[SECURITY] [DLA 1252-1] couchdb security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1252-1] couchdb security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 21 Jan 2018 19:20:15 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1801211918510.6213@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : couchdb
Version        : 1.2.0-5+deb7u1
CVE ID         : CVE-2017-12635 CVE-2017-12636


CVE-2017-12635
     Prevent non-admin users to give themselves admin privileges.

CVE-2017-12636
     Blacklist some configuration options to prevent execution of
     arbitrary shell commands as the CouchDB user


For Debian 7 "Wheezy", these problems have been fixed in version
1.2.0-5+deb7u1.

We recommend that you upgrade your couchdb packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJaZNnfXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHG78P/1X1IfkP9wIazvsgtVpHN2AN
CTvOkhPznj6Ib2UlfZqnJ/R9Jy9kgEJIB9OPpamss7sjp9H4yGv/utSIQhNea0Pl
9OvB6HVdWguFNkPxkjsMdVcyR0b9Jm9TITXPBYyHRf/VrGhXYHDBnTrb/GWCuO00
8V8WNWCaDzsv4i1lskQf/esNsB4jcvVneWG/+YFHCgASUIA2zc7vP9VmLmi4CPQk
5F9l7+R1NeKvc1ccFS4MoxYIMubTV6OijyaMBfkY61UnSu0CDnrHF20QrCcJVZRX
/7BXKm8+eC/5hFz2Uwhvwq0UUZfjz7/T8ilCNYBQO3ZqZE8svwzlaKiPz5Cx9HB9
BZZa2oq63wky+OTcY3aZDWmiflSSm/EZbWaVRAF7MiSM9xqkdqxwoySCsqPrcJpZ
8SG07S/vW2W5o3JRrRqd8kkQPzCKBLI7drkcOdNny93CJADq9UaTep8pD4Sz6V0l
naJHHKGXUkmpRZ8O/DVWQZsAofe3pvsMw3EjNff2KbzUkaTWCHueo09g2yKrqOXK
Jx/Pr6g4G1LNlRaOk1LzdtnpdPSmTFgqQHfn5USep0hkOyFNgOKRARhTt40+h/r/
vr2Un46mgDdkICOLzCCzu5URXHyFXdZawmDj7MiZnNYxKg8FwDUjT0O2q1Rx98ZF
vxFVojkut+CwAzlkznuG
=Jj69
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1251-1] php5 security update
Next by Date: [SECURITY] [DLA 1253-1] openocd security update
Previous by thread: [SECURITY] [DLA 1251-1] php5 security update
Next by thread: [SECURITY] [DLA 1253-1] openocd security update
Index(es):
- Date
- Thread