Bug#536498: marked as done (Please backport roundcube CVE-2008-5619)

Debian Bug Tracking System Fri, 10 Jul 2009 08:04:52 -0700

Your message dated Fri, 10 Jul 2009 16:59:06 +0200
with message-id <20090710145906.ga22...@ngolde.de>
and subject line Re: Bug#536498: Please backport roundcube CVE-2008-5619
has caused the Debian Bug report #536498,
regarding Please backport roundcube CVE-2008-5619
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
536498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536498
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: roundcube
Version: 0.2.2-1
Severity: grave
Tags: security
Justification: user security hole

Hi,

I have roundcube 0.1.1.10 installed from backports, and I see people
exploiting roundcube CVE-2008-5619
(http://trac.roundcube.net/ticket/1485618).

Any chances the fix mentioned there could be backported to etch?

For now I pulled the version from unstable on my system.


Best,

Benjamin


-- System Information:
Debian Release: 4.0
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages roundcube depends on:
ii  roundcube-core                0.2.2-1    skinnable AJAX based webmail solut

roundcube recommends no packages.

Versions of packages roundcube-core depends on:
ii  apache2              2.2.3-4+etch8       Next generation, scalable, extenda
ii  apache2-mpm-prefork  2.2.3-4+etch8       Traditional model for Apache HTTPD
ii  dbconfig-common      1.8.29+etch1        common framework for packaging dat
ii  debconf [debconf-2.0 1.5.11etch2         Debian configuration management sy
ii  libmagic1            4.17-5etch3         File type determination library us
ii  php-auth             1.2.4-0.1           PHP PEAR modules for creating an a
ii  php-mail-mime        1.5.2-0.1           PHP PEAR module for creating MIME 
ii  php-mdb2             2.5.0b2-1           PHP PEAR module to provide a commo
ii  php-net-smtp         1.2.6-2             PHP PEAR module implementing SMTP 
ii  php-net-socket       1.0.6-2             PHP PEAR Network Socket Interface 
ii  php5                 5.2.0+dfsg-8+etch15 server-side, HTML-embedded scripti
ii  php5-gd              5.2.0+dfsg-8+etch15 GD module for php5
ii  php5-mcrypt          5.2.0+dfsg-8+etch15 MCrypt module for php5
ii  php5-pspell          5.2.0+dfsg-8+etch15 pspell module for php5
ii  roundcube-sqlite     0.2.2-1             metapackage providing sqlite depen
ii  tinymce              3.2.1.1-0.1         platform independent web based Jav
ii  ucf                  2.0020              Update Configuration File: preserv

-- debconf information:
* roundcube/dbconfig-install: true
* roundcube/db/dbname: roundcube
  roundcube/pgsql/authmethod-admin: ident
  roundcube/pgsql/admin-user: postgres
  roundcube/internal/skip-preseed: false
  roundcube/db/app-user:
  roundcube/dbconfig-reinstall: false
* roundcube/restart-webserver: false
  roundcube/dbconfig-upgrade: true
  roundcube/remote/port:
  roundcube/pgsql/no-empty-passwords:
  roundcube/passwords-do-not-match:
  roundcube/internal/reconfiguring: false
  roundcube/upgrade-error: abort
  roundcube/pgsql/authmethod-user: password
  roundcube/purge: false
* roundcube/language: de_DE
  roundcube/remote/newhost:
  roundcube/pgsql/changeconf: false
  roundcube/upgrade-backup: true
  roundcube/install-error: abort
  roundcube/mysql/admin-user: root
* roundcube/hosts: netronaut.de:6666
  roundcube/dbconfig-remove:
  roundcube/mysql/method: unix socket
  roundcube/remove-error: abort
  roundcube/pgsql/method: unix socket
  roundcube/pgsql/manualconf:
* roundcube/db/basepath: /var/lib/dbconfig-common/sqlite/roundcube
* roundcube/reconfigure-webserver: apache2
* roundcube/database-type: sqlite
  roundcube/remote/host:

--- End Message ---

--- Begin Message ---

Version: 0.1.1-9

* Benjamin Bannier <be...@netronaut.de> [2009-07-10 16:44]:
> Package: roundcube
> Version: 0.2.2-1
> Severity: grave
> Tags: security
> Justification: user security hole

Please see 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508628
this bug is fixed in unstable, so I am closing it.
[...] 

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

pgpI9IDgUVIup.pgp
Description: PGP signature

--- End Message ---

Bug#536498: marked as done (Please backport roundcube CVE-2008-5619)

Reply via email to