Package: phpgroupware-phpsysinfo Version: 0.9.16.011-2.2 Severity: grave Tags: security Justification: user security hole
It looks to me as if bug #435936 wasn't completely fixed for etch/stable (considering http://security-tracker.debian.net/tracker/CVE-2007-4048, thanks to Thomas Viehmann for pointing this out). Btw, I don't exactly know why bug #435936 could be archived, even though there was a found reported in http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;bug=435936) Anyway, I think that the fix proposed in http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;filename=CVE-2007-4048.patch;att=1;bug=435936 should apply to 0.9.16.011-2.2 too. I expected than applying for maintainer on phpGroupware would bring in dealing with these kind of issues ;-) Will try and propose a fix as soon as possible... but considering the long period during which eventual stable installations of phpgroupware-phpsysinfo have been vulnerable (if it indeed applies to the stable version), I suppose harm is already done, so I'm not sure there's a cas of emergency here:( FYI, note that the 'phpsysinfo' module is no longer packaged for Debian in epoch 1 phpgroupware packages in unstable ATM. Regards, -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-vserver-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages phpgroupware-phpsysinfo depends on: pn phpgroupware <none> (no description available) phpgroupware-phpsysinfo recommends no packages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
