Your message dated Sat, 15 Nov 2008 19:32:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504758: fixed in gforge 4.7~rc2-6
has caused the Debian Bug report #504758,
regarding gforge-plugins-extra ships security issues-prone code copies
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
504758: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504758
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: gforge-plugins-extra
Severity: serious
Version: 4.7~rc2-5
Tags: security
Hi,
By taking a look at the list of files shipped by gforge-plugins-extra I can
easily see several scripts which are already in the Debian archive. I'm
using 'serious' as the severity given the fact that in many of the already
packaged scripts security issues have been found in the past.
Examples:
usr/share/gforge/plugins/webcalendar/
Package: webcalendar; 24 known security issues [1]
usr/share/gforge/plugins/wiki/
Package: phpwiki; 7 known security issues [2]
usr/share/gforge/plugins/wiki/www/lib/WikiDB/adodb/
Package: libphp-adodb; 5 known security issues [3]
Note: phpwiki also ships its own copy of adodb, but that's a separate issue
It would be great if the other scripts are individually packaged/maintained
from their own upstreams.
[1]http://security-tracker.debian.net/tracker/source-package/webcalendar
[2]http://security-tracker.debian.net/tracker/source-package/phpwiki
[3]http://security-tracker.debian.net/tracker/source-package/libphp-adodb
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: gforge
Source-Version: 4.7~rc2-6
We believe that the bug you reported is fixed in the latest version of
gforge, which is due to be installed in the Debian FTP archive:
gforge-common_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-common_4.7~rc2-6_all.deb
gforge-db-postgresql_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-db-postgresql_4.7~rc2-6_all.deb
gforge-dns-bind9_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-dns-bind9_4.7~rc2-6_all.deb
gforge-ftp-proftpd_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-ftp-proftpd_4.7~rc2-6_all.deb
gforge-lists-mailman_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-lists-mailman_4.7~rc2-6_all.deb
gforge-mta-courier_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-mta-courier_4.7~rc2-6_all.deb
gforge-mta-exim4_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-mta-exim4_4.7~rc2-6_all.deb
gforge-mta-postfix_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-mta-postfix_4.7~rc2-6_all.deb
gforge-plugin-mediawiki_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-plugin-mediawiki_4.7~rc2-6_all.deb
gforge-plugin-scmcvs_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-plugin-scmcvs_4.7~rc2-6_all.deb
gforge-plugin-scmsvn_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-plugin-scmsvn_4.7~rc2-6_all.deb
gforge-shell-postgresql_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-shell-postgresql_4.7~rc2-6_all.deb
gforge-web-apache2_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-web-apache2_4.7~rc2-6_all.deb
gforge-web-apache_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge-web-apache_4.7~rc2-6_all.deb
gforge_4.7~rc2-6.diff.gz
to pool/main/g/gforge/gforge_4.7~rc2-6.diff.gz
gforge_4.7~rc2-6.dsc
to pool/main/g/gforge/gforge_4.7~rc2-6.dsc
gforge_4.7~rc2-6_all.deb
to pool/main/g/gforge/gforge_4.7~rc2-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Mas <[EMAIL PROTECTED]> (supplier of updated gforge package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 15 Nov 2008 20:06:46 +0100
Source: gforge
Binary: gforge gforge-common gforge-web-apache2 gforge-web-apache
gforge-db-postgresql gforge-mta-exim4 gforge-mta-postfix gforge-mta-courier
gforge-shell-postgresql gforge-ftp-proftpd gforge-dns-bind9
gforge-lists-mailman gforge-plugin-scmcvs gforge-plugin-scmsvn
gforge-plugin-mediawiki
Architecture: source all
Version: 4.7~rc2-6
Distribution: unstable
Urgency: high
Maintainer: Roland Mas <[EMAIL PROTECTED]>
Changed-By: Roland Mas <[EMAIL PROTECTED]>
Description:
gforge - collaborative development tool - meta-package
gforge-common - collaborative development tool - shared files
gforge-db-postgresql - collaborative development tool - database (using
PostgreSQL)
gforge-dns-bind9 - collaborative development tool - DNS management (using
Bind9)
gforge-ftp-proftpd - collaborative development tool - FTP management (using
ProFTPd)
gforge-lists-mailman - collaborative development tool - mailing-lists (using
Mailman)
gforge-mta-courier - collaborative development tool - mail tools (using
Courier)
gforge-mta-exim4 - collaborative development tool - mail tools (using Exim 4)
gforge-mta-postfix - collaborative development tool - mail tools (using
Postfix)
gforge-plugin-mediawiki - Mediawiki plugin for GForge
gforge-plugin-scmcvs - collaborative development tool - CVS plugin
gforge-plugin-scmsvn - collaborative development tool - Subversion plugin
gforge-shell-postgresql - collaborative development tool - shell accounts
(using PostgreSQL
gforge-web-apache - transition package to gforge-web-apache2
gforge-web-apache2 - collaborative development tool - web part (using Apache)
Closes: 504758
Changes:
gforge (4.7~rc2-6) unstable; urgency=high
.
