Debian Bug report logs -
#849632
tqdm: CVE-2016-10075: insecure use of git
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sandro Tosi <morph@debian.org>:
Bug#849632; Package src:tqdm.
(Thu, 29 Dec 2016 10:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sandro Tosi <morph@debian.org>.
(Thu, 29 Dec 2016 10:09:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: tqdm
Version: 4.10.0-1
Severity: normal
Tags: security upstream
Forwarded: https://github.com/tqdm/tqdm/issues/328
Hi,
the following vulnerability was published for tqdm.
CVE-2016-10075[0]:
insecure use of git
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10075
[1] https://github.com/tqdm/tqdm/issues/328
Regards,
Salvatore
Added tag(s) pending.
Request was from Sandro Tosi <morph@debian.org>
to control@bugs.debian.org.
(Tue, 24 Jan 2017 00:36:06 GMT) (full text, mbox, link).
Message sent on
to Salvatore Bonaccorso <carnil@debian.org>:
Bug#849632.
(Tue, 24 Jan 2017 00:36:10 GMT) (full text, mbox, link).
Message #10 received at 849632-submitter@bugs.debian.org (full text, mbox, reply):
tag 849632 pending
thanks
Hello,
Bug #849632 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=python-modules/packages/tqdm.git;a=commitdiff;h=f62d012
---
commit f62d012bb6568a842405d069cb48908510d85b69
Author: Sandro Tosi <morph@debian.org>
Date: Mon Jan 23 19:30:00 2017 -0500
New upstream release; Closes: #849632
diff --git a/debian/changelog b/debian/changelog
index dcda53e..d67d3fc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,8 @@
tqdm (4.11.2-1) UNRELEASED; urgency=medium
- * New upstream release
+ * New upstream release; Closes: #849632
- -- Sandro Tosi <morph@debian.org> Mon, 23 Jan 2017 19:28:02 -0500
+ -- Sandro Tosi <morph@debian.org> Mon, 23 Jan 2017 19:29:52 -0500
tqdm (4.11.1-1) unstable; urgency=medium
Reply sent
to Sandro Tosi <morph@debian.org>:
You have taken responsibility.
(Tue, 24 Jan 2017 00:51:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 24 Jan 2017 00:51:03 GMT) (full text, mbox, link).
Message #15 received at 849632-close@bugs.debian.org (full text, mbox, reply):
Source: tqdm
Source-Version: 4.11.2-1
We believe that the bug you reported is fixed in the latest version of
tqdm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 849632@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sandro Tosi <morph@debian.org> (supplier of updated tqdm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 23 Jan 2017 19:30:01 -0500
Source: tqdm
Binary: python-tqdm python3-tqdm
Architecture: source all
Version: 4.11.2-1
Distribution: unstable
Urgency: medium
Maintainer: Sandro Tosi <morph@debian.org>
Changed-By: Sandro Tosi <morph@debian.org>
Description:
python-tqdm - fast, extensible progress bar for Python 2
python3-tqdm - fast, extensible progress bar for Python 3 and CLI tool
Closes: 849632
Changes:
tqdm (4.11.2-1) unstable; urgency=medium
.
* New upstream release; Closes: #849632
Checksums-Sha1:
1dbad5a19dd6c2f9ae987a471f4fe0d3395ed048 2101 tqdm_4.11.2-1.dsc
34a2d9319f14eb1b60270641edb51356b3aca410 100161 tqdm_4.11.2.orig.tar.gz
37a050f59df73ff3f4e720ef570ad879c4d3590f 7644 tqdm_4.11.2-1.debian.tar.xz
5ebc9703d02d06a431065fcaa06f411315474646 49406 python-tqdm_4.11.2-1_all.deb
35b2cc276ec7d23608328296db4cb6a705353f2e 49710 python3-tqdm_4.11.2-1_all.deb
f383dda4bcf1a4a854c090909ac3319a340cc9a2 6310 tqdm_4.11.2-1_amd64.buildinfo
Checksums-Sha256:
998fa1c703ac0a9bb8178c4f8e5f4cd021865bdb22ee73265c7993da12f08dda 2101 tqdm_4.11.2-1.dsc
14baa7a9ea7723d46f60de5f8c6f20e840baa7e3e193bf0d9ec5fe9103a15254 100161 tqdm_4.11.2.orig.tar.gz
579c6edc89796afdb52d1bca377351aae4bf5eb49a99b17394a8747e1db4ae27 7644 tqdm_4.11.2-1.debian.tar.xz
2f179a77f17b3cc30f856aa590e913a0de9ad5f4d9e036f30867222c0956bd52 49406 python-tqdm_4.11.2-1_all.deb
2e20a6fa2373e8005a575d15a2f7ab49a1134ed835ab7cd02e6ee9d5a1e2b171 49710 python3-tqdm_4.11.2-1_all.deb
b683715afcd1ed5b69eb38879c8e2244da2773ad550bfcb4f7357d19a8b51ec1 6310 tqdm_4.11.2-1_amd64.buildinfo
Files:
e24f8a75bbff3cc473cebc4cb9e22885 2101 python optional tqdm_4.11.2-1.dsc
f1fdea742f527b0049850d261197eedf 100161 python optional tqdm_4.11.2.orig.tar.gz
aa452b1dc0d202641ce6df185819017b 7644 python optional tqdm_4.11.2-1.debian.tar.xz
f34cd4cb55429bb67714e60b1b674fa9 49406 python optional python-tqdm_4.11.2-1_all.deb
90c010dd8105be4ef85cd2f206f174a2 49710 python optional python3-tqdm_4.11.2-1_all.deb
c68d6a436623dd790394c8cb24c58960 6310 python optional tqdm_4.11.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEufrTGSrz5KUwnZ05h588mTgBqU8FAliGoLcACgkQh588mTgB
qU+pXA//TxugyPTTP7ZL2d/54fgEKcHNaJaEwh+Iwfhat4G+AbiR25oPOj9brTSk
Lgo9+AdY11FtpX86ojvGx0XBMbuxYz0pAQN/1EckjMxM3IFY+pPU/P95kHfxSKv6
GIFV4sxxBObqtR9hNYF9MOqGVMA0e0C0SN6UzuBE5TGtRS1GYYq8hitzBqujk1xH
KIOUkY0IselcKmLh8raa/4N0KN1T15QsUbVbVx47N7RLulaIDA7noNaex8DmncHe
7f9dGewx/qkzByPvDDmKKCaVWerekhrNbk6rIwNXdMSI/+Iz1KYMS9hGJNzDPFOg
0JVlQvjO7IQEva+eY1H3oDrKh4sz9Cd9iCRZ1So3lsKcwEl+Mn7LeBzyR4ZFSrmK
JSKNQWc6OablJv6zzDeveNF/zBgjmN0RqBjCR/KmT5vsS+eJdiCjTIgZkFLrab7a
yePOv5naQzXU/NQBD1LochrSQzMcbUVOb+aiXzSaynIHF9Xdbqq6H0t5acw96RZn
ajRGRbL3tWatescp/Pif5kCnbMxKizu5Igd2hYzI6QfjaXft+xjnxEcf+n63XpLv
4bTCeVDLXBb+xCu9dW753eV+yUOE6m62oFjw4mukAmxfsc578q3RNzsHiyhJEi2Z
IZ/LOJBpcyNmEPoJjESdh741nSY8dQe0SbhBeUfzsoGyfo+Lq8g=
=7ueZ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 03 Mar 2017 07:29:18 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:23:40 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon