Your message dated Thu, 07 Jul 2005 12:32:40 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#317263: fixed in egroupware 1.0.0.007-3.dfsg-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 7 Jul 2005 07:45:29 +0000
>From [EMAIL PROTECTED] Thu Jul 07 00:45:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DqR4a-0005FG-00; Thu, 07 Jul 2005 00:45:29 -0700
Received: from wlan-client-015.informatik.uni-bremen.de ([134.102.116.16]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DqQyJ-0007fX-Pb
for [EMAIL PROTECTED]; Thu, 07 Jul 2005 09:38:59 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
id 1DqR4Z-0001cq-63; Thu, 07 Jul 2005 09:45:27 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: egroupware: XMLRPC parsing flaw allows execution of arbitrary PHP code
X-Mailer: reportbug 3.15
Date: Thu, 07 Jul 2005 09:45:27 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.116.16
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: egroupware
Severity: grave
Tags: security
Justification: user security hole
egroupware ships a local copy of the vulnerable XMLRPC code, as discovered
by GulfTech Security Research. The new upstream release 1.0.0.007-3 fixes
this issue.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 317263-close) by bugs.debian.org; 7 Jul 2005 16:43:03 +0000
>From [EMAIL PROTECTED] Thu Jul 07 09:43:03 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DqZSp-0006SF-00; Thu, 07 Jul 2005 09:43:03 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DqZIm-00073o-00; Thu, 07 Jul 2005 12:32:40 -0400
From: Peter Eisentraut <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#317263: fixed in egroupware 1.0.0.007-3.dfsg-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 07 Jul 2005 12:32:40 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: egroupware
Source-Version: 1.0.0.007-3.dfsg-1
We believe that the bug you reported is fixed in the latest version of
egroupware, which is due to be installed in the Debian FTP archive:
egroupware-addressbook_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-addressbook_1.0.0.007-3.dfsg-1_all.deb
egroupware-bookmarks_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-bookmarks_1.0.0.007-3.dfsg-1_all.deb
egroupware-calendar_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-calendar_1.0.0.007-3.dfsg-1_all.deb
egroupware-comic_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-comic_1.0.0.007-3.dfsg-1_all.deb
egroupware-core_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-core_1.0.0.007-3.dfsg-1_all.deb
egroupware-developer-tools_1.0.0.007-3.dfsg-1_all.deb
to
pool/main/e/egroupware/egroupware-developer-tools_1.0.0.007-3.dfsg-1_all.deb
egroupware-email_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-email_1.0.0.007-3.dfsg-1_all.deb
egroupware-emailadmin_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-emailadmin_1.0.0.007-3.dfsg-1_all.deb
egroupware-etemplate_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-etemplate_1.0.0.007-3.dfsg-1_all.deb
egroupware-felamimail_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-felamimail_1.0.0.007-3.dfsg-1_all.deb
egroupware-filemanager_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-filemanager_1.0.0.007-3.dfsg-1_all.deb
egroupware-forum_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-forum_1.0.0.007-3.dfsg-1_all.deb
egroupware-ftp_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-ftp_1.0.0.007-3.dfsg-1_all.deb
egroupware-fudforum_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-fudforum_1.0.0.007-3.dfsg-1_all.deb
egroupware-headlines_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-headlines_1.0.0.007-3.dfsg-1_all.deb
egroupware-infolog_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-infolog_1.0.0.007-3.dfsg-1_all.deb
egroupware-jinn_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-jinn_1.0.0.007-3.dfsg-1_all.deb
egroupware-ldap_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-ldap_1.0.0.007-3.dfsg-1_all.deb
egroupware-manual_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-manual_1.0.0.007-3.dfsg-1_all.deb
egroupware-messenger_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-messenger_1.0.0.007-3.dfsg-1_all.deb
egroupware-news-admin_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-news-admin_1.0.0.007-3.dfsg-1_all.deb