* Removed gforge-plugins-extra binary package (closes: #504758). I
can't promise to do security support for it, and it's quite
susceptible to security holes since it ships local copies of PHP
libraries.
Checksums-Sha1:
dc96ef754e846f00e8e4970ae79b41e32b0c70a0 1462 gforge_4.7~rc2-6.dsc
188bfd59d441b8430ab3f8005e5bae607664a896 100587 gforge_4.7~rc2-6.diff.gz
8c9273bd3bf7b5263a840bf29f92b98363e7b08e 92656 gforge_4.7~rc2-6_all.deb
ce420b6cf2abb18081e8bc3f15a60627a8aa4c97 1112378
gforge-common_4.7~rc2-6_all.deb
2845150e591b92702702c446823c6a2aaac96426 1397094
gforge-web-apache2_4.7~rc2-6_all.deb
2d8827347a29388e4702cb7445b7b213b3e814d4 88334
gforge-web-apache_4.7~rc2-6_all.deb
2583e08d2d6969674181d24c20b56b715f6c1bc5 230848
gforge-db-postgresql_4.7~rc2-6_all.deb
df8327ca3ddaacbb6e98eb06115c78b0c8a8d384 100612
gforge-mta-exim4_4.7~rc2-6_all.deb
4f2aa8f30c42193b5520a6ebecc6cde6918b3e64 101374
gforge-mta-postfix_4.7~rc2-6_all.deb
c4941d6a19a6ee48ef12d4da3607a6b97c24afc6 88598
gforge-mta-courier_4.7~rc2-6_all.deb
8aa48720f7e1d2e56de80350f90657366e1badbd 94922
gforge-shell-postgresql_4.7~rc2-6_all.deb
769d0adb52ce14331f055826f9af1f5cfe806d4e 97168
gforge-ftp-proftpd_4.7~rc2-6_all.deb
937c1c5920694590fb887eb62afec53a68c5c466 106748
gforge-dns-bind9_4.7~rc2-6_all.deb
5505c3791c551b43c966b732e7476a5e8163f6eb 94434
gforge-lists-mailman_4.7~rc2-6_all.deb
ad8e36826bd926bcf0c2319dc312fe94006fdcd3 129228
gforge-plugin-scmcvs_4.7~rc2-6_all.deb
a50a1510c936ea1d8ae169c802608b30fdcfe5c3 121852
gforge-plugin-scmsvn_4.7~rc2-6_all.deb
364c7a6f3f9b1042e9677ca072ecc8734633ff4a 213446
gforge-plugin-mediawiki_4.7~rc2-6_all.deb
Checksums-Sha256:
97e442d6335b7ddd48d0706b9979754630770aea8930d729cfce92f3d0e20e2f 1462
gforge_4.7~rc2-6.dsc
43698787c8833500e29b0a550b08ba452928cbc3da01d886802631b38192848f 100587
gforge_4.7~rc2-6.diff.gz
8ba3c0eefb75ed78477db0e170fa9867223e2641db16fc32c404168d1bcee2b1 92656
gforge_4.7~rc2-6_all.deb
cd32b494f4a87cab8a04c236839f56e5644e7c7424526cd76a39c87c13467742 1112378
gforge-common_4.7~rc2-6_all.deb
77db74fbe48f74e3355222f31c65c8ae0d50d09ee80c36c734ed9f0625c47ed1 1397094
gforge-web-apache2_4.7~rc2-6_all.deb
1e2f14fd5175f39196e9515c4b8d8496f345c88cee4b6647a391e79a0f719177 88334
gforge-web-apache_4.7~rc2-6_all.deb
e1458d861015770fcd7cb2ffd8c5aa52c0aa069d13f6f1e8c07720fe12c32570 230848
gforge-db-postgresql_4.7~rc2-6_all.deb
512cbf39b72f49a558566fce4fa86718b6d74bbcbef13dc8020dfe1ef24179db 100612
gforge-mta-exim4_4.7~rc2-6_all.deb
bad9442dcbc331b538a6cd162ab9685d0ac62b0de78739fc108c13399f95e4a5 101374
gforge-mta-postfix_4.7~rc2-6_all.deb
