Your message dated Tue, 29 Oct 2019 20:53:48 +0000
with message-id <[email protected]>
and subject line Bug#940935: fixed in python-werkzeug 0.11.15+dfsg1-1+deb9u1
has caused the Debian Bug report #940935,
regarding python-werkzeug: CVE-2019-14806
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
940935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940935
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-werkzeug
Version: 0.14.1+dfsg1-4
Severity: normal
Tags: security upstream
Hi,
The following vulnerability was published for python-werkzeug.
CVE-2019-14806[0]:
| Pallets Werkzeug before 0.15.3, when used with Docker, has
| insufficient debugger PIN randomness because Docker containers share
| the same machine id.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-werkzeug
Source-Version: 0.11.15+dfsg1-1+deb9u1
We believe that the bug you reported is fixed in the latest version of
python-werkzeug, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Nový <[email protected]> (supplier of updated python-werkzeug package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Oct 2019 18:08:38 +0200
Source: python-werkzeug
Binary: python-werkzeug python3-werkzeug python-werkzeug-doc
Architecture: source all
Version: 0.11.15+dfsg1-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Python Modules Packaging Team
<[email protected]>
Changed-By: Ondřej Nový <[email protected]>
Description:
python-werkzeug - collection of utilities for WSGI applications (Python 2.x)
python-werkzeug-doc - documentation for the werkzeug Python library (docs)
python3-werkzeug - collection of utilities for WSGI applications (Python 3.x)
Closes: 940935
Changes:
python-werkzeug (0.11.15+dfsg1-1+deb9u1) stretch; urgency=medium
.
* Unique debugger PIN in Docker containers
(Closes: #940935, CVE-2019-14806)
Checksums-Sha1:
9b2692d5d102c8a45e9b238e928adb67517556b4 2628
python-werkzeug_0.11.15+dfsg1-1+deb9u1.dsc
1f66d89af6aafd95dea95043453908d4f529ac16 7072
python-werkzeug_0.11.15+dfsg1-1+deb9u1.debian.tar.xz
c0717fadc0896fcdaf0c1be107e9f65c4c9bcfda 885706
python-werkzeug-doc_0.11.15+dfsg1-1+deb9u1_all.deb
ea0df434760446edf45adee43d06048e42d7da90 173036
python-werkzeug_0.11.15+dfsg1-1+deb9u1_all.deb
7bac0c713947061470a3b8b3c9543410577cff43 9225
python-werkzeug_0.11.15+dfsg1-1+deb9u1_amd64.buildinfo
75dd10f294a8b8b854d6b2ff7713f7e64220a179 173076
python3-werkzeug_0.11.15+dfsg1-1+deb9u1_all.deb
Checksums-Sha256:
9ef33e745b930277cd60a1a695b606318a2b8d2f2c9a7962106d78ea6dc55e7c 2628
python-werkzeug_0.11.15+dfsg1-1+deb9u1.dsc
a5f1806b3300c0e9269b792eb60ae6ca681d205b92e043502a29af19a8e262ff 7072
python-werkzeug_0.11.15+dfsg1-1+deb9u1.debian.tar.xz
bdc5a58176b58af7baf322585a846d3a51dee3dcb6077344399f782b4431c00a 885706
python-werkzeug-doc_0.11.15+dfsg1-1+deb9u1_all.deb
3e372fe26e8b2031a804a6bbadc008e416346ea1d98c5ef81ec8f0b16f2a20ae 173036
python-werkzeug_0.11.15+dfsg1-1+deb9u1_all.deb
621b51505e3857e17eb4e2c665d44998a72315dec662d8b3eae40c718c3b9228 9225
python-werkzeug_0.11.15+dfsg1-1+deb9u1_amd64.buildinfo
af4b8da410ed64aa82a00354e4b147ee30b37fbca52036d27e00a244ec5dec6a 173076
python3-werkzeug_0.11.15+dfsg1-1+deb9u1_all.deb
Files:
82f93906998768b8b21b14d6e5adb307 2628 python optional
python-werkzeug_0.11.15+dfsg1-1+deb9u1.dsc
5a279c167761ce0d07095555910a678d 7072 python optional
python-werkzeug_0.11.15+dfsg1-1+deb9u1.debian.tar.xz
cc090859766aacc51100a983cdcd5611 885706 doc extra
python-werkzeug-doc_0.11.15+dfsg1-1+deb9u1_all.deb
8eaad85e0816321d77a645e6453ae2e5 173036 python optional
python-werkzeug_0.11.15+dfsg1-1+deb9u1_all.deb
dc228d0abf1150852b7f3f6a88cf57f6 9225 python optional
python-werkzeug_0.11.15+dfsg1-1+deb9u1_amd64.buildinfo
0900cae67c2cc569140b54a7d081e72a 173076 python optional
python3-werkzeug_0.11.15+dfsg1-1+deb9u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEPZg8UuuFmAxGpWCQNXMSVZ0eBksFAl2wnzUACgkQNXMSVZ0e
BkvtNA//VXIoxJTMbtM+MOo3topEj2x4XcDF2BG9vGs44dmkUgemjH+OUaxYgee8
sgHQ3Rji5ONG2NNW1Gzps049Gwr8RXI15kU4hoP261YNiSp4S6ITOifHHG9icPhm
Jha4/pBgcO+bbUA5cuJk2BAI97GsD6q3m8Rb85+Dt8iaxJDAP0FNj7ZXJ65igCrT
Kv797QxQaUyqSvt7pIdAjgFarrkRiJCdRTtGP9UQzYO16nnszX/VxucUVn5zhBAR
6Pz3D8T4aI2v1KjBFfNB0qtwE6lx3SV8p0Qj5f3jcQBMrX7id/H3SD2ln7flZgjT
LardBdEDSyavzw7ruImooeeLGR0r8vrFy3DrRu95e1IBFJuJqXB455E9rSwxhxas
06lprohU8XoZ+ptk5hbdVEyMIE5Jqg+n6dO6akc6Pr0ML5vQS7vdyr/KhkZLCH85
Yld3CrR7XUTJodxTMou08VwrDaWhC6EggSJ2mwtq6u9DrfJ6m0fQT8o4xQOwRrnj
vf6W9JemAeoVGocKMcPQ4gx92Yo6LamihO6YhbCFJC23gWa3x0pP/7NqOmkXP1Pf
GZ8e34rIZ0+liFolP0B4Oa4Z+JBOnsaMcHPTV1+GyhmP8mDp1hLbvjtHl/DjtA1B
Q7S1+x9K2CwG/YH6pdXy/gIXh2BblvWhP+y+DvctVu5Q0OBN1bs=
=qUEC
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
