[SECURITY] [DLA 1047-1] supervisor security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : supervisor
Version : 3.0a8-1.1+deb7u2
CVE ID : CVE-2017-11610
Debian Bug : 870187
A vulnerability has been found in supervisor, a system for controlling
process state, where an authenticated client can send a malicious
XML-RPC request to supervisord that will run arbitrary shell commands
on the server. The commands will be run as the same user as supervisord.
For Debian 7 "Wheezy", these problems have been fixed in version
3.0a8-1.1+deb7u2.
We recommend that you upgrade your supervisor packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAll/KcNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQBvhAAkl5TvA+OyRbPIwpcgJuqp+8RS7Fwrwy7CZMvnbCVjDohSO0DN3PtsCKL
JPb8UavO6aoE0s75bP59exn2d7ULgTwv4J+NsUBtDEoO1tYb7JhGYNpLDuv4y8yu
T8SBRFfaOHGQIOhRoaM/vaFVh+LB9WDrKsobEOTBnSCEK8SOzoR70v/b4RnLwnc2
rtg/Wu64sYEWN0Lz38A6cck70Jl2cf0zIC8NZkWlTWRAuYI7ycSsPXTqg1JcrzQK
WBQnyegil/jYfTg42GheAqewKpvc7kSanyuHGh2LbLMZTvQUaKVdI/0RXxij96Jo
6EWnXNJLO0SqXCNQ5DzJe+XeC5MPhnWaRbblkTekwIn8OJFATxzkURYeGODgkzs8
KF7UfnaACJ/KEewekSJ5lOrIa3DbCISiqMaMjJ0dwhMkhkObUzvKoSSBmAF3UvtC
J5IjBFDQ1G6OHAHKk7GwjPNns2WfBcStRM0KigQFt+FVkI66iDqgKQTDpz3ZpaMP
6Zpe4zWrxycP+Eu8XAd5Mtnj/9ERHhO2jrrIQl4uAjB5+98ELO7RqYn9Kaxo6LMh
mn1nd1E+kEbK6UHl+lClseLufZ3yOLnBgmJNKmUufWGwcQiVPzMsHISWvmFzjcf1
nDx3JPyp5VC528yDtwLtzS/Q+zXpiQ0T+qi8jK6VFW/DA6t1lPw=
=xcTf
-----END PGP SIGNATURE-----
Reply to: