Your message dated Sat, 24 Jun 2017 14:51:39 +0000 with message-id <e1dompt-000h1y...@fasolo.debian.org> and subject line Bug#864921: fixed in spip 3.1.4-3~deb9u1 has caused the Debian Bug report #864921, regarding spip: CVE-2017-9736: remote code execution to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864921: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864921 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: spip Version: 3.1.4-2 Severity: grave Tags: security upstream Justification: user security hole Control: fixed -1 3.1.4-2 As per https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta?var_zapl=non > A CRITICAL flaw was discovered recently in SPIP, allowing the > execution of arbitrary code. > > It affects SPIP 3.1.x and 3.2 versions (alpha & beta), and impacts all > websites using these versions. > SPIP 3.0.x and earlier versions are not affected by this issue. > > It is imperative to update your SPIP website as soon as possible. > > In the meantime, the security screen version 1.3.2 will block possible > exploitations of the vulnerability. Updating the security screen > remains a transitional measure that should not prevent you from > updating SPIP as soon as possible. > > The team thanks Emeric Boit and ANSSI for identifying and reporting > the issue. and since there is no CVE to track the issue, filling the bug in the BTS even though already fixed in unstable. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: spip Source-Version: 3.1.4-3~deb9u1 We believe that the bug you reported is fixed in the latest version of spip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <taf...@debian.org> (supplier of updated spip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 19 Jun 2017 09:36:46 -1000 Source: spip Binary: spip Architecture: source Version: 3.1.4-3~deb9u1 Distribution: stretch-security Urgency: high Maintainer: SPIP packaging team <spip-maintain...@lists.alioth.debian.org> Changed-By: David Prévot <taf...@debian.org> Description: spip - website engine for publishing Closes: 864921 Changes: spip (3.1.4-3~deb9u1) stretch-security; urgency=high . * Upload previous fixes to Stretch * Update previous changelog entry with CVE and bug report . spip (3.1.4-3) unstable; urgency=high . * Track Stretch * Backport security fix from 3.1.6 - Execution of arbitrary code [CVE-2017-9736] (Closes: #864921) * Update security screen to 1.3.2 Checksums-Sha1: 7ebd6794431e14d5c53b98849c7f76f16aad130c 1604 spip_3.1.4-3~deb9u1.dsc 5c11a4ba509364298fda7e5e6838c7caead8d091 5848656 spip_3.1.4.orig.tar.xz ddf928c5a754559697b78fd2bbe4d17d83c509d9 81588 spip_3.1.4-3~deb9u1.debian.tar.xz Checksums-Sha256: f183335113efe985153400406b73d054f13e2107845ad97f726c786b8202afb9 1604 spip_3.1.4-3~deb9u1.dsc 884778eca338242da714641727b9acaa8ec10a5aefeefc1dbe1d38ad379d8318 5848656 spip_3.1.4.orig.tar.xz 005526c5806b00dd524d5d437ccc318ede3c989687f7a29b2db0b5cbc57be6ef 81588 spip_3.1.4-3~deb9u1.debian.tar.xz Files: 5e38b7a4eda96a6d3962acedbfbd12d3 1604 web extra spip_3.1.4-3~deb9u1.dsc 773ba92d20896200e8301361cbc814f6 5848656 web extra spip_3.1.4.orig.tar.xz 177ecfbf57bb01da37084c392952cc3f 81588 web extra spip_3.1.4-3~deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAllKA5AACgkQBYwc+UT2 vTxR7ggAn7ij0FPeor1NJLpQvJoLUaaQU/8GrxE5wmPXfdYJzqs3ltfWO1+DlA+P 4teGPAMQBZiK84uCN91xm3EvS5Xfo/BiS7ATTxX1nB4Br//ZPAHoDLNCxQMD4aRw uWUDKyPURA9Qm5efK1R3tSPYnwYO+7/rtB6pWKZYXvIe0bHKEGP1M1D5A3SRiV3R 0I1enXSb0lO22UGudlUpAR4hbqAYggl7/DegVOf2StumJnzXHt0Ef6AGnscYeblY NFdhiYbUbMP1AR/JMoyHWzlwynBw+WaoJ70q5/r11tA1yStL9dUai+eK5BlJEsK6 JDWnZzCneAe1HLq/N8ls5cTHtHK8ag== =+4mB -----END PGP SIGNATURE-----
--- End Message ---
