-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Control: tag -1 +pending Control: fixed -1 2.20.4-1
Hello Salvatore, Thank you very much for the bug report. On Thu, 2016-12-15 at 06:49 +0100, Salvatore Bonaccorso wrote: > Source: apport > Version: 2.16.2-1 > Severity: grave > Tags: security upstream patch > Justification: user security hole > I am just curious how you came up with that version because it is quite old. apport is only available through Experimental and its current version in experimental is: 2.20.3-1 > Hi, > > the following vulnerabilities were published for apport. > > CVE-2016-9949[0], CVE-2016-9950[1], CVE-2016-9951[2]. > > Details are in the Launchpad bug[3]. > Thanks. Upstream has mentioned that all vulnerabilities are fixed in version 2.20.4, for which I've made an upload. It should clear ftp-masters queue soon. Since this is an experimental only package, is there anywhere else, any action is required ? > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2016-9949 > [1] https://security-tracker.debian.org/tracker/CVE-2016-9950 > [2] https://security-tracker.debian.org/tracker/CVE-2016-9951 > [3] https://bugs.launchpad.net/apport/+bug/1648806 > > Regards, > Salvatore - -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQCVDstmIVAB/Yn02pjpYo/LhdWkFAlhSqd0ACgkQpjpYo/Lh dWl8PxAAtUph2Gpe+D+uIn9T6xOgSseOb8165ch6K2hKlzpavXgCxaA/sp5ow/ze k7UShUmuA6NnVi4VdHlaCPu2szbnGVaU8ZrS1QyHR5mIGdk2DGFSM4gsuzFZyOYM ONikQaTCOOmneu1v9FV/FOW9tVfuU6sUQl2YwFrZzsigcgjA8nZUsFgLlsjUsYc7 qIHzdo1519wL88KUXhLi0KKb3wtuoqwaNrrN0C3iYfBdpEqj9AxtGj2o627jHJzL ZqVqcBOT+lQoxJ6XtKCT9/zxNfFyo8cKP5OOQnXb/bu9yGQXC0FKg9w3ToAVrOJX 1yAnt5q53krY217h945dzXOYyk+s0jgWV/hKOOUWGk/zqd5wvHGsrXOYrWqkBSE7 UWg8wsNsiDvzx6x7XLLz4cJRHtepGR2f41A5my8AMVmZYBfaQX7tJ8io+/cVCSWN THOFjO7nKh1PDS95zC2srofPSdQF1jVsF8U9VaoDwQoCAVSPODp8kxPo+/dh0kxQ B7Yol9lUCUfC2pJ7ys/9BKZvvpPNQN1dyHaBVZ66v+MrU+3mhXpRW1RF7sfRJdue M0nsE2uajDUy9B3JbZOTANGT1L5YppZDbESTWGeBsNxriYSlDFrOSNEZa6gigaut UgYDjf8KpXQ+9XlZjsBahr5veFtI6cBdNn4oamxf2cMjaLsUWeA= =b2ZE -----END PGP SIGNATURE-----

