Your message dated Mon, 07 Jun 2021 08:20:00 +0000
with message-id <[email protected]>
and subject line Bug#978416: fixed in python-autobahn 17.10.1+dfsg1-7
has caused the Debian Bug report #978416,
regarding python-autobahn: CVE-2020-35678
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
978416: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978416
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-autobahn
Version: 17.10.1+dfsg1-6
Severity: important
Tags: security upstream
Forwarded: https://github.com/crossbario/autobahn-python/pull/1439
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for python-autobahn.
CVE-2020-35678[0]:
| Autobahn|Python before 20.12.3 allows redirect header injection.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-35678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35678
[1] https://github.com/crossbario/autobahn-python/pull/1439
[2]
https://github.com/crossbario/autobahn-python/commit/f7b7ad5c1066bdcc551775b73da15dca5c111623
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-autobahn
Source-Version: 17.10.1+dfsg1-7
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-autobahn, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated python-autobahn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 07 Jun 2021 09:49:43 +0200
Source: python-autobahn
Architecture: source
Version: 17.10.1+dfsg1-7
Distribution: unstable
Urgency: high
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 978416
Changes:
python-autobahn (17.10.1+dfsg1-7) unstable; urgency=high
.
* CVE-2020-35678: allows redirect header injection. Applied upstream patch:
URL must be re-encoded when doing redirect (Closes: #978416).
Checksums-Sha1:
e92afafbd8c5ee4cca46ecdb7463c0f0f3a05ae8 2513
python-autobahn_17.10.1+dfsg1-7.dsc
3f8245fc8b01f40bf05431bbe978dbdb60ac000d 5432
python-autobahn_17.10.1+dfsg1-7.debian.tar.xz
e3053b605dbc9079878f356c1b879507da9cac06 9268
python-autobahn_17.10.1+dfsg1-7_amd64.buildinfo
Checksums-Sha256:
cb32feb52bcaec3b5718b503c380d0d7503cbd287e2ee4e3ce2ea964ab532c01 2513
python-autobahn_17.10.1+dfsg1-7.dsc
9fe687534c2f3f50a746531b4610ccfc10a7cf36f3933a956d279b1f72a0153e 5432
python-autobahn_17.10.1+dfsg1-7.debian.tar.xz
618fc2dd0465cbb11e6602eee0a268bdfc0fa562fba532a629b8e66c8689acfe 9268
python-autobahn_17.10.1+dfsg1-7_amd64.buildinfo
Files:
8c41881f45fedde53f0f02fef6129332 2513 python optional
python-autobahn_17.10.1+dfsg1-7.dsc
cde1e02cce9a15cbdef7b5f8a20a5fad 5432 python optional
python-autobahn_17.10.1+dfsg1-7.debian.tar.xz
e5e80ed5f7c43802818b2538b0369e7b 9268 python optional
python-autobahn_17.10.1+dfsg1-7_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmC90PEACgkQ1BatFaxr
Q/55WxAAgenJdWu2Ue1+Zy8AcpajMUTYAcBcB3YC+ktQXYfVbTtdeQL26URIxVVC
+qLwqq3fAG2gNxvqW4oD4YYiWERXi/vg7BPZw20YHyNqxtvA2jQZV7yJhxXvxsv4
kmWS7AZcFji2QOwhsq/S2DDH44TK5eUiY+DB0RylgspAugfIEQ19y66/GdUwG7rN
/sEH7MRL9IglIPljkOoRJljasUTCqGiiFpI7gsR3hyHvDB2DO6/5IOI+YhetM4AC
ZhbigfdkKptbP9ww9iZZYea/TrwTYft8yMGSzcWG3t1tZkaA0mCiospucISWYr5J
egb1GHx8LRkeQVlp5n1omPUMHvFOQttP8xcFMyGqFq+Q4aWufjz+iSlj12HEpXG7
rV1w1cCOzmEr/B+5YKJHEJB2Th/Wh3ue8EpniFFR3renDX8ANXtUNwTCsBMadMOj
2UY0uCiqzdxGmWe7CDPr4QaHZKuX576A1jiej2Up1YsTxvZec0mcD1WBqgOwfTQB
l+mnM0oQ21P2iaF3Zduk5vbsrBKxnkfNHX02/7Bl5CpDBfuPTjic2B2DqhhCjLSx
aH4mjVfsFKIf14G5Ief/Uu8og7mQiKoeKU6IzLHv+CAdk8yPTXRM6/+7eqzA2x7y
ET0lYnB9u+jUJWuYr3w3EnWdFza0+P26rc88Q8KbAKVPNPtULn0=
=WIFD
-----END PGP SIGNATURE-----
--- End Message ---