Your message dated Mon, 02 Apr 2018 17:17:08 +0000
with message-id <[email protected]>
and subject line Bug#893668: fixed in adminer 4.2.5-3+deb9u1
has caused the Debian Bug report #893668,
regarding adminer: CVE-2018-7667
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
893668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893668
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: adminer
Version: 4.2.5-3
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
the following vulnerability was published for adminer.
CVE-2018-7667[0]:
| Adminer through 4.3.1 has SSRF via the server parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-7667
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
--- End Message ---
--- Begin Message ---
Source: adminer
Source-Version: 4.2.5-3+deb9u1
We believe that the bug you reported is fixed in the latest version of
adminer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated adminer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 20 Mar 2018 22:40:06 -0400
Source: adminer
Binary: adminer
Architecture: source all
Version: 4.2.5-3+deb9u1
Distribution: stretch
Urgency: high
Maintainer: Chris Lamb <[email protected]>
Changed-By: Chris Lamb <[email protected]>
Description:
adminer - Web-based database administration tool
Closes: 893668
Changes:
adminer (4.2.5-3+deb9u1) stretch; urgency=high
.
* CVE-2018-7667: Adminer allowed unauthenticated connections to be initiated
to arbitrary systems and ports which could bypass external firewalls to
identify internal hosts and/or perform port scanning of other servers.
(Closes: #893668)
Checksums-Sha1:
8ae7c258df2749666d955a13663fd28af904b5dc 1809 adminer_4.2.5-3+deb9u1.dsc
05db4eb98bf092afe04052733612c2841ad97317 409762 adminer_4.2.5.orig.tar.bz2
2497a8541adf1f352942658dc352b75ea92ef99a 2732
adminer_4.2.5-3+deb9u1.debian.tar.xz
ed939788115cd89e7d002ecf2d757f1772378601 386380 adminer_4.2.5-3+deb9u1_all.deb
46244b1a3b17f2f484b0968fe04f2468b076545a 5709
adminer_4.2.5-3+deb9u1_amd64.buildinfo
Checksums-Sha256:
718c5bc1144f8f7e2b817387e236ac6a49dc96a402383d368f7b47add691a013 1809
adminer_4.2.5-3+deb9u1.dsc
69a177ba87ed0cf8d7633799248511d1c7d4cffb66c9a5742795e1de506f1946 409762
adminer_4.2.5.orig.tar.bz2
6109a0042955d441878280aa25073e97de5ad3b64384873e3914bf4a6fc4a7b6 2732
adminer_4.2.5-3+deb9u1.debian.tar.xz
1a885eeb402f1470d94908832471c397ac116ada6c24b8585ed0fe1d7a3c9a6d 386380
adminer_4.2.5-3+deb9u1_all.deb
fc17a857cd8d2fe3121530b3a3d09c3683669573b7912f6bac1394f56de8a9d9 5709
adminer_4.2.5-3+deb9u1_amd64.buildinfo
Files:
ffbbce0f60a274e0853977838cb49608 1809 web extra adminer_4.2.5-3+deb9u1.dsc
e4b85ffc6b5b674b83daadd9e9d23cfd 409762 web extra adminer_4.2.5.orig.tar.bz2
450a9aeb8d877e1bb98f914122ae213e 2732 web extra
adminer_4.2.5-3+deb9u1.debian.tar.xz
29481fc81488b6f06259df8583e47b0a 386380 web extra
adminer_4.2.5-3+deb9u1_all.deb
7a08ca773b4b524408408a3387d7b4da 5709 web extra
adminer_4.2.5-3+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrAmi4ACgkQHpU+J9Qx
Hlg95Q/+PYGMzgrH9Yb+fT/KppD5FanIZE79COauHORKLEBuG4OtQLTAomldvolu
FIBcZ3rgf6Y8X0iwIAlaIQivYJgF9SstHRIdBqbxDBBc238XvBApo5lhFjoXvzmJ
Iz6NIT57ozFODzqQdlV1AyfQcO1fdi6+e1PSuxXt5t7zN9Ujx8dAW2sIIj+IbGCW
LpwVBd+ZmWn00kZO3nbxVIneGhKQ7513gCBwv+qGf0g5mOmZqKM1oHRLiNW28Uwg
9np4btZKAVlrxomyzmN8c6idfCOGRdApXrg1er/Z+dXGf35NO9lbCQfAavEL8+nO
pekOOR/eAvznIWxneAF5Jr0sky2xnVa4GmlD8HI8vt4bSPPucLBsA2mh1hoxt0SN
VKGMwX07gv65eso8hdrNBIsFsJY7U6YsIHv0iQgSWdqcyor3bA4HbbOG8WKcjEwR
X7BsQwmlyQN4vBg3fG0B6q/WqKy6cTt6bqvqCDm95ZinIUyDke5NGGb0a4R4bBbl
ppSgVSYx/YfbipZOx8WcT20ax1cGwA3iJkl9478DBV02bRyHP428FH7bpIECp+4W
W4poozeQ3PtCa+cneulx9nCeJQ7Iv6gt0mH943ZTnJePr+u9GJjIra5Bayu0T0+G
rvexGzOvGy3F5kZMZ0qAmPbounckOvzmdYVUCa8/maJ4oWEhh+U=
=Yklv
-----END PGP SIGNATURE-----
--- End Message ---