Your message dated Sun, 13 May 2018 20:51:51 +0000 with message-id <e1fhxyb-000fke...@fasolo.debian.org> and subject line Bug#893668: fixed in adminer 3.3.3-1+deb8u1 has caused the Debian Bug report #893668, regarding adminer: CVE-2018-7667 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 893668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893668 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: adminer Version: 4.2.5-3 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for adminer. CVE-2018-7667[0]: | Adminer through 4.3.1 has SSRF via the server parameter. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7667 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: adminer Source-Version: 3.3.3-1+deb8u1 We believe that the bug you reported is fixed in the latest version of adminer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 893...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated adminer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 07 May 2018 09:06:51 -0700 Source: adminer Binary: adminer Architecture: source all Version: 3.3.3-1+deb8u1 Distribution: jessie Urgency: high Maintainer: Medhamsh V <m...@medhamsh.org> Changed-By: Chris Lamb <la...@debian.org> Description: adminer - Web-based database administration tool Closes: 893668 Changes: adminer (3.3.3-1+deb8u1) jessie; urgency=high . * CVE-2018-7667: Adminer allowed unauthenticated connections to be initiated to arbitrary systems and ports which could bypass external firewalls to identify internal hosts and/or perform port scanning of other servers. (Closes: #893668) Checksums-Sha1: b31208291084d5c6087c18248f714cda05fa63d8 1851 adminer_3.3.3-1+deb8u1.dsc 152c4969356d6330382d28dd22e6f16e0d9653bf 3404 adminer_3.3.3-1+deb8u1.debian.tar.xz 60a5a781ce2ba73955f1bd148598b08987606a1e 242238 adminer_3.3.3-1+deb8u1_all.deb Checksums-Sha256: f02979dd83d45231319325ec33ee1c3956589a598fb15746910463e5aa8cef57 1851 adminer_3.3.3-1+deb8u1.dsc 168cbe44a91fc809a8ff37a5ac7f077252b00d75810b2a1c18500a0bee1f4f63 3404 adminer_3.3.3-1+deb8u1.debian.tar.xz b836b655330e4966879b72e8779b766cc457ec3a65fd3de7a8e71556a957f7ff 242238 adminer_3.3.3-1+deb8u1_all.deb Files: 4ef4480574c57b6ed93165e06414aea2 1851 web extra adminer_3.3.3-1+deb8u1.dsc fe7be26d19e366eb8667cd43dd01d080 3404 web extra adminer_3.3.3-1+deb8u1.debian.tar.xz 5019c04c412f7f3e1a460f33b0e10f28 242238 web extra adminer_3.3.3-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrweeIACgkQHpU+J9Qx HlhpdA//YHKcK623ufQYm+Ad4GJb986YEk1p2YZy7Nv31kcCtnZsutHqihcXlhPT WQSKGEfmaCORXzhlqx+qOjmrG+3QZa943+vUmUWgzpVIF39s/JuE2YjHSW6M5yYU +JJCrVJ4l7kezEdMwYWd2EqjBuXCShDeEtSE8ytPAIMNnICuPF02CwCoQPDsUoDM nXAeSZQxUUskqaZWLKOWgu3i7n5tBqYAYoN36f4Tj1PEp+ou7i/EZ80Z2jmf6W65 X6eqVYxU7LjiAuzDeVRhYEiIuPpbSnAoBA5aL5OfIe7YjQyB3ICPCXwZ60DQSA0U gsuZf4GuPCLahaYYxmNES3vPdc3rPVmVTYNIEyfsaPLUTbU+E9rGp8lq6hQbO6kM 3jxI5AVUl3h+JCTEw213lWzXdKUdi0grkBRSsPL8aS52r5gQvZ6aG4XNlsectest S2Kg9iKv1zR0Lg1NSV3esjpMwEnHYpaiOwyhsMMV2I6Q5KneZn73eMK/P49ODdBg xmtH2GK8At1U6fEuYMkgnHstcpIC/oog3ZvdAicTBCU1OkrVKLkJrxhGdb7OwmsO szJvOvfx6Hlwp++C5ko/sIxMh7axcNBQE0VwA/U9kkik1ekpNmyl5SnYDY7q+nBo XxCRtKS4z7SnbFmshjTzPyNrJYfIEpOuQ/2uQr4ZPnP2lDT/mz8= =wlHB -----END PGP SIGNATURE-----
--- End Message ---
