Bug#547132: marked as done (CVE-2009-3165: SQL injection vulnerability)

Sun, 18 Oct 2009 19:10:13 -0700 

Your message dated Mon, 19 Oct 2009 01:57:59 +0000
with message-id <e1mzhvx-0007uw...@ries.debian.org>
and subject line Bug#547132: fixed in bugzilla 3.0.4.1-2+lenny2
has caused the Debian Bug report #547132,
regarding CVE-2009-3165: SQL injection vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
547132: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547132
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: bugzilla
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for bugzilla.

CVE-2009-3165[0]:
| SQL injection vulnerability in the Bug.create WebService function in
| Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through
| 3.4.1 allows remote attackers to execute arbitrary SQL commands via
| unspecified parameters.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3165
    http://security-tracker.debian.net/tracker/CVE-2009-3165


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqx3+cACgkQNxpp46476aq31gCeLMfMJuutOzPwP+0uouISHD4/
fjAAn1q/BdldzmPcE/W9vh5Im9h3FoRj
=Kbgf
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Source: bugzilla
Source-Version: 3.0.4.1-2+lenny2

We believe that the bug you reported is fixed in the latest version of
bugzilla, which is due to be installed in the Debian FTP archive:

bugzilla3-doc_3.0.4.1-2+lenny2_all.deb
  to pool/main/b/bugzilla/bugzilla3-doc_3.0.4.1-2+lenny2_all.deb
bugzilla3_3.0.4.1-2+lenny2_all.deb
  to pool/main/b/bugzilla/bugzilla3_3.0.4.1-2+lenny2_all.deb
bugzilla_3.0.4.1-2+lenny2.diff.gz
  to pool/main/b/bugzilla/bugzilla_3.0.4.1-2+lenny2.diff.gz
bugzilla_3.0.4.1-2+lenny2.dsc
  to pool/main/b/bugzilla/bugzilla_3.0.4.1-2+lenny2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 547...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated bugzilla package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 16 Oct 2009 18:59:23 +0200
Source: bugzilla
Binary: bugzilla3 bugzilla3-doc
Architecture: source all
Version: 3.0.4.1-2+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Raphael Bossek <boss...@debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description: 
 bugzilla3  - web-based bug tracking system
 bugzilla3-doc - comprehensive guide to Bugzilla
Closes: 547132
Changes: 
 bugzilla (3.0.4.1-2+lenny2) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed SQL injection vulnerability in the Bug.create WebService function
     CVE-2009-3165, Closes: #547132
Checksums-Sha1: 
 91ab4a659b02195ea3a5d4dd438ec69dcfcb19c4 1243 bugzilla_3.0.4.1-2+lenny2.dsc
 ad2470db964ed713b0f286db5ddcba3331cbc0ad 3954446 bugzilla_3.0.4.1.orig.tar.gz
 147ca19e634b97ccc0c83ea05e3d51b671fa06aa 69637 
bugzilla_3.0.4.1-2+lenny2.diff.gz
 e638f1089bc46d129e4e1360cbbb278dd39cced3 2146316 
bugzilla3_3.0.4.1-2+lenny2_all.deb
 a4ca2543bcd31b13597fa97a83ffe60a6322656d 762556 
bugzilla3-doc_3.0.4.1-2+lenny2_all.deb
Checksums-Sha256: 
 7c7350fdd04a3a243b1020f36e8afe9d7ba7d7deb583c74b76f40256f2b8fab2 1243 
bugzilla_3.0.4.1-2+lenny2.dsc
 373277aa535424e7aef9e15f93047965ddc965e15a55e9301f8ed2abbe075286 3954446 
bugzilla_3.0.4.1.orig.tar.gz
 e73eb4560439bdeb660fcea625654ecc851c8f989601589ad02dd07213cda25d 69637 
bugzilla_3.0.4.1-2+lenny2.diff.gz
 5ff5aace7ecc5bc66576f9d7018183925f60fb736f66a08612838486c1237c06 2146316 
bugzilla3_3.0.4.1-2+lenny2_all.deb
 c163196fd42fc1907cf48ad8048c88318a30bad93a80a7fa8061ebea05e2684b 762556 
bugzilla3-doc_3.0.4.1-2+lenny2_all.deb
Files: 
 d2042a55019cb36fc55be54ccb1e21f6 1243 web optional 
bugzilla_3.0.4.1-2+lenny2.dsc
 a5059f2d816d9675f7029146c2153a7a 3954446 web optional 
bugzilla_3.0.4.1.orig.tar.gz
 b4a57f2a01a0ac62657694874303399f 69637 web optional 
bugzilla_3.0.4.1-2+lenny2.diff.gz
 2cb2805efc33850f445bbfa1ad9d0a25 2146316 web optional 
bugzilla3_3.0.4.1-2+lenny2_all.deb
 3475bb044582f909e90ba58ac7c5bbf4 762556 doc optional 
bugzilla3-doc_3.0.4.1-2+lenny2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkrZnyAACgkQNxpp46476arYoQCgma/4EDjL8c1B6En9+qyBvjVp
gXEAn0djyfp4jATPpe77z30z4NmuOtO8
=MpCo
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to