Debian Bug report logs -
#913095
CVE-2018-18778
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 6 Nov 2018 21:21:01 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version mini-httpd/1.23-1.2
Fixed in version mini-httpd/1.30-0.1
Done: Dmitry Bogatov <KAction@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Jose dos Santos Junior <j.s.junior@live.com>:
Bug#913095; Package mini-httpd.
(Tue, 06 Nov 2018 21:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Jose dos Santos Junior <j.s.junior@live.com>.
(Tue, 06 Nov 2018 21:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mini-httpd
Severity: grave
Tags: security
See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18778
(The package seems unmaintained, if that's the case, don't NMU,
but keep it out of buster via auto-removals (and eventual archive
removal unless adopted))
Cheers,
Moritz
Marked as found in versions mini-httpd/1.23-1.2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 06 Nov 2018 21:42:06 GMT) (full text, mbox, link).
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 06 Nov 2018 21:42:07 GMT) (full text, mbox, link).
Reply sent
to Dmitry Bogatov <KAction@debian.org>:
You have taken responsibility.
(Thu, 22 Nov 2018 17:12:30 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Thu, 22 Nov 2018 17:12:30 GMT) (full text, mbox, link).
Message #14 received at 913095-close@bugs.debian.org (full text, mbox, reply):
Source: mini-httpd
Source-Version: 1.30-0.1
We believe that the bug you reported is fixed in the latest version of
mini-httpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 913095@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dmitry Bogatov <KAction@debian.org> (supplier of updated mini-httpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 15 Nov 2018 16:20:33 +0000
Source: mini-httpd
Binary: mini-httpd
Architecture: source amd64
Version: 1.30-0.1
Distribution: unstable
Urgency: medium
Maintainer: Jose dos Santos Junior <j.s.junior@live.com>
Changed-By: Dmitry Bogatov <KAction@debian.org>
Description:
mini-httpd - Small HTTP server
Closes: 902816 913095
Changes:
mini-httpd (1.30-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* New upstream release (Closes: #913095)
* Fix init.d script (Closes: #902816)
* Add Vcs-* fields into `debian/control'.
Checksums-Sha1:
6b626d153838c42325cd4dd81824441599bd67f7 1893 mini-httpd_1.30-0.1.dsc
42b3862ce728f948440378de3b26fd29199febe4 43889 mini-httpd_1.30.orig.tar.gz
e97fa540d1ba9ff257c1a78986cdc7412e8057ee 14436 mini-httpd_1.30-0.1.debian.tar.xz
11a1ebd30fdffce994a4e9e98e9974678b61f930 5770 mini-httpd_1.30-0.1_amd64.buildinfo
d41e25ac473fcf91e1e088f37758bbb521a3ac0e 43536 mini-httpd_1.30-0.1_amd64.deb
Checksums-Sha256:
3904150334c13aa6123be1e8f172191bfa179e198eee9a91400876f97afdf582 1893 mini-httpd_1.30-0.1.dsc
9c4481802af8dde2e164062185c279e9274525c3af93d014fdc0b80cf30bca6e 43889 mini-httpd_1.30.orig.tar.gz
45a7feebb21043f9a265e25a8aba5c3dee1399219d93810a5c0cdf3cee30b2a0 14436 mini-httpd_1.30-0.1.debian.tar.xz
1fc55380fa0a89d06ea66a0c40f00d76c577d8a650d6648939f831467095fac6 5770 mini-httpd_1.30-0.1_amd64.buildinfo
4a2ff0d0e8a7f91328b5f2de85709efc000f1897dceacceeabfc66fce1a0ed24 43536 mini-httpd_1.30-0.1_amd64.deb
Files:
65571f4cc5a5563d590651f1e236fb19 1893 web optional mini-httpd_1.30-0.1.dsc
5b6c820cbc7adbb9a3ec733c997d908a 43889 web optional mini-httpd_1.30.orig.tar.gz
b670c938e634ccd03924b0dda23cfe1f 14436 web optional mini-httpd_1.30-0.1.debian.tar.xz
07cdce62ad6b80ddb7b0f0a5b86e4eef 5770 web optional mini-httpd_1.30-0.1_amd64.buildinfo
0e5e9603ca602ec2274c24ec444918e9 43536 web optional mini-httpd_1.30-0.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEhnHVzDbtdH7ktKj4SBLY3qgmEeYFAlvtnO4THGthY3Rpb25A
ZGViaWFuLm9yZwAKCRBIEtjeqCYR5k16D/9VeDePk5Y/rwpwB4Aj4DSHQ8CsCPNK
+BtPr/ZtYqzfCmT4S+yMxdA0/hzJ+RJXb9oo4GyEoY2k6JluBp3NgjVBlYolxoLw
HYwuj074Iu47A452vi3rI51HVuVTHKFXoY/rnN3gRoyKuLmH+eUtHxsTpARb3aMx
47bqH2zpvhkUFnwA1iZBt5Ut6VnFDHOaa0zWwGwW/0mpxPQD2IsJ3T6IPhJC3JvO
IxEHhFKlLVVtwRLiGHQ2Ugkd+NNFbPvzXsGCFD/TkZ0bRe8ayQBwTxCxGMcTDkHf
B7Tez2zMUeDYrQYwAd2FHhqoXetLWbgvbqVSaXEvfA/aGsiP21B0s7PRqdWsTDqd
f7zShNcGqrLsI6BsCjGc8+pKm1ash71I1PoBO5wigKb7fU0GPvA9r1VyIOCm+3BU
PZ/GibcPMcLqkD3TbJD5THex5I7Y/X0VBJAkFm3/0xzVr+YD8s+RPUyUumclot8Y
/H6xqT68nvaQhnPDJ0g3FaA3oQPjlmA9TBBVq7d8rod6Q81U5xIhZkKOsYlD4RGx
K//MXM5MGVCBtflaMvVSPjON4UoX8OMzOyxVYkZY6kus5alqTV/u81ZnN9Jss5AU
dI9FYnuSM+WOGZMtj0UWPlxoY9HBzzYCzTTNFJzL8m+meY34x01kQ9VK4xNizB0M
KkrJ170CGmZysg==
=VbW+
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:22:09 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon