Your message dated Wed, 16 Dec 2009 23:28:00 -0500
with message-id <d1b732a70912162028q6caa2789g7f465ac16ae7c...@mail.gmail.com>
and subject line Removal of libwordpress-xmlrpc-perl
has caused the Debian Bug report #559770,
regarding libwordpress-xmlrpc-perl embeds wordpress' xmlrpc
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
559770: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559770
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libwordpress-xmlrpc-perl
Version: 1.19-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for wordpress. libwordpress-xmlrpc-perl embeds wordpress'
xmlrpc.php, so it may also be vulnerable. The two files differ, and I
have so far been unable to pinpoint the exact code patch to fix the
problem. Please check whether the package is affected. Even if it is
not affected, embedded code is bad, so please update the package to
make use of wordpress's code.
CVE-2007-6672[0]:
| Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass
| protection mechanisms and read the source of files via multiple '/'
| (slash) characters in the URI.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6672
http://security-tracker.debian.org/tracker/CVE-2007-6672
--- End Message ---
--- Begin Message ---
Hi:
Please note that these bugs are no longer valid because
libwordpress-xmlrpc-perl has been removed from Debian unstable. It
appears that it has also been removed from testing per the automated
process.
This will "resolve" the issues for now -- however, unfortunately the
package is no longer available as part of Debian and must be installed
manually via CPAN or another tool. Hopefully the issues will be
resolved upstream eventually.
If there is some serious need for this package (and I mean enough to
convince us to do the work this would entail), we can consider a
severe series of patches to get things in good working order (but we'd
pretty much be diverging from upstream and it would pretty much just
be a fork of the older version that did not use the LEOCHARRE::
modules). I'd rather not maintain a module like this as a Debian
native package.
Cheers,
Jonathan
--- End Message ---
