Your message dated Sat, 15 Jul 2017 22:17:23 +0000 with message-id <e1dwvnl-000fqa...@fasolo.debian.org> and subject line Bug#866677: fixed in rkhunter 1.4.2-6+deb9u1 has caused the Debian Bug report #866677, regarding rkhunter: CVE-2017-7480: File download via http might lead to RCE to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 866677: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866677 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rkhunter Version: 1.4.2-0.4 Severity: grave Tags: upstream security Hi, the following vulnerability was published for rkhunter (somehow releated will be at least #765895) CVE-2017-7480[0]: File download via http might lead to RCE If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7480 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7480 [1] http://www.openwall.com/lists/oss-security/2017/06/29/2 [2] http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/CHANGELOG [3] http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rkhunter Source-Version: 1.4.2-6+deb9u1 We believe that the bug you reported is fixed in the latest version of rkhunter, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 866...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier <franc...@debian.org> (supplier of updated rkhunter package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 12 Jul 2017 03:07:17 +0000 Source: rkhunter Binary: rkhunter Architecture: source all Version: 1.4.2-6+deb9u1 Distribution: stable Urgency: high Maintainer: Debian Forensics <forensics-devel@lists.alioth.debian.org> Changed-By: Francois Marier <franc...@debian.org> Description: rkhunter - rootkit, backdoor, sniffer and exploit scanner Closes: 765895 866677 Changes: rkhunter (1.4.2-6+deb9u1) stable; urgency=high . * Disable remote updates to fix CVE-2017-7480 and prevent bugs like it in the future (closes: #765895, #866677) Checksums-Sha1: 41e927f0fe49875118a6329637cfe59cf133228b 2082 rkhunter_1.4.2-6+deb9u1.dsc da01bc6757e14549560ad6ea46d1e93dbf5ac90f 277707 rkhunter_1.4.2.orig.tar.gz 3aa3287916cd2b9f7c96f29210669776eecd7de1 28200 rkhunter_1.4.2-6+deb9u1.debian.tar.xz f22ff045219eaa4a8005db4bc3f6aa5bdd0b77ca 237966 rkhunter_1.4.2-6+deb9u1_all.deb 46e7bdac0a20978b575e961a85e7bbfe39932774 5524 rkhunter_1.4.2-6+deb9u1_amd64.buildinfo Checksums-Sha256: 749932842111c7b4726279941bd99ab6a2abff004f7dcd6dc94909b4ae1ceef4 2082 rkhunter_1.4.2-6+deb9u1.dsc 789cc84a21faf669da81e648eead2e62654cfbe0b2d927119d8b1e55b22b65c3 277707 rkhunter_1.4.2.orig.tar.gz 8543558da2e832ec9b873c1f743b6ae0b426745df35657bbd92d18152d270d8e 28200 rkhunter_1.4.2-6+deb9u1.debian.tar.xz dc6898b138e8c26e860e5a2b4270e31aeab7af325fc0a4331ea2100a8a176033 237966 rkhunter_1.4.2-6+deb9u1_all.deb a31ff7c777af4d9a9aa1fd6757517cc6488c7225cb970d0bdb633260b0ba0a68 5524 rkhunter_1.4.2-6+deb9u1_amd64.buildinfo Files: 62c1704884500d98298deabd965ac8ad 2082 admin optional rkhunter_1.4.2-6+deb9u1.dsc 85ad366b7f3999eb2a9371e39a1a4df7 277707 admin optional rkhunter_1.4.2.orig.tar.gz 81159869ce7b75ddbc7209b821f788cb 28200 admin optional rkhunter_1.4.2-6+deb9u1.debian.tar.xz c385efe1e7d620cdeb9966a561e4620f 237966 admin optional rkhunter_1.4.2-6+deb9u1_all.deb d8068f6f8d03d29b2a0f49821dfa3059 5524 admin optional rkhunter_1.4.2-6+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEjEcLKgsxVo4RDUMlFigfLgB8mNEFAlllkqhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDhD NDcwQjJBMEIzMTU2OEUxMTBENDMyNTE2MjgxRjJFMDA3Qzk4RDEACgkQFigfLgB8 mNEZig//ay7rWim392nmJqu37+s23iwxvOpRt/9Pd3iTv6h8HbFnfbpUyuP1c8nP DMr2KGC8GZjM2MQrk/ybplh/LgdajzL1VPGb7cw/aKt0msBfBMwk8sPydEh0NBJi csjHj7ios1tORlXuuotpgm3bCgt6L9A/HHlJC7jvqI3zd8aZRf8fQzsIDqKH3cNj Ie5+qi16dC3E5AV9HBQvfGAKqZcYAjrZLGrVTj+PUH9el4YxBkI1Xm7j4K4jpWqB z+fH0xARPrI+YGZDYYzEVg3rXWjq4nU/IrC1cgHI1EbBcpvX7vCaEhppu18sUTH8 5qWqK673Fvvq1G7FncSIFiKRuO2VuvH5Mk5OTdqkPCMKVafJeH6OGR0sPCS7XUDw tRCam3PgjhzerRk1qIJxLTOhVYiV4WL9j3unfvlSnjc8+I+g6YLJMCXvmCyOopbM 4FNYPDydAkSeYiLwwtTyjfZ+JHmGbD+YdHLVJ/qiUf0WL8EQDcxyDQyy/Tvkydtv xXeo3lxfHLdxxh+BttS0AzAOI3C6oy/UqRpWurxjCqii7pyEgV34jQU2thjzEdQz JpcF2Ilt7IKtpeVuUaRBieFlwTyA5KXrRpe9dAZuh8T11dzNVmfECZd4m6v6p4wk fcApJF0swD/gf71DZHctYJeYcqv5oJgFVH0y1JsavYVFlZd5LZA= =4Dqq -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
