Bug#535435: marked as done ([drupal6] SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities)

Mon, 06 Jul 2009 12:09:53 -0700 

Your message dated Mon, 06 Jul 2009 18:47:06 +0000
with message-id <e1mntdw-0005tr...@ries.debian.org>
and subject line Bug#535435: fixed in drupal6 6.12-1.1
has caused the Debian Bug report #535435,
regarding [drupal6] SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
535435: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535435
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: drupal6
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org

--- Please enter the report below this line. ---

Please upgrade Drupal6 because of the latest Drupal Core SA. Drupal5
seems to be affected as well.

- http://drupal.org/drupal-6.13
- http://drupal.org/node/507572

Thanks!
Ingo

--- System information. ---
Architecture: i386
Kernel:       Linux 2.6.30-1-686

Debian Release: squeeze/sid
  500 unstable        www.debian-multimedia.org
  500 unstable        ftp2.de.debian.org

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.




-- 
Ciao...            //      Fon: 0381-2744150
      Ingo       \X/       http://blog.windfluechter.net

gpg pubkey: http://www.juergensmann.de/ij_public_key.asc

--- End Message ---
--- Begin Message --- 
Source: drupal6
Source-Version: 6.12-1.1

We believe that the bug you reported is fixed in the latest version of
drupal6, which is due to be installed in the Debian FTP archive:

drupal6_6.12-1.1.diff.gz
  to pool/main/d/drupal6/drupal6_6.12-1.1.diff.gz
drupal6_6.12-1.1.dsc
  to pool/main/d/drupal6/drupal6_6.12-1.1.dsc
drupal6_6.12-1.1_all.deb
  to pool/main/d/drupal6/drupal6_6.12-1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated drupal6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 20:27:45 +0200
Source: drupal6
Binary: drupal6
Architecture: source all
Version: 6.12-1.1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Nico Golde <n...@debian.org>
Description: 
 drupal6    - a fully-featured content management framework
Closes: 535435
Changes: 
 drupal6 (6.12-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Apply upstream patch to fix:
     - XSS in the forum module
     - Input format access bypass via signatures
     - Password leakage via URLs
     (no CVE id yet; SA-CORE-2009-007; Closes: #535435).
Checksums-Sha1: 
 17d15b7f2a75323699eb0c3e5b2f65c12c6603a1 1123 drupal6_6.12-1.1.dsc
 4fb635dce0d43abf59f7f38321375193ea1cce71 19216 drupal6_6.12-1.1.diff.gz
 bcf7223c6361e0cda7e4f99b43489119779f6805 1109796 drupal6_6.12-1.1_all.deb
Checksums-Sha256: 
 474e83e44300133542decc2e48598d4c94f9bdf4c2bee74fa998df76ddaa3ccc 1123 
drupal6_6.12-1.1.dsc
 52ca2f19b31ed154c723bff1553fee4d74904f771e058c4d552839c76fe45e12 19216 
drupal6_6.12-1.1.diff.gz
 073254585f4220f3347c480b647d11e9b2310627e86398aa8abe06aca6beab90 1109796 
drupal6_6.12-1.1_all.deb
Files: 
 27a8b421fcb523bc51465bc2df6ce41a 1123 web extra drupal6_6.12-1.1.dsc
 70b27cfb05d2e909943c000e1a65faf5 19216 web extra drupal6_6.12-1.1.diff.gz
 b9b2e97d71348fc179dfc854f69b80d2 1109796 web extra drupal6_6.12-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpSQzIACgkQHYflSXNkfP/hogCePjcmm4PldzxhCQgFOfA/pBqS
0mgAnijprXvXtzTLHcCc8FKNcZ6Gf4Nf
=krwT
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to