Your message dated Mon, 13 Oct 2008 09:17:48 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#502054: fixed in mantis 1.1.2+dfsg-6
has caused the Debian Bug report #502054,
regarding mantis: session_set_cookie_params() needs to be called before
session_start()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
502054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502054
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: mantis
Version: 1.1.2+dfsg-5
Owner: [EMAIL PROTECTED]
Tags: pending
----- Forwarded message from Wolfgang Karall <[EMAIL PROTECTED]> -----
Subject: Bug#501179: mantis: session_set_cookie_params() needs to be called
before session_start()
From: Wolfgang Karall <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Date: Sun, 12 Oct 2008 08:03:03 +0200
Package: mantis
Version: 1.1.2+dfsg-5
Followup-For: Bug #501179
Hi,
the patch from upstream VCS was applied incorrectly,
session_set_cookie_params() needs to be called _before_ session_start(),
see http://php.net/session_set_cookie_params for the documentation.
Minimal patch attached.
Kind regards
WK
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-6-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages mantis depends on:
ii apache2 2.2.9-7 Apache HTTP Server metapackage
ii apache2-mpm-prefork [httpd] 2.2.9-7 Apache HTTP Server - traditional n
ii dbconfig-common 1.8.39 common framework for packaging dat
ii debconf 1.5.22 Debian configuration management sy
ii libapache2-mod-php5 5.2.6-5 server-side, HTML-embedded scripti
ii libphp-adodb 5.05-1 The ADOdb database abstraction lay
ii libphp-phpmailer 1.73-6 full featured email transfer class
ii ucf 3.0010 Update Configuration File: preserv
Versions of packages mantis recommends:
ii mysql-client 5.0.51a-15 MySQL database client (metapackage
ii mysql-client-5.0 [mysql-clien 5.0.51a-15 MySQL database client binaries
ii php5-mysql 5.2.6-5 MySQL module for php5
Versions of packages mantis suggests:
pn mysql-server <none> (no description available)
pn php5-cli <none> (no description available)
-- debconf information excluded
----- End forwarded message -----
--- End Message ---
--- Begin Message ---
Source: mantis
Source-Version: 1.1.2+dfsg-6
We believe that the bug you reported is fixed in the latest version of
mantis, which is due to be installed in the Debian FTP archive:
mantis_1.1.2+dfsg-6.diff.gz
to pool/main/m/mantis/mantis_1.1.2+dfsg-6.diff.gz
mantis_1.1.2+dfsg-6.dsc
to pool/main/m/mantis/mantis_1.1.2+dfsg-6.dsc
mantis_1.1.2+dfsg-6_all.deb
to pool/main/m/mantis/mantis_1.1.2+dfsg-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Schoenfeld <[EMAIL PROTECTED]> (supplier of updated mantis package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 12 Oct 2008 16:58:36 +0200
Source: mantis
Binary: mantis
Architecture: source all
Version: 1.1.2+dfsg-6
Distribution: unstable
Urgency: high
Maintainer: Patrick Schoenfeld <[EMAIL PROTECTED]>
Changed-By: Patrick Schoenfeld <[EMAIL PROTECTED]>
Description:
mantis - web-based bug tracking system
Closes: 502054
Changes:
mantis (1.1.2+dfsg-6) unstable; urgency=high
.
* Urgency high because it fixes a regression that has been introduced by a
security issue
* Update patch for CVE2008-3102 so that session_set_cookie_params() is
called _before_ session_start(). Thanks to Wolfgang Karall for noting the
problem and sending a patch. (Closes: #502054)
Checksums-Sha1:
907523d4fb64e0b408d9abf7b46f895ca3f11749 1184 mantis_1.1.2+dfsg-6.dsc
184f3f4a8fee26d0674b5c25ae1b4dc83b290502 44430 mantis_1.1.2+dfsg-6.diff.gz
2e8bb1b84d856313e63a850059ced19d76be0a2c 1857282 mantis_1.1.2+dfsg-6_all.deb
Checksums-Sha256:
bf9e6d8f10333ad2260459e65aeb125785a693a649bc7cc7c505935016345e8f 1184
mantis_1.1.2+dfsg-6.dsc
89cbeb0dc2148bc021c83193e0ed5212104cb104345210a31e212342fcff0b61 44430
mantis_1.1.2+dfsg-6.diff.gz
7dbbf788be5eacaa8db44dea8f84832f690c02035cd4368590b15b69beed10e3 1857282
mantis_1.1.2+dfsg-6_all.deb
Files:
9694f9e3943accc12d66c10000bc2b65 1184 web optional mantis_1.1.2+dfsg-6.dsc
6668adbe72f8e80d7e7bdc3de09311b4 44430 web optional mantis_1.1.2+dfsg-6.diff.gz
307a3f17a1909f8d615b9740022df02a 1857282 web optional
mantis_1.1.2+dfsg-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjzAhMACgkQbdB4RPTVespMgwCffiRu0+V8BAMCzD2pjg+mNdPM
JN8An1emt2aYA4r8DCfSjGzeJ+DR7s46
=AHIF
-----END PGP SIGNATURE-----
--- End Message ---