egroupware-phpbrain_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-phpbrain_1.0.0.007-3.dfsg-1_all.deb
egroupware-phpldapadmin_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-3.dfsg-1_all.deb
egroupware-phpsysinfo_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-3.dfsg-1_all.deb
egroupware-polls_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-polls_1.0.0.007-3.dfsg-1_all.deb
egroupware-projects_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-projects_1.0.0.007-3.dfsg-1_all.deb
egroupware-registration_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-registration_1.0.0.007-3.dfsg-1_all.deb
egroupware-sitemgr_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-sitemgr_1.0.0.007-3.dfsg-1_all.deb
egroupware-stocks_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-stocks_1.0.0.007-3.dfsg-1_all.deb
egroupware-tts_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-tts_1.0.0.007-3.dfsg-1_all.deb
egroupware-wiki_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-wiki_1.0.0.007-3.dfsg-1_all.deb
egroupware_1.0.0.007-3.dfsg-1.diff.gz
to pool/main/e/egroupware/egroupware_1.0.0.007-3.dfsg-1.diff.gz
egroupware_1.0.0.007-3.dfsg-1.dsc
to pool/main/e/egroupware/egroupware_1.0.0.007-3.dfsg-1.dsc
egroupware_1.0.0.007-3.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware_1.0.0.007-3.dfsg-1_all.deb
egroupware_1.0.0.007-3.dfsg.orig.tar.gz
to pool/main/e/egroupware/egroupware_1.0.0.007-3.dfsg.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Eisentraut <[EMAIL PROTECTED]> (supplier of updated egroupware package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 7 Jul 2005 11:11:11 +0200
Source: egroupware
Binary: egroupware-news-admin egroupware-felamimail egroupware-projects
egroupware-polls egroupware-jinn egroupware-calendar egroupware-messenger
egroupware egroupware-bookmarks egroupware-wiki egroupware-filemanager
egroupware-ldap egroupware-addressbook egroupware-headlines egroupware-tts
egroupware-etemplate egroupware-registration egroupware-comic
egroupware-emailadmin egroupware-ftp egroupware-developer-tools
egroupware-phpldapadmin egroupware-phpsysinfo egroupware-stocks
egroupware-manual egroupware-infolog egroupware-core egroupware-email
egroupware-fudforum egroupware-sitemgr egroupware-phpbrain egroupware-forum
Architecture: source all
Version: 1.0.0.007-3.dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Peter Eisentraut <[EMAIL PROTECTED]>
Changed-By: Peter Eisentraut <[EMAIL PROTECTED]>
Description:
egroupware - web-based groupware suite
egroupware-addressbook - eGroupWare addressbook management application
egroupware-bookmarks - eGroupWare bookmark management application
egroupware-calendar - eGroupWare calendar management application
egroupware-comic - eGroupWare comic strip application
egroupware-core - eGroupWare core modules
egroupware-developer-tools - eGroupWare developer tools
egroupware-email - eGroupWare E-mail client application
egroupware-emailadmin - eGroupWare E-mail user administration application
egroupware-etemplate - widget-based template system for eGroupWare
egroupware-felamimail - eGroupWare FeLaMiMail application
egroupware-filemanager - eGroupWare file manager application
egroupware-forum - eGroupWare forum application
egroupware-ftp - eGroupWare FTP application
egroupware-fudforum - eGroupWare FUDforum application
egroupware-headlines - eGroupWare headlines catcher application
egroupware-infolog - eGroupWare infolog application
egroupware-jinn - content management system for eGroupWare
egroupware-ldap - eGroupware LDAP support files
egroupware-manual - eGroupWare manual
egroupware-messenger - eGroupWare messenger application
egroupware-news-admin - eGroupWare news administration interface
egroupware-phpbrain - eGroupWare phpbrain application
egroupware-phpldapadmin - eGroupWare phpLDAPadmin application
egroupware-phpsysinfo - eGroupWare phpSysInfo application
egroupware-polls - eGroupWare polling application
egroupware-projects - eGroupWare projects management application
egroupware-registration - eGroupWare registration application
egroupware-sitemgr - eGroupWare site manager application
egroupware-stocks - eGroupWare stock management application
egroupware-tts - eGroupWare trouble ticket system application
egroupware-wiki - eGroupWare wiki application
Closes: 317263
Changes:
egroupware (1.0.0.007-3.dfsg-1) unstable; urgency=high
.
