Your message dated Sun, 16 Jul 2017 12:17:35 +0000 with message-id <e1dwiur-000gly...@fasolo.debian.org> and subject line Bug#866677: fixed in rkhunter 1.4.2-0.4+deb8u1 has caused the Debian Bug report #866677, regarding rkhunter: CVE-2017-7480: File download via http might lead to RCE to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 866677: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866677 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rkhunter Version: 1.4.2-0.4 Severity: grave Tags: upstream security Hi, the following vulnerability was published for rkhunter (somehow releated will be at least #765895) CVE-2017-7480[0]: File download via http might lead to RCE If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7480 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7480 [1] http://www.openwall.com/lists/oss-security/2017/06/29/2 [2] http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/CHANGELOG [3] http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rkhunter Source-Version: 1.4.2-0.4+deb8u1 We believe that the bug you reported is fixed in the latest version of rkhunter, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 866...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier <franc...@debian.org> (supplier of updated rkhunter package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jul 2017 20:17:08 -0700 Source: rkhunter Binary: rkhunter Architecture: source all Version: 1.4.2-0.4+deb8u1 Distribution: jessie Urgency: high Maintainer: Debian Forensics <forensics-devel@lists.alioth.debian.org> Changed-By: Francois Marier <franc...@debian.org> Description: rkhunter - rootkit, backdoor, sniffer and exploit scanner Closes: 765895 866677 Changes: rkhunter (1.4.2-0.4+deb8u1) jessie; urgency=high . * Disable remote updates to fix CVE-2017-7480 and prevent bugs like it in the future (closes: #765895, #866677) Checksums-Sha1: 45834ddf4054f6f90c9ee0655c0e7208c5a384ff 2048 rkhunter_1.4.2-0.4+deb8u1.dsc da01bc6757e14549560ad6ea46d1e93dbf5ac90f 277707 rkhunter_1.4.2.orig.tar.gz bf2103294777af8334151dba501de08ebcf4ba47 25896 rkhunter_1.4.2-0.4+deb8u1.debian.tar.xz 5781b925cee003e7e8e91d1e36955ffb8853dff4 237628 rkhunter_1.4.2-0.4+deb8u1_all.deb Checksums-Sha256: bf6f0c795a76e4980ed0ddde14140e153951a4bd2c9b56f82a0ad0ee16ac4b38 2048 rkhunter_1.4.2-0.4+deb8u1.dsc 789cc84a21faf669da81e648eead2e62654cfbe0b2d927119d8b1e55b22b65c3 277707 rkhunter_1.4.2.orig.tar.gz 670f6d1ed3fa4fd4a5c95ec0dced06f6c0f6b31ef07b612a7562c8d44287c5b6 25896 rkhunter_1.4.2-0.4+deb8u1.debian.tar.xz 5dcd154028540a19879095b264be8547138deec5a66773f3ab40b918cb344811 237628 rkhunter_1.4.2-0.4+deb8u1_all.deb Files: 97d9c24358150b3c158b121cad7ea0e8 2048 admin optional rkhunter_1.4.2-0.4+deb8u1.dsc 85ad366b7f3999eb2a9371e39a1a4df7 277707 admin optional rkhunter_1.4.2.orig.tar.gz a065aad9095c32cbc7e986b2cda81f27 25896 admin optional rkhunter_1.4.2-0.4+deb8u1.debian.tar.xz bafcf26c711bbd8f8fab95ea4cf47fa7 237628 admin optional rkhunter_1.4.2-0.4+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJZamw6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4QzQ3MEIyQTBCMzE1NjhFMTEwRDQzMjUx NjI4MUYyRTAwN0M5OEQxAAoJEBYoHy4AfJjR5p0QALE2rnZYI4M+9esSuJhkA1+8 iKLv2brVAnHpP4/JT2WitwQDvfMFD5srGpDd1+XoDL5t2S33Qsi/5aMUaxFTY5pT qWs3UWhyxCQf6vyLjEbyjnGosD5gGOo5qc2DpW8pVNX426wfjvyK9J3+4tMo/Zp1 xVqRq1q0mC0N78ZwoX8RJLgX7oOdDUJn5n/Tnbzah9BA6jasB9fTjs1FOQTqSlZT yzSitxKD9VtDNy61dpemFqZIkvWZiprVPuXsW54X9rRgAtG6ubOIuP10WtN3RZzd 37UCI7/iXhgx9lTptEhk8V2Y+3yec/jyxvFD1YeCCfhuIDTp/DJiIKsUKwjEFrol 6rAneCPG/ncGJVe6oIIEX9mMAjdvryk6REmtej3Ek75k0dH6CTnu5juorQBOmI93 XBBxULTVIUU3g7eLlE3XYpmGfnmQ6Xd+RDW4B7+UYONJdtcXjE9mnZIU7p5taKpK IW9pSkbPQFpaDC69vNtEenxl979l2QAaczdrwXhrsmSYQTdJ9K9Bi2qIi088R4ku qparniTAIcvpJbYx8jkseJDypvDxKoiiXlJ5EPJoYhPzM0P07gKL5jKEn0VC939U j4QdTuQWmKTY2Z45ke+Cfum95F06JCiNUUGbVkwuK+VOO3HtAXqYy0/Wn1DWqclS /+4m2iAhnrHkUv23Tcbi =mLgs -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
