Your message dated Sat, 01 Nov 2008 18:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504168: fixed in libphp-snoopy 1.2.4-1
has caused the Debian Bug report #504168,
regarding CVE-2008-4796: missing input sanitising
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
504168: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504168
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libphp-snoopy
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libphp-snoopy.
CVE-2008-4796[0]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
| and earlier allows remote attackers to execute arbitrary commands via
| shell metacharacters in https URLs. NOTE: some of these details are
| obtained from third party information.
You can find the extracted upstream patch here[1].
Please include it as soon as possible, upload with high urgency and ask
the release team for an unblock, so it can go into lenny.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796
http://security-tracker.debian.net/tracker/CVE-2008-4796
[1] http://klecker.debian.org/~white/libphp-snoopy/CVE-2008-4796.patch
--- End Message ---
--- Begin Message ---
Source: libphp-snoopy
Source-Version: 1.2.4-1
We believe that the bug you reported is fixed in the latest version of
libphp-snoopy, which is due to be installed in the Debian FTP archive:
libphp-snoopy_1.2.4-1.diff.gz
to pool/main/libp/libphp-snoopy/libphp-snoopy_1.2.4-1.diff.gz
libphp-snoopy_1.2.4-1.dsc
to pool/main/libp/libphp-snoopy/libphp-snoopy_1.2.4-1.dsc
libphp-snoopy_1.2.4-1_all.deb
to pool/main/libp/libphp-snoopy/libphp-snoopy_1.2.4-1_all.deb
libphp-snoopy_1.2.4.orig.tar.gz
to pool/main/libp/libphp-snoopy/libphp-snoopy_1.2.4.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marcelo Jorge Vieira (metal) <[EMAIL PROTECTED]> (supplier of updated
libphp-snoopy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 28 Oct 2008 22:33:12 -0200
Source: libphp-snoopy
Binary: libphp-snoopy
Architecture: source all
Version: 1.2.4-1
Distribution: unstable
Urgency: high
Maintainer: Marcelo Jorge Vieira (metal) <[EMAIL PROTECTED]>
Changed-By: Marcelo Jorge Vieira (metal) <[EMAIL PROTECTED]>
Description:
libphp-snoopy - Snoopy is a PHP class that simulates a web browser
Closes: 504168
Changes:
libphp-snoopy (1.2.4-1) unstable; urgency=high
.
* New Upstream Version
- fixes CVE-2008-4796 (Closes: #504168)
Checksums-Sha1:
83c43a129d3183b58b46505c6fd8296179bbc1f9 1497 libphp-snoopy_1.2.4-1.dsc
ad33e61b1e8c12ce0ed87484bba94d0839595772 21616 libphp-snoopy_1.2.4.orig.tar.gz
361d687a4b76a4c0e4c950dd2c0cc918897ddc1e 1769 libphp-snoopy_1.2.4-1.diff.gz
f940e3f774d56cc1cc022de78a9b790d84bbf7ae 17578 libphp-snoopy_1.2.4-1_all.deb
Checksums-Sha256:
a1e83168f0709d1180dfc8c01c5dd72b81a0c507417942a98bde552251b1e6d0 1497
libphp-snoopy_1.2.4-1.dsc
44a4bea92efbeca5668fe90007eb5ce43176e7a14b36a99e49130c6bd87f185f 21616
libphp-snoopy_1.2.4.orig.tar.gz
fd00b61fa2bb3e43514e1f412ff74fb7917bb75ded059a4be1896d5dcf460d22 1769
libphp-snoopy_1.2.4-1.diff.gz
15eb3e70a89d17c609ff43906001a4fa5c7ffe1224baa5ffc69442bb87dce760 17578
libphp-snoopy_1.2.4-1_all.deb
Files:
c15f51ca4bd8b8d0377b7678d32d23b2 1497 web optional libphp-snoopy_1.2.4-1.dsc
07ac32a8044e7500f88ab983c293ba06 21616 web optional
libphp-snoopy_1.2.4.orig.tar.gz
cf9e9093dccd575027f7fc9c4a77d2b5 1769 web optional
libphp-snoopy_1.2.4-1.diff.gz
aeeb239a54b917925cce876da347bd1b 17578 web optional
libphp-snoopy_1.2.4-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJDJnWAAoJEGz0hbPcukPf0ssIALDH1x51jT842enuaoV69aDF
kvciR2JilgmRx9EaO+VtOVA49yRrt5KNTfuXhPuG4sL/RzRF9F5Iof6TvhgxdKI0
hoTMWw83jQpw/4iUm4o2/gCEltWvJkObxe/5AScqxJrgYHuw8gfhdBIiZLca9BAu
vJQghKIAtqyGi3YWjKjTHKCEQVu2n/Lz/XG6kwzpZJcuLOUCZ7dzp1hdwxu0n3ID
AtRe0ImsmK8JY3CESU06NY98gcn2Yzla9Zi0Ucv2tJRZNBtsT4z092jeB15AQttD
sL2QwG3DHx/NJe86IK0GUvgb65MTOs++lVzeHkuITQIlBc4EWjlrgxrhAHcQGWw=
=x8SE
-----END PGP SIGNATURE-----
--- End Message ---
