: cvs
Version: 2:1.12.13+real-9
Severity: grave
Tags: upstream security
Justification: user security hole
Hi,
the following vulnerability was published for cvs.
CVE-2017-12836[0]:
CVS and ssh command injection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12836
[1] http://www.openwall.com/lists/oss-security/2017/08/11/1
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cvs
Source-Version: 2:1.12.13+real-22+deb9u1
We believe that the bug you reported is fixed in the latest version of
cvs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 871...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Glaser <t...@mirbsd.de> (supplier of updated cvs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384
Format: 1.8
Date: Sat, 12 Aug 2017 19:19:53 +0200
Source: cvs
Binary: cvs
Architecture: source i386
Version: 2:1.12.13+real-22+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Thorsten Glaser <t...@mirbsd.de>
Changed-By: Thorsten Glaser <t...@mirbsd.de>
Description:
cvs - Concurrent Versions System
Closes: 871810
Changes:
cvs (2:1.12.13+real-22+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2017-12836 (Closes: #871810)
Checksums-Sha1:
83f20b8d0e613d15af92c838210d7a399470927a 2054 cvs_1.12.13+real-22+deb9u1.dsc
a868aaad46c54cb1f7510b79c8cb0b38534483ce 4737137 cvs_1.12.13+real.orig.tar.gz
d2c68eab48de7fe0d3a41329051072967f1f484d 114637
cvs_1.12.13+real-22+deb9u1.diff.gz
ecf7938cf6312024287ca8696b6062389775afbe 792316
cvs-dbgsym_1.12.13+real-22+deb9u1_i386.deb
63478ddb25a555092a217becaf3a72212a4ea950 7987
cvs_1.12.13+real-22+deb9u1_i386.buildinfo
87e764065d003867d354a88e409c7f7295ff83f6 2809120
cvs_1.12.13+real-22+deb9u1_i386.deb
Checksums-Sha256:
6b949a1dfc77e523971a1607524718f6f5fe92c92fdc9fb022e34ed82e13dd96 2054
cvs_1.12.13+real-22+deb9u1.dsc
4734971a59471744e4ad8665c1dca54cb3ebf9fc66ce9c2dff3d04670d3f7312 4737137
cvs_1.12.13+real.orig.tar.gz
d7baf701538a9e5b6f97d5248ef1b61867113622ebe4250f6bdd3772e2012596 114637
cvs_1.12.13+real-22+deb9u1.diff.gz
a250e9cffb04c20e97216da12f467155bb3b191ea5559192bbc0dd0fd49b1994 792316
cvs-dbgsym_1.12.13+real-22+deb9u1_i386.deb
9599fa632bd5769b382145a08185ea9040ed0d1e2c236828d26e53366b75d394 7987
cvs_1.12.13+real-22+deb9u1_i386.buildinfo
1650978a8f75d8ce32872280acb76418fe82fc37e202277cc4518393ba4aa7ce 2809120
cvs_1.12.13+real-22+deb9u1_i386.deb
Files:
5bfca3ba05f848def66403bc880a7b60 2054 vcs optional
cvs_1.12.13+real-22+deb9u1.dsc
7a71a2e7a64973ecf255965956a1d338 4737137 vcs optional
cvs_1.12.13+real.orig.tar.gz
f579edf186184c3eff3a774f93952f82 114637 vcs optional
cvs_1.12.13+real-22+deb9u1.diff.gz
c4c796327a128a77b042ccc14610ac8b 792316 debug extra
cvs-dbgsym_1.12.13+real-22+deb9u1_i386.deb
dcbdd1b226477098017dc92958c6bb27 7987 vcs optional
cvs_1.12.13+real-22+deb9u1_i386.buildinfo
b6a30c12490dd29b6209b2ca85deb412 2809120 vcs optional
cvs_1.12.13+real-22+deb9u1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (MirBSD)
Comment: ☃ ЦΤℱ—8 ☕☂☄
iQIcBAEBCQAGBQJZjz0oAAoJEHa1NLLpkAfgx0oP/3T2uiXTI2yz28h+PJvqgSwM
PLAiPUFu2Fez3a7NlIsePPPbGKO1nv6otTOyNS+QrjJKlSD3ZcXRKzrDO/9hRCN0
zrBpwNAUzgPJlutpX5aJrE67EYpeQ8iskMvaBEJqRA0gEcpHgkoAuDf/P71eTOqr
XtQqo0uZLsuSP9pdpQf4YJ7oTak5q9+8yW4Dzq5jneuPHiMv2stt515tWYhPgpJ0
35N04u+rOfJcimoz5iFkYa7dLBLPfHlWoZqipmPuGEn4z8yOoV7Cuh+xYaeM0UFd
Ym2v0KBO9aF4sx9sSFPg7jUgn/kICwHWWsXYXAMiePzB5Ux+vN6DI4OT6C1bnb6Q
WwGRd/yIzc/jXxEypl6KepgOjcc1NeoYjJ1RFbHI56gPzL6T4PeHt1cpb/OsaWQk
b/JCIdB/n0pTc0xWq0SYsVQK110TcQYM9uilKlFkCRmxIgQouptU+Choj8fuHwEQ
WB0a05um2tHdUL6R04C55kHaPRXFrtqjKL7EMLJJlvZ7byXB61BxVAFpJFTx8h3h
AwodkE0ONrAiqtaFq8eChXyPQFxms4ShqMS7A1OZ2Ktggf/a1wHiRyckmMF12Mnt
htUGZ/yg1EXf2cBYM1bKPWtiUz+yb0cQZhXFTbVWqRu3mQNK4BtIDFSA0YvUcsq0
iokoLzwBEdvJeqPp3RoX
=RcS5
-----END PGP SIGNATURE-----
--- End Message ---