1b0df9a46a0301b5cbaaa4dcf20b19ea21d25f350e0b4d59c2b5ddaecea2eeaf 88598
gforge-mta-courier_4.7~rc2-6_all.deb
b29ad938cd1b42f7c7980ac49d2752e367243ea25bbde5fac444305df2cdb863 94922
gforge-shell-postgresql_4.7~rc2-6_all.deb
efc0906eee3105e186189c9069d86af7e94f8f66f10acf7b02559a687f552174 97168
gforge-ftp-proftpd_4.7~rc2-6_all.deb
72e80505e697e4fb460ae814f1d88a89484b923e31c28665d6c4ce12b65015e2 106748
gforge-dns-bind9_4.7~rc2-6_all.deb
d452a3ec61743022a22c196cd0ed664c9e7c1176749612e25d04aa8228d81f2a 94434
gforge-lists-mailman_4.7~rc2-6_all.deb
140d66614a8ac8a5a449f2368437f3acdd2e2ecbf88eab0082fa8da26a80e7ba 129228
gforge-plugin-scmcvs_4.7~rc2-6_all.deb
d1f578c2e935839e5fd3013c2510e303a6388270a5aa9c4168c4b5af9a8e6bd4 121852
gforge-plugin-scmsvn_4.7~rc2-6_all.deb
3d2682a4f046ef9b87a97243800bfd51c6c8e1ff270f63f4b2c1c1e79bacbe3e 213446
gforge-plugin-mediawiki_4.7~rc2-6_all.deb
Files:
13281d3bd818b9c2da9db41f1cc3cb59 1462 devel optional gforge_4.7~rc2-6.dsc
42d5b171c4b6310704d716ed8526e75e 100587 devel optional gforge_4.7~rc2-6.diff.gz
744e63262277a764eae80e9882d50357 92656 devel optional gforge_4.7~rc2-6_all.deb
b4e1f3f4c52972c614f468761c3bbfa4 1112378 devel optional
gforge-common_4.7~rc2-6_all.deb
c45732aca02141cbcbfafbafc67b349f 1397094 devel optional
gforge-web-apache2_4.7~rc2-6_all.deb
27a902f723a648def5900cefd8b62bcd 88334 devel optional
gforge-web-apache_4.7~rc2-6_all.deb
b82acb5816fcd099de3a0cdf1925447c 230848 devel optional
gforge-db-postgresql_4.7~rc2-6_all.deb
92797757508316a13a161d49bce69ee8 100612 devel optional
gforge-mta-exim4_4.7~rc2-6_all.deb
bf45bbc052a3d89d8e67e723082a18b5 101374 devel optional
gforge-mta-postfix_4.7~rc2-6_all.deb
1e531639523a0e104172024a7a3885b6 88598 devel optional
gforge-mta-courier_4.7~rc2-6_all.deb
c771cc391edd6d9fce1c053f4c413ac1 94922 devel optional
gforge-shell-postgresql_4.7~rc2-6_all.deb
9456bdbcc967637164af3a409d398284 97168 devel optional
gforge-ftp-proftpd_4.7~rc2-6_all.deb
cf197e28bf6a299102573705cdcb7bdb 106748 devel optional
gforge-dns-bind9_4.7~rc2-6_all.deb
be9939a2e589ed313018b7107ea745a1 94434 devel optional
gforge-lists-mailman_4.7~rc2-6_all.deb
7ee96d99079d6a434e2969f8ada89a91 129228 devel optional
gforge-plugin-scmcvs_4.7~rc2-6_all.deb
68097b84c8e7e16295271e844cdc819a 121852 devel optional
gforge-plugin-scmsvn_4.7~rc2-6_all.deb
b401ccd5def99feb99b7c4c295e4b65c 213446 devel optional
gforge-plugin-mediawiki_4.7~rc2-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJHx9NDqdWtRRIQ/URApgrAJsE8ZRBztjQXoxvW6uQO5ea0BCWmACfRAMC
EhVlepfJNPBNKjR4jptfXY8=
=OvnB
-----END PGP SIGNATURE-----
--- End Message ---
