Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-7537

Source

Debian Bug report logs - #869261
CVE-2017-7537

Package: src:dogtag-pki; Maintainer for src:dogtag-pki is Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Sat, 22 Jul 2017 06:45:02 UTC

Severity: grave

Tags: security

Found in version dogtag-pki/0.3.5+12-4

Fixed in version dogtag-pki/10.3.5+12-5

Done: Timo Aaltonen <tjaalton@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>:
Bug#869261; Package src:dogtag-pki. (Sat, 22 Jul 2017 06:45:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>. (Sat, 22 Jul 2017 06:45:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: dogtag-pki
Severity: grave
Tags: security

Please see:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537

Cheers,
        Moritz

Marked as found in versions dogtag-pki/0.3.5+12-4. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 22 Jul 2017 06:54:02 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>:
Bug#869261; Package src:dogtag-pki. (Mon, 24 Jul 2017 09:36:10 GMT) (full text, mbox, link).

Acknowledgement sent to Timo Aaltonen <tjaalton@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>. (Mon, 24 Jul 2017 09:36:10 GMT) (full text, mbox, link).

Message #12 received at 869261@bugs.debian.org (full text, mbox, reply):

On 22.07.2017 09:44, Moritz Muehlenhoff wrote:
> Source: dogtag-pki
> Severity: grave
> Tags: security
> 
> Please see:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537

dogtag doesn't build nor work on Debian atm because of updated tomcat8
and resteasy and upstream is slow porting against them, so this will
have to wait for some time still.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>:
Bug#869261; Package src:dogtag-pki. (Mon, 24 Jul 2017 10:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>. (Mon, 24 Jul 2017 10:57:03 GMT) (full text, mbox, link).

Message #17 received at 869261@bugs.debian.org (full text, mbox, reply):

On Mon, Jul 24, 2017 at 12:32:28PM +0300, Timo Aaltonen wrote:
> On 22.07.2017 09:44, Moritz Muehlenhoff wrote:
> > Source: dogtag-pki
> > Severity: grave
> > Tags: security
> > 
> > Please see:
> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537
> 
> dogtag doesn't build nor work on Debian atm because of updated tomcat8
> and resteasy and upstream is slow porting against them, so this will
> have to wait for some time still.

Take your time. If it's broken, noone is vulnerable :-) 

Cheers,
        Moritz

Reply sent to Timo Aaltonen <tjaalton@debian.org>:
You have taken responsibility. (Sat, 21 Oct 2017 22:21:12 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sat, 21 Oct 2017 22:21:12 GMT) (full text, mbox, link).

Message #22 received at 869261-close@bugs.debian.org (full text, mbox, reply):

