Debian Bug report logs -
#869261
CVE-2017-7537
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Sat, 22 Jul 2017 06:45:02 UTC
Severity: grave
Tags: security
Found in version dogtag-pki/0.3.5+12-4
Fixed in version dogtag-pki/10.3.5+12-5
Done: Timo Aaltonen <tjaalton@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
:
Bug#869261
; Package src:dogtag-pki
.
(Sat, 22 Jul 2017 06:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
.
(Sat, 22 Jul 2017 06:45:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: dogtag-pki
Severity: grave
Tags: security
Please see:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537
Cheers,
Moritz
Marked as found in versions dogtag-pki/0.3.5+12-4.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 22 Jul 2017 06:54:02 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
:
Bug#869261
; Package src:dogtag-pki
.
(Mon, 24 Jul 2017 09:36:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Timo Aaltonen <tjaalton@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
.
(Mon, 24 Jul 2017 09:36:10 GMT) (full text, mbox, link).
Message #12 received at 869261@bugs.debian.org (full text, mbox, reply):
On 22.07.2017 09:44, Moritz Muehlenhoff wrote:
> Source: dogtag-pki
> Severity: grave
> Tags: security
>
> Please see:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537
dogtag doesn't build nor work on Debian atm because of updated tomcat8
and resteasy and upstream is slow porting against them, so this will
have to wait for some time still.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
:
Bug#869261
; Package src:dogtag-pki
.
(Mon, 24 Jul 2017 10:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
.
(Mon, 24 Jul 2017 10:57:03 GMT) (full text, mbox, link).
Message #17 received at 869261@bugs.debian.org (full text, mbox, reply):
On Mon, Jul 24, 2017 at 12:32:28PM +0300, Timo Aaltonen wrote:
> On 22.07.2017 09:44, Moritz Muehlenhoff wrote:
> > Source: dogtag-pki
> > Severity: grave
> > Tags: security
> >
> > Please see:
> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537
>
> dogtag doesn't build nor work on Debian atm because of updated tomcat8
> and resteasy and upstream is slow porting against them, so this will
> have to wait for some time still.
Take your time. If it's broken, noone is vulnerable :-)
Cheers,
Moritz
Reply sent
to Timo Aaltonen <tjaalton@debian.org>
:
You have taken responsibility.
(Sat, 21 Oct 2017 22:21:12 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Sat, 21 Oct 2017 22:21:12 GMT) (full text, mbox, link).
Message #22 received at 869261-close@bugs.debian.org (full text, mbox, reply):
Source: dogtag-pki
Source-Version: 10.3.5+12-5
We believe that the bug you reported is fixed in the latest version of
dogtag-pki, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 869261@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@debian.org> (supplier of updated dogtag-pki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 21 Oct 2017 11:58:04 +0300
Source: dogtag-pki
Binary: dogtag-pki pki-base pki-base-java python3-pki-base pki-tools pki-server pki-ca dogtag-pki-console-theme dogtag-pki-server-theme pki-console pki-kra pki-ocsp pki-tks pki-tps pki-tps-client pki-javadoc libsymkey-java libsymkey-jni
Architecture: source
Version: 10.3.5+12-5
Distribution: unstable
Urgency: medium
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
Changed-By: Timo Aaltonen <tjaalton@debian.org>
Description:
dogtag-pki - Dogtag Public Key Infrastructure (PKI) Suite
dogtag-pki-console-theme - Certificate System - PKI Console User Interface
dogtag-pki-server-theme - Certificate System - PKI Server User Interface
libsymkey-java - Symmetric Key Java library
libsymkey-jni - Symmetric Key JNI Library
pki-base - Certificate System - PKI Framework
pki-base-java - Certificate System - PKI Framework -- java client support
pki-ca - Certificate System - Certificate Authority
pki-console - Certificate System - PKI Console
pki-javadoc - Certificate System - PKI Framework Javadocs
pki-kra - Certificate System - Data Recovery Manager
pki-ocsp - Certificate System - Online Certificate Status Protocol Manager
pki-server - Certificate System - PKI Server Framework
pki-tks - Certificate System - Token Key Service
pki-tools - Certificate System - PKI Tools
pki-tps - Certificate System - Token Processing System
pki-tps-client - Certificate System - Token Processing System client
python3-pki-base - Certificate System - PKI Framework -- python3 client support
Closes: 823332 846714 869261
Changes:
dogtag-pki (10.3.5+12-5) unstable; urgency=medium
.
* rules: Add a link to jboss-logging.jar.
* pki-base, pki-server: Fix postinst, strip cruft from the version string.
* control: Use tomcat8.0. (Closes: #823332, #846714)
* control: Add libcommons-httpclient-java to build-depends, and
pki-base-java depends.
* control: Use resteasy3.0.
* fix-CVE-2017-7537.diff: Change defaults for cmc plugin. (Closes:
#869261)
* control: Bump dependency on libtomcajss-java to verify we have the
correct build.
Checksums-Sha1:
d6076256048ac3d718706bedfe539d8380c119d9 3550 dogtag-pki_10.3.5+12-5.dsc
0c463d3e5da12af54e99705513a14754d393a072 32132 dogtag-pki_10.3.5+12-5.debian.tar.xz
Checksums-Sha256:
6c04541ce44e3bf701bf91678dbe76107acbf0cd09ed1d09e0d0720365e58928 3550 dogtag-pki_10.3.5+12-5.dsc
99dc094f5eddd56f05284b05fa0fde94de9ff5a61dcf05767c2ad473151448ee 32132 dogtag-pki_10.3.5+12-5.debian.tar.xz
Files:
91159718c5a4c6509cdd769119ed09ad 3550 java optional dogtag-pki_10.3.5+12-5.dsc
710882b4da8450a5755ca58e2945aa90 32132 java optional dogtag-pki_10.3.5+12-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJZ6wwxAAoJEMtwMWWoiYTcDYEP/2pSyIAxIzPNRZq9cgWRQza9
112oZUFjmpwkdY/+6nFUsEsSBE1Xdmh4JgwoZpiSixMsiDhsxY+FF+j28qOt7dPQ
pCrXaLicrXpri51ixaaonlaKTkiwdS5aBJxy1l9diXchiZaea0JxDx4U4WahijzC
TDfl7W3rZ8w82hPAy7BUpQ5jE45UfNCjSNRJU89xIi3BxVjKygEF1zzWYBDwOFUF
fzbRmvbu6+/UHI/A//dwOWWIOtxJCfD7jehuhnOV9MiFfuc0CN7r1Jx7QJXH2b4n
7/9o/YElDbQzaZTrS67QDR2GL0cpRW0+lV5F8NI/89hjDmWxu4ibC5e77N3eH0C4
8DUnkuQcHpVZ3KN7+Il1+DMuBkDAISjkY5ynQ3kG2sueoC+7OB1Le7TL9zw3Rswh
GO9YSScH//TQtmfRYcnjcWpc60y/AnVniKXNGGi7llVNBFHNk9lbOhxBRg2vXJbh
RKF6fT0S86QqQhatbS3KZP2T+IeMtpRV/muaqe/Ih+LlZ4l1UA53ru2KuBS6EaT6
kyHcKmSJER2KDh4GaXZ70eSP0lOGT0I9TEDTUq9jB82Q2ITq6dPqTMwxZAbdFJKO
iCBv0GzwHOgcZPDjV7gWbGG1KABL+lMP16Us7+u05OLBKEwVrUqrMOzD/JrrsVn5
QdRvbzd6d3WeKB82deNj
=ioL0
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 19 Nov 2017 07:27:59 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:53:00 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.