Your message dated Tue, 22 Aug 2017 21:48:25 +0000
with message-id <e1dkh29-0004es...@fasolo.debian.org>
and subject line Bug#871810: fixed in cvs 2:1.12.13+real-15+deb8u1
has caused the Debian Bug report #871810,
regarding cvs: CVE-2017-12836: CVS and ssh command injection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
871810: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: cvs
Version: 2:1.12.13+real-9
Severity: grave
Tags: upstream security
Justification: user security hole
Hi,
the following vulnerability was published for cvs.
CVE-2017-12836[0]:
CVS and ssh command injection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12836
[1] http://www.openwall.com/lists/oss-security/2017/08/11/1
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cvs
Source-Version: 2:1.12.13+real-15+deb8u1
We believe that the bug you reported is fixed in the latest version of
cvs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 871...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Glaser <t...@mirbsd.de> (supplier of updated cvs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384
Format: 1.8
Date: Sat, 12 Aug 2017 19:22:05 +0200
Source: cvs
Binary: cvs
Architecture: source i386
Version: 2:1.12.13+real-15+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian QA Group <packa...@qa.debian.org>
Changed-By: Thorsten Glaser <t...@mirbsd.de>
Description:
cvs - Concurrent Versions System
Closes: 871810
Changes:
cvs (2:1.12.13+real-15+deb8u1) jessie-security; urgency=high
.
* Fix CVE-2017-12836 (Closes: #871810)
Checksums-Sha1:
6273e61f2eb17e6aad42f295aa4bbcc0f1736f29 2094 cvs_1.12.13+real-15+deb8u1.dsc
4035e96f084517c7d6a71d35420876d508b00376 105645
cvs_1.12.13+real-15+deb8u1.diff.gz
d13bb504d101e3f64926fed63fff5d7c409fe98c 2638090
cvs_1.12.13+real-15+deb8u1_i386.deb
Checksums-Sha256:
5315f661fd8f8a5978106835aea6b7c33e7fef4a87a6564be986844bb17f6bb9 2094
cvs_1.12.13+real-15+deb8u1.dsc
c39ca3d80b13265d3d8d7370148835b3f5892e0af8ae9c32d2cc34a945ec7585 105645
cvs_1.12.13+real-15+deb8u1.diff.gz
7b8d16b8c93e6425a38d09454e69c69c50039a71f35311abea568e5a50a793e5 2638090
cvs_1.12.13+real-15+deb8u1_i386.deb
Files:
451b3557f24de1b5160998e82dab44eb 2094 vcs optional
cvs_1.12.13+real-15+deb8u1.dsc
e20d975ba3aaf6b72e22bf7b55ff6292 105645 vcs optional
cvs_1.12.13+real-15+deb8u1.diff.gz
c9fd2d0366dca5aff0eb60cd1f7c05f1 2638090 vcs optional
cvs_1.12.13+real-15+deb8u1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (MirBSD)
Comment: ☃ ЦΤℱ—8 ☕☂☄
iQIcBAEBCQAGBQJZj0KgAAoJEHa1NLLpkAfgPfcP+wQgWA/30xYSbaMZpKv2GSCt
AyzwZiHDvHar7BBxzAcS2FKwAROFl9zSOwPpfAAUZ0NHXanSzIIjcGzbXJMFLuPB
AbBJGC2bRQLEUbQbw/9G55mrTmpoRiyIdb1PNlyiVKVjzMvUD3U19X4e67BAt5xV
MBEkjuyePg6CvxKrNFVXlqBH331Ss+XMaVwWk96UhQ1i3YgWnTsVTtCqI1GfkWfI
asnEGor3sYvYoCZWC4S8zNC5J/7KmSqDbUSgOad5h2xE/1dtwVd1ytvw1CNgeVzu
/LQoukZFjS2SPzY9k52VROtid1SZb7CAoaMuuuZCsr1Tv4BO963X0tEv28oT2SsW
XUhToM4pMvTFG2QgtZNpuXxhALY2/qLZJHesS4eA+rdvAG/6Sihe5Qxkat7BnFbH
8rF+6PnT8sqLEJk+I10mV0wGAsvA45WQs+r7njyO7K/phWD57rlgfxeX+tzBY39G
J073o5B3+qJhk+xmepotiRXn6EWxyIN6yJY10dLwRrCTGd7hTZNVVJSVo2ZfV6if
jJggSye+srY1SR2xiRWMyDpVofVqW8G0wSIz3tBdryqAcSqcQfpVbQxcldi0BZ8Q
KgbqGOJFY8cFlFg08XwViY/A1f6RHM0eK/gft+LMMAsfrQcJJNLE8MGxZ5TWaWqr
KnxoPIPuoqlGgSFyl2rJ
=sU5L
-----END PGP SIGNATURE-----
--- End Message ---