Source: dogtag-pki
Source-Version: 10.3.5+12-5

We believe that the bug you reported is fixed in the latest version of
dogtag-pki, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 869261@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@debian.org> (supplier of updated dogtag-pki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 21 Oct 2017 11:58:04 +0300
Source: dogtag-pki
Binary: dogtag-pki pki-base pki-base-java python3-pki-base pki-tools pki-server pki-ca dogtag-pki-console-theme dogtag-pki-server-theme pki-console pki-kra pki-ocsp pki-tks pki-tps pki-tps-client pki-javadoc libsymkey-java libsymkey-jni
Architecture: source
Version: 10.3.5+12-5
Distribution: unstable
Urgency: medium
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
Changed-By: Timo Aaltonen <tjaalton@debian.org>
Description:
 dogtag-pki - Dogtag Public Key Infrastructure (PKI) Suite
 dogtag-pki-console-theme - Certificate System - PKI Console User Interface
 dogtag-pki-server-theme - Certificate System - PKI Server User Interface
 libsymkey-java - Symmetric Key Java library
 libsymkey-jni - Symmetric Key JNI Library
 pki-base   - Certificate System - PKI Framework
 pki-base-java - Certificate System - PKI Framework -- java client support
 pki-ca     - Certificate System - Certificate Authority
 pki-console - Certificate System - PKI Console
 pki-javadoc - Certificate System - PKI Framework Javadocs
 pki-kra    - Certificate System - Data Recovery Manager
 pki-ocsp   - Certificate System - Online Certificate Status Protocol Manager
 pki-server - Certificate System - PKI Server Framework
 pki-tks    - Certificate System - Token Key Service
 pki-tools  - Certificate System - PKI Tools
 pki-tps    - Certificate System - Token Processing System
 pki-tps-client - Certificate System - Token Processing System client
 python3-pki-base - Certificate System - PKI Framework -- python3 client support
Closes: 823332 846714 869261
Changes:
 dogtag-pki (10.3.5+12-5) unstable; urgency=medium
 .
   * rules: Add a link to jboss-logging.jar.
   * pki-base, pki-server: Fix postinst, strip cruft from the version string.
   * control: Use tomcat8.0. (Closes: #823332, #846714)
   * control: Add libcommons-httpclient-java to build-depends, and
     pki-base-java depends.
   * control: Use resteasy3.0.
   * fix-CVE-2017-7537.diff: Change defaults for cmc plugin. (Closes:
     #869261)
   * control: Bump dependency on libtomcajss-java to verify we have the
     correct build.
Checksums-Sha1:
 d6076256048ac3d718706bedfe539d8380c119d9 3550 dogtag-pki_10.3.5+12-5.dsc
 0c463d3e5da12af54e99705513a14754d393a072 32132 dogtag-pki_10.3.5+12-5.debian.tar.xz
Checksums-Sha256:
 6c04541ce44e3bf701bf91678dbe76107acbf0cd09ed1d09e0d0720365e58928 3550 dogtag-pki_10.3.5+12-5.dsc
 99dc094f5eddd56f05284b05fa0fde94de9ff5a61dcf05767c2ad473151448ee 32132 dogtag-pki_10.3.5+12-5.debian.tar.xz
Files:
 91159718c5a4c6509cdd769119ed09ad 3550 java optional dogtag-pki_10.3.5+12-5.dsc
 710882b4da8450a5755ca58e2945aa90 32132 java optional dogtag-pki_10.3.5+12-5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJZ6wwxAAoJEMtwMWWoiYTcDYEP/2pSyIAxIzPNRZq9cgWRQza9
112oZUFjmpwkdY/+6nFUsEsSBE1Xdmh4JgwoZpiSixMsiDhsxY+FF+j28qOt7dPQ
pCrXaLicrXpri51ixaaonlaKTkiwdS5aBJxy1l9diXchiZaea0JxDx4U4WahijzC
TDfl7W3rZ8w82hPAy7BUpQ5jE45UfNCjSNRJU89xIi3BxVjKygEF1zzWYBDwOFUF
fzbRmvbu6+/UHI/A//dwOWWIOtxJCfD7jehuhnOV9MiFfuc0CN7r1Jx7QJXH2b4n
7/9o/YElDbQzaZTrS67QDR2GL0cpRW0+lV5F8NI/89hjDmWxu4ibC5e77N3eH0C4
8DUnkuQcHpVZ3KN7+Il1+DMuBkDAISjkY5ynQ3kG2sueoC+7OB1Le7TL9zw3Rswh
GO9YSScH//TQtmfRYcnjcWpc60y/AnVniKXNGGi7llVNBFHNk9lbOhxBRg2vXJbh
RKF6fT0S86QqQhatbS3KZP2T+IeMtpRV/muaqe/Ih+LlZ4l1UA53ru2KuBS6EaT6
kyHcKmSJER2KDh4GaXZ70eSP0lOGT0I9TEDTUq9jB82Q2ITq6dPqTMwxZAbdFJKO
iCBv0GzwHOgcZPDjV7gWbGG1KABL+lMP16Us7+u05OLBKEwVrUqrMOzD/JrrsVn5
QdRvbzd6d3WeKB82deNj
=ioL0
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 19 Nov 2017 07:27:59 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:53:00 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-7537

Debian Bug report logs - #869261
CVE-2017-7537

Vulmon Search

About

Products

Connect

CVE-2017-7537

Debian Bug report logs - #869261 CVE-2017-7537

Vulmon Search

About

Products

Connect

Debian Bug report logs - #869261
CVE-2017-7537