Bug#850528: marked as done (firejail: CVE-2017-5207: root shell via --bandwidth and --shell)

Sat, 07 Jan 2017 11:51:54 -0800 

Your message dated Sat, 07 Jan 2017 19:48:28 +0000
with message-id <[email protected]>
and subject line Bug#850528: fixed in firejail 0.9.44.4-1
has caused the Debian Bug report #850528,
regarding firejail: CVE-2017-5207: root shell via --bandwidth and --shell
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
850528: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850528
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: firejail
Version: 0.9.44.2-1
Severity: grave
Tags: upstream security patch fixed-upstream
Justification: user security hole
Forwarded: https://github.com/netblue30/firejail/issues/1023

Hi

There is no CVE assigned for this one yet: 

https://github.com/netblue30/firejail/issues/1023
https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc

CVE requested here:

http://www.openwall.com/lists/oss-security/2017/01/07/3

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: firejail
Source-Version: 0.9.44.4-1

We believe that the bug you reported is fixed in the latest version of
firejail, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reiner Herrmann <[email protected]> (supplier of updated firejail package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Jan 2017 20:24:40 +0100
Source: firejail
Binary: firejail
Architecture: source
Version: 0.9.44.4-1
Distribution: unstable
Urgency: high
Maintainer: Reiner Herrmann <[email protected]>
Changed-By: Reiner Herrmann <[email protected]>
Description:
 firejail   - sandbox to restrict the application environment
Closes: 850528 850558
Changes:
 firejail (0.9.44.4-1) unstable; urgency=high
 .
   * New upstream release.
     - Security fixes for: CVE-2017-5180, CVE-2017-5206, CVE-2017-5207
       (Closes: #850528, #850558)
   * Drop patches applied upstream.
Checksums-Sha1:
 a87a960ef7c9d87e55dece847f90691ee120fa47 2375 firejail_0.9.44.4-1.dsc
 710de2e9791142edcc6ab46b64d595e09ff4071d 213648 firejail_0.9.44.4.orig.tar.xz
 9dfa38cf6708cf25834919a650784e9808684d28 473 firejail_0.9.44.4.orig.tar.xz.asc
 24f52ba92871e14d0f93405c0ac8f5f6da1cc809 6028 firejail_0.9.44.4-1.debian.tar.xz
Checksums-Sha256:
 f91186d24681e0d47f3ad6af121948cb5c62b61151fd2283aa99c530fb3fcd8d 2375 
firejail_0.9.44.4-1.dsc
 2d70a2cd554835db0e2eba201c0466e247fbaa2b60c86abd34b9170e0eebc10f 213648 
firejail_0.9.44.4.orig.tar.xz
 965d6ce0416680baf6d6028759ac8a90a13a672342172fbbacdde04528b9f7a7 473 
firejail_0.9.44.4.orig.tar.xz.asc
 bc9f7abd0ee38d1916175854422218edf385564efbbaee17fee00ab467114629 6028 
firejail_0.9.44.4-1.debian.tar.xz
Files:
 47e66ccff2cbbca333d58226a7855198 2375 utils optional firejail_0.9.44.4-1.dsc
 d1b77101fd0e35a18242d7593486d984 213648 utils optional 
firejail_0.9.44.4.orig.tar.xz
 4c223fec5bcddb0cc56cc5b16f111111 473 utils optional 
firejail_0.9.44.4.orig.tar.xz.asc
 3098bae66a536e9c7ca3d331140f50b3 6028 utils optional 
firejail_0.9.44.4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE2Pb6feok2Q1urHM7zPBJKNsO6qcFAlhxQJQACgkQzPBJKNsO
6qdJWxAA0jyQmPE8+QJe7DyE+QP7GmtvyCHA0KecwH3iaaQXzv8ZyhPiPNg1FOgX
nfbyScIBpvDZr9u4Xb3n3hEC79KzvhiZprhsJ9l2r9HZEtcKbikvv6gH1FPg15fa
GGTybS7QfXv0AAXRelz+fI6wKqVSrs0pjVfLLt8TKPgzn/2FGCzGFsJkryaGemUi
LkW00MNCB2lIKjav6rEMIjlAAL5IzP6a0oKQtsBOyy3RN1W6X21ApzVOpyxy8+4s
xxFtkLo6DdXrtsIAeVbgs3tcmPbeE9/uxlFFWeXyhv2E5qSu1UxUviyh01K7ELgn
8vlJ0CHDzr317EhlKx3DkGMPvUXbqn1JQhE5dX8PYXwofOe704XbBpN8nV6dxCx7
GUmVPFbo7GbqD+1YE6sujTFovv+cbk9X1+T4Q5xmekwrt2nT9si72F0oUQeKiplj
rgDOz0MCOoVPFoTMFs+cRqL7v01Z/QhNdz3LE/b2pBbOe0nHdnLjOqyEMkYQr7kY
MbNNztpnmnS8uzA0NatDljfKNPzk04/f57S91g49NP0yEZRhbomy29Og//6c76qJ
z1xrOqk0gLB9hZgHrAf0KuYWb7FFLe9TXtQFzxNK8tt8zfsTC37gGD0FauF8dj0x
oBubMaPy64ckOT5th3GEQ0kRyJey5L6mSgFuclUCzHQYq+KF2/4=
=g3BU
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to