Your message dated Wed, 15 Jan 2020 18:04:50 +0000 with message-id <e1irn2a-0000es...@fasolo.debian.org> and subject line Bug#948989: fixed in ksh 2020.0.0-2.1 has caused the Debian Bug report #948989, regarding ksh: CVE-2019-14868 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 948989: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948989 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ksh Version: 2020.0.0-2 Severity: grave Tags: security upstream Justification: user security hole Hi, The following vulnerability was published for ksh. CVE-2019-14868[0]: |environment variables on startup are interpreted as arithmetic |expression leading to code injection If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-14868 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14868 [1] https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ksh Source-Version: 2020.0.0-2.1 We believe that the bug you reported is fixed in the latest version of ksh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 948...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Boyuan Yang <by...@debian.org> (supplier of updated ksh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 15 Jan 2020 12:17:25 -0500 Source: ksh Architecture: source Version: 2020.0.0-2.1 Distribution: unstable Urgency: medium Maintainer: Anuradha Weeraman <aweera...@gmail.com> Changed-By: Boyuan Yang <by...@debian.org> Closes: 948989 Changes: ksh (2020.0.0-2.1) unstable; urgency=medium . * Non-maintainer upload. * debian/patches/0008: Cherry-pick upstream security fix. (CVE-2019-14868, Closes: #948989) Checksums-Sha1: 8d14d8669e16618adec9844f0cf0edc9f27722aa 1927 ksh_2020.0.0-2.1.dsc ada13f01ca66f5a0564bf74d9902774f8ef72dd9 19208 ksh_2020.0.0-2.1.debian.tar.xz c4f49592b9753c156d07018c5b8951b84c5b57e9 7094 ksh_2020.0.0-2.1_amd64.buildinfo Checksums-Sha256: fc4e8cd60a4a8a0d85f4900a6b69b3dafebb5dcc13b347dfb877c89a2d7ecaff 1927 ksh_2020.0.0-2.1.dsc 0bff767a252da25c597d94d2063d3372e3098f88c6aa87a15d550097aedf2cd1 19208 ksh_2020.0.0-2.1.debian.tar.xz 40713f4a2f8a7ac64bd193acadb4d028ede37f70565796ff85ca6b7635666d70 7094 ksh_2020.0.0-2.1_amd64.buildinfo Files: c674fa594b566cb81288fc16146e2ebc 1927 shells optional ksh_2020.0.0-2.1.dsc 4a0eeebfaebd47b3456fbc4fe344f098 19208 shells optional ksh_2020.0.0-2.1.debian.tar.xz be04edba67021111b5cb84b1ffefee01 7094 shells optional ksh_2020.0.0-2.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAl4fTOYACgkQwpPntGGC Ws63UQ/+MT8kSoAX65LTkaRUw8tWgeo3O2wiFmRiYvzKXsLllQ/fZp6wNQb3oIlI /ujNpaOJTgn4RFOtaPVg90TUnsS7wkLBYWWp9feVTzOg6wZDSZprED9r7zkFQPzm xZdAlk7lz49ndnPG6oLvBbxtBIUN96k+H74W1KlPxYCHDs/qdTdBjUXps7KkYdn5 YKsadaiRFGQ1rdpun1tohfppxj1RCVoElolO499H0k797+XHHq+10ABSAUyBSWaX GzflV9Sk7qtz3cpcNoWjXEIHRX73Z3GJ0Ksr4fPZrgGVmz7KY6AlFZrwbHbVc4BX t+jzOr0I81QZVaXZSjXo88C2TgS7PojT7E8s/QUNsBTg2gpFNtV00CECwsH2JZyr 2w2BXVVeF89MVT53L31yyW332+IIrP68MrPm29ALtMel9cv9BRcFvQPPay9lJghe g9OWUVD3VO58vCLDJfBl+ll7wbWR8+s9pDF6BozMAzCrFoNJQ61MDMCnrkPvH4Jd VdHrGHyTHsq1V9+lJdk/pAtE16C6mqnF7aRYo4UbeTlOXCja8n4RnrGGLflr/O5K BP757dLsmSFfaLOivK6Z/YTCiog9cFWq0ZKXDeEED8RcsZs0YuCeOjX9ZvIDlzsP LaycYtoX0UWS27GEP1zf1pdjFBKKGOj0jir5ggkZLwKH8a/k4A8= =yNch -----END PGP SIGNATURE-----
--- End Message ---
