Your message dated Wed, 12 Nov 2008 12:32:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#503330: fixed in websvn 2.0-4
has caused the Debian Bug report #503330,
regarding Multiple Vulnerabilities (xss, insecure file handling and code
execution)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
503330: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503330
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: websvn
Version: 1.61-20
Severity: critical
Tags: security
A full disclosure bulletin has been posted today, reporting various
security vulnerabilities in websvn.
The remote code execution should only affect etch version, while at a
first glance the others are also still open in lenny/sid.
Check the complete bulletin at:
http://www.gulftech.org/?node=research&article_id=00132-10202008
http://www.milw0rm.com/exploits/6822
Ciao, Luca
--
.''`. ** Debian GNU/Linux ** | Luca Bruno (kaeso)
: :' : The Universal O.S. | lucab (AT) debian.org
`. `'` | GPG Key ID: 3BFB9FB3
`- http://www.debian.org | Debian GNU/Linux Developer
pgpgxA7wNjGo6.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: websvn
Source-Version: 2.0-4
We believe that the bug you reported is fixed in the latest version of
websvn, which is due to be installed in the Debian FTP archive:
websvn_2.0-4.diff.gz
to pool/main/w/websvn/websvn_2.0-4.diff.gz
websvn_2.0-4.dsc
to pool/main/w/websvn/websvn_2.0-4.dsc
websvn_2.0-4_all.deb
to pool/main/w/websvn/websvn_2.0-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Chifflier <[EMAIL PROTECTED]> (supplier of updated websvn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 12 Nov 2008 13:07:59 +0100
Source: websvn
Binary: websvn
Architecture: source all
Version: 2.0-4
Distribution: unstable
Urgency: high
Maintainer: Pierre Chifflier <[EMAIL PROTECTED]>
Changed-By: Pierre Chifflier <[EMAIL PROTECTED]>
Description:
websvn - interface for subversion repositories written in PHP
Closes: 503330
Changes:
websvn (2.0-4) unstable; urgency=high
.
* Security: fix potential Cross Site Scripting and Directory
transveral issues (Closes: #503330)
See http://www.gulftech.org/?node=research&article_id=00132-10202008
Checksums-Sha1:
06ca9064da47ca953f94ef914f77fe925aec1ec4 963 websvn_2.0-4.dsc
36a7ddab16a2686b67a2f8fa3bff5b3b7dd6ba8e 17873 websvn_2.0-4.diff.gz
e1e4bc36049f4d8d543c559cdc575da8426ed5ee 193528 websvn_2.0-4_all.deb
Checksums-Sha256:
65b32e496ccf4ddbd057c95284dbb6ae1bb215928ed0464ac2b38105ebba0ab9 963
websvn_2.0-4.dsc
305a74455ed8c3cf04c2d8135fbbf26af4a90e2ccea302ce22cc9832229451b0 17873
websvn_2.0-4.diff.gz
596eb87b15b638be5a542a6199c6f592571ffb08d81dd699a4b530dc1fc14753 193528
websvn_2.0-4_all.deb
Files:
50c4de3aabba1823235e09aae90c54e4 963 devel optional websvn_2.0-4.dsc
b3cebfebfc693384a5da5f063f6f2579 17873 devel optional websvn_2.0-4.diff.gz
e527bfbf77346a08cd3f3956b2ad5d6d 193528 devel optional websvn_2.0-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJGshytwVrWo1fQMsRAqEHAJ9VCEvgKQQHFTu18orBoRWH2RkDEgCdEzBS
uQ/P0z6ovXTy9Dvp6yTcOak=
=6RiQ
-----END PGP SIGNATURE-----
--- End Message ---
