Your message dated Thu, 04 Dec 2008 19:53:21 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#503330: fixed in websvn 1.61-21
has caused the Debian Bug report #503330,
regarding Multiple Vulnerabilities (xss, insecure file handling and code
execution)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
503330: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503330
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: websvn
Version: 1.61-20
Severity: critical
Tags: security
A full disclosure bulletin has been posted today, reporting various
security vulnerabilities in websvn.
The remote code execution should only affect etch version, while at a
first glance the others are also still open in lenny/sid.
Check the complete bulletin at:
http://www.gulftech.org/?node=research&article_id=00132-10202008
http://www.milw0rm.com/exploits/6822
Ciao, Luca
--
.''`. ** Debian GNU/Linux ** | Luca Bruno (kaeso)
: :' : The Universal O.S. | lucab (AT) debian.org
`. `'` | GPG Key ID: 3BFB9FB3
`- http://www.debian.org | Debian GNU/Linux Developer
pgp3g8XUNdCxe.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: websvn
Source-Version: 1.61-21
We believe that the bug you reported is fixed in the latest version of
websvn, which is due to be installed in the Debian FTP archive:
websvn_1.61-21.diff.gz
to pool/main/w/websvn/websvn_1.61-21.diff.gz
websvn_1.61-21.dsc
to pool/main/w/websvn/websvn_1.61-21.dsc
websvn_1.61-21_all.deb
to pool/main/w/websvn/websvn_1.61-21_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Chifflier <[EMAIL PROTECTED]> (supplier of updated websvn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 12 Nov 2008 13:02:17 +0100
Source: websvn
Binary: websvn
Architecture: source all
Version: 1.61-21
Distribution: stable
Urgency: high
Maintainer: Pierre Chifflier <[EMAIL PROTECTED]>
Changed-By: Pierre Chifflier <[EMAIL PROTECTED]>
Description:
websvn - interface for subversion repositories written in PHP
Closes: 503330
Changes:
websvn (1.61-21) stable; urgency=high
.
* Security: fix potential PHP code execution due to unsafe use of
preg_replace (Closes: #503330)
Checksums-Sha1:
a135a19231a4751b89a6ed70deecbd6dca910c37 970 websvn_1.61-21.dsc
594b07625e0e1bf9319d2f077db4e402a4317512 22097 websvn_1.61-21.diff.gz
b1526008851fbd3c84379b0bd919a123180a989a 105126 websvn_1.61-21_all.deb
Checksums-Sha256:
85606577c8f1d05407a57ac78001dde14eb81c8ec24af81bae58b8136e07a48c 970
websvn_1.61-21.dsc
87b3bc8a6166d9e0667cd15b52ad83dd3d1bdfc157b3f315f913ee0cd8c08010 22097
websvn_1.61-21.diff.gz
4d4beb4f248a69a4980ca1b36106da6a2aee0537b2d3cab4ae5d181f8bfa3a18 105126
websvn_1.61-21_all.deb
Files:
f9253559a29b5f0ab0ac8c3aa18d7bc0 970 devel optional websvn_1.61-21.dsc
e428f12e66a3037cf22d97571a3a8303 22097 devel optional websvn_1.61-21.diff.gz
aa0060eaaf0788e19716643a4491fd10 105126 devel optional websvn_1.61-21_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJGsa0twVrWo1fQMsRAmr3AJ9joJajHeCSgH7VWb51/hHpFSh/DQCgnwMW
Qt/kbJLpZyOsKAFIAY++HJ0=
=Htow
-----END PGP SIGNATURE-----
--- End Message ---