* New upstream release
- Includes fix for XML-RPC remote execution security problem
(CAN-2005-1921) (closes: #317263)
* Updated standards version
Files:
e54bcaa747e540288c608de190d95e55 1275 web optional
egroupware_1.0.0.007-3.dfsg-1.dsc
b4268ef9e2e6231bb68333719e839b06 12700002 web optional
egroupware_1.0.0.007-3.dfsg.orig.tar.gz
1133d1af84c5e3f8008ff18953d847a1 32350 web optional
egroupware_1.0.0.007-3.dfsg-1.diff.gz
f97fb94a26ca25d97e012d89be823799 4312 web optional
egroupware_1.0.0.007-3.dfsg-1_all.deb
c621a0b3aff7fbc0b3d18da5256ca8f7 3772702 web optional
egroupware-core_1.0.0.007-3.dfsg-1_all.deb
6a0736b343a0d4e20ab95097d5af843e 7042 web optional
egroupware-ldap_1.0.0.007-3.dfsg-1_all.deb
9662205c5f891a2eec7c4e1790426d68 148872 web optional
egroupware-addressbook_1.0.0.007-3.dfsg-1_all.deb
fa453e4630df1f49015f7ab4fd442e10 125030 web optional
egroupware-bookmarks_1.0.0.007-3.dfsg-1_all.deb
387d9b47a7ca1fee7ac1b3662c173e67 382104 web optional
egroupware-calendar_1.0.0.007-3.dfsg-1_all.deb
32237144a889b342ebd1c16862f0dd21 255954 web optional
egroupware-comic_1.0.0.007-3.dfsg-1_all.deb
364bef4400a1195c291f49398ade9f1c 53328 web optional
egroupware-developer-tools_1.0.0.007-3.dfsg-1_all.deb
28d50975c7af5e64a73ecc8d83c40b14 1243670 web optional
egroupware-email_1.0.0.007-3.dfsg-1_all.deb
9d6b81d99601b44ba5e79147bbb275a3 38006 web optional
egroupware-emailadmin_1.0.0.007-3.dfsg-1_all.deb
9a4568a815088a5d67618b475a05284b 1363102 web optional
egroupware-etemplate_1.0.0.007-3.dfsg-1_all.deb
3239ec2815054d6e2dd89570a9052124 275238 web optional
egroupware-felamimail_1.0.0.007-3.dfsg-1_all.deb
a9c20a94abb8c17fc2aaf6b3396661fc 172736 web optional
egroupware-filemanager_1.0.0.007-3.dfsg-1_all.deb
179b4b911afb3593cc37782c5962278e 51230 web optional
egroupware-forum_1.0.0.007-3.dfsg-1_all.deb
53de16ae8eba5ac1a79c561151e8bd3e 37920 web optional
egroupware-ftp_1.0.0.007-3.dfsg-1_all.deb
aa7d728a9aaa2ab2de8d068e8c711632 1486296 web optional
egroupware-fudforum_1.0.0.007-3.dfsg-1_all.deb
8048d73f25b7bf6b80be5a4efb5e5d8c 74824 web optional
egroupware-headlines_1.0.0.007-3.dfsg-1_all.deb
7b7402e8f1b4d02ec2ef85da5e0f98b1 202160 web optional
egroupware-infolog_1.0.0.007-3.dfsg-1_all.deb
cab7da9619b1fb61c877a28bc20d871b 204902 web optional
egroupware-jinn_1.0.0.007-3.dfsg-1_all.deb
7dcd393c449eaa2fe92b46960a220a90 17198 web optional
egroupware-manual_1.0.0.007-3.dfsg-1_all.deb
14cc710631d36ceebdda4bfb33dcfb00 32050 web optional
egroupware-messenger_1.0.0.007-3.dfsg-1_all.deb
4e2489b8d03fda5182b5be750ac108b1 50616 web optional
egroupware-news-admin_1.0.0.007-3.dfsg-1_all.deb
213e7b945dd5136c150c39ed7627d488 119182 web optional
egroupware-phpbrain_1.0.0.007-3.dfsg-1_all.deb
12abe2ac28d872595f290885704aae6d 139458 web optional
egroupware-phpldapadmin_1.0.0.007-3.dfsg-1_all.deb
87edf4bf3ad9fa23af7ca4c521736cbf 115828 web optional
egroupware-phpsysinfo_1.0.0.007-3.dfsg-1_all.deb
7f0d6afa8bf16aed6d40188406424b1e 35970 web optional
egroupware-polls_1.0.0.007-3.dfsg-1_all.deb
b9117b964064d90640aa3c14322064b0 302124 web optional
egroupware-projects_1.0.0.007-3.dfsg-1_all.deb
73fdf0579f1593f1e3649966d393a44f 99710 web optional
egroupware-registration_1.0.0.007-3.dfsg-1_all.deb
904d44f2c37b3812686155a43a65b2fe 486364 web optional
egroupware-sitemgr_1.0.0.007-3.dfsg-1_all.deb
30af96b4c89cda76f7d0f659247250f7 26410 web optional
egroupware-stocks_1.0.0.007-3.dfsg-1_all.deb
91cb10410689cf752207b0c9d178e82b 92528 web optional
egroupware-tts_1.0.0.007-3.dfsg-1_all.deb
f26d0afcd9681d637de9f4b70a61f689 92500 web optional
egroupware-wiki_1.0.0.007-3.dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCzU3xTTx8oVVPtMYRAt2EAJ0QFT8SyID+kP1bjPJkqEkuhwKGqACfaTNh
RylgYStxkNphBeycIn36gFs=
=3DRh
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
