Your message dated Mon, 06 Jul 2009 10:02:10 +0000
with message-id <e1mnl1w-0008l0...@ries.debian.org>
and subject line Bug#530271: fixed in ipplan 4.91a-1.1
has caused the Debian Bug report #530271,
regarding CVE-2009-1732, CVE-2009-1733
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
530271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530271
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ipplan
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for ipplan.
CVE-2009-1732[0]:
| Cross-site scripting (XSS) vulnerability in admin/usermanager in IPlan
| 4.91a allows remote attackers to inject arbitrary web script or HTML
| via the grp parameter.
CVE-2009-1733[1]:
| Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows
| remote attackers to hijack the authentication of administrators for
| requests that (1) change the password, (2) add users, or (3) delete
| users via unknown vectors.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1732
http://security-tracker.debian.net/tracker/CVE-2009-1732
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1733
http://security-tracker.debian.net/tracker/CVE-2009-1733
http://holisticinfosec.org/content/view/113/45/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoYFsYACgkQNxpp46476apd+gCgnDQjebQhF8gaVx/CkQG4Uh1j
uN0An1q5D7MPVsn5wkC4pxidK5uVTuG7
=AFso
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: ipplan
Source-Version: 4.91a-1.1
We believe that the bug you reported is fixed in the latest version of
ipplan, which is due to be installed in the Debian FTP archive:
ipplan_4.91a-1.1.diff.gz
to pool/main/i/ipplan/ipplan_4.91a-1.1.diff.gz
ipplan_4.91a-1.1.dsc
to pool/main/i/ipplan/ipplan_4.91a-1.1.dsc
ipplan_4.91a-1.1_all.deb
to pool/main/i/ipplan/ipplan_4.91a-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 530...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated ipplan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 06 Jul 2009 08:09:24 +0000
Source: ipplan
Binary: ipplan
Architecture: source all
Version: 4.91a-1.1
Distribution: unstable
Urgency: high
Maintainer: Jan Wagner <w...@cyconet.org>
Changed-By: Steffen Joeris <wh...@debian.org>
Description:
ipplan - web-based IP address manager and tracker
Closes: 530271
Changes:
ipplan (4.91a-1.1) unstable; urgency=high
.
* Non-maintainer upload by the security team
* Fix cross-site scripting vulnerability, which can be exploited via
the userid, userdescrip, useremail, grp and grpdescrip parameters
(Closes: #530271)
Fixes: CVE-2009-1732
Checksums-Sha1:
9b832a957c1354caaa9d79da4bd89563aff383a9 1124 ipplan_4.91a-1.1.dsc
aa5360438d891bd69184f42902521f750c2583d8 23627 ipplan_4.91a-1.1.diff.gz
c694b176145fa792db2e35f202fcbeef8b7e0322 788768 ipplan_4.91a-1.1_all.deb
Checksums-Sha256:
5441985020f57b802941298db27f672dc6ef12b677014874eb4ff04636953316 1124
ipplan_4.91a-1.1.dsc
cb0fef9b18360ce5999b13014ccf13a9b832325891ef4897477d96d1c2516186 23627
ipplan_4.91a-1.1.diff.gz
486d0aebdfaa3d6e11c008d5fe897036a8041db307d2446f4189364f0ce24731 788768
ipplan_4.91a-1.1_all.deb
Files:
854b9e23d8ecb9016020e5ad45fbddc7 1124 web optional ipplan_4.91a-1.1.dsc
836743adf47d7d76c3ef475f252bbfe0 23627 web optional ipplan_4.91a-1.1.diff.gz
ad2f14853f183c6276a07c5c955d6da9 788768 web optional ipplan_4.91a-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpRyWgACgkQ62zWxYk/rQccTwCeJW5tSznr81a1nuJdNBRUyOR8
kokAoLUNCOEjfXJcAK+FsazbugwBGR2z
=jf+U
-----END PGP SIGNATURE-----
--- End Message ---
