Your message dated Tue, 22 Aug 2017 21:48:47 +0000 with message-id <e1dkh2v-0004ns...@fasolo.debian.org> and subject line Bug#870187: fixed in supervisor 3.0r1-1+deb8u1 has caused the Debian Bug report #870187, regarding supervisor: CVE-2017-11610: Command injection via malicious XML-RPC request to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870187: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870187 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: supervisor Version: 3.0r1-1 Severity: grave Tags: upstream security patch Forwarded: https://github.com/Supervisor/supervisor/issues/964 Hi, the following vulnerability was published for supervisor. CVE-2017-11610[0]: Command injection via malicious XML-RPC request If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11610 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11610 [1] https://github.com/Supervisor/supervisor/issues/964 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: supervisor Source-Version: 3.0r1-1+deb8u1 We believe that the bug you reported is fixed in the latest version of supervisor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated supervisor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 12 Aug 2017 08:08:04 +0200 Source: supervisor Binary: supervisor Architecture: all source Version: 3.0r1-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Qijiang Fan <fqj1...@gmail.com> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 870187 Description: supervisor - A system for controlling process state Changes: supervisor (3.0r1-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Disable object traversal in XML-RPC dispatch (CVE-2017-11610) (Closes: #870187) Checksums-Sha1: d3a6bf5a01fa81a2239ef8838b4c7f7a844bb35c 2088 supervisor_3.0r1-1+deb8u1.dsc 560ed627498e51a147d98749d11fb908d5c70f9e 460340 supervisor_3.0r1.orig.tar.gz f4301bdbbe3b36d92e1b36e4ac5b0f0657413baa 10864 supervisor_3.0r1-1+deb8u1.debian.tar.xz fe9000671ec3f618a2de165ccdd114e0b02564d1 266718 supervisor_3.0r1-1+deb8u1_all.deb Checksums-Sha256: 71d86a09a64ead4210265e833474386c10f79c7a4ce1022a137b0a379346e75a 2088 supervisor_3.0r1-1+deb8u1.dsc f46aec68df0ea74fe76c6cdea04b4b61fa4ad883f6f9ba4fb667223dc06ac20d 460340 supervisor_3.0r1.orig.tar.gz afa6075c352437c5f0ba329d2516fe84d3516cf180d3a4626b3ec236e6eedda1 10864 supervisor_3.0r1-1+deb8u1.debian.tar.xz da3b7ecb28d8d830632d6f9efaf6438aaea72960eec5e80a13e60ad5fc263327 266718 supervisor_3.0r1-1+deb8u1_all.deb Files: 5182b444c142de8d8bf3f8c6bcecbf2d 2088 admin extra supervisor_3.0r1-1+deb8u1.dsc fe9bbfaf5eb9cc3156d35dd1662354ca 460340 admin extra supervisor_3.0r1.orig.tar.gz 4d35718ffa70ee002ebde4ca2a196381 10864 admin extra supervisor_3.0r1-1+deb8u1.debian.tar.xz 97bf2a8145eab1b1d144ca3cfa6a8436 266718 admin extra supervisor_3.0r1-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmOuGhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EA1sP/AgyzSp814GcmQbARyWkgKNkL5WP9C9S 7URqnIaulwPi5RJSlYUmnfHYVzh7xTIIeyJAvzxvQRk2CFjSju4B9CIIS7vumVUL cViOLK6d58alUAZI2677/E9MYmrjrqw9Sw8nuTIEulfMhyJmx7qt6IPRiQQD095Q TSVulTvqKdUuBkYJ3k9zC4hsDdxSSF7gnvbObXzxK+thyIfMdhI8fJX+jQ26gdbT 3XJX9oxO41aiOjaKhO6R26SLudmAiDd0gQlvQHhy4+3t7Wr1T0MJQojeUBYIbpLG s0d49BS4wyHXHCYs0IDHJbhA7Qsc7+66NDeF25fjWdw+1RsgijB/QhcmS0iAX7wh PuDLji6sGIVt7Wl1DkSBZ48fFAkQgeO/M7QeM/GonwIkjV/EKFA9oUB6h9AnDg/h gE7LX8fcpShJ5sUybjswPd7GhyFdeHoghtMDCIKys9pdj6C9/lsU5JiFxElSGKJx avJdMMMs7ECLx2QBA8q4RBSvO4j0mr8V0xB/RC0OxqFbYdpWG8cRdGz/NsjMhkH4 TGeqmjmr2LiPKtLpS19HRlwR/0U3J/EofOHMitI6sX6mMZDQE89Cx5EBSHzH8ol0 opUq3Y5F1M7vyN+ZqLpV2DIFr6QkCuqRrnkXguvcDX42q+rY/D8hva2ZMl6qbEB7 DrqgprhpdCZv =mqQN -----END PGP SIGNATURE-----
--- End Message ---
