Bug#575366: marked as done (HTTP response splitting vulnerability)

Thu, 25 Mar 2010 03:09:07 -0700 

Your message dated Thu, 25 Mar 2010 10:04:00 +0000
with message-id <e1nujuy-0003hn...@ries.debian.org>
and subject line Bug#575366: fixed in interchange 5.7.6-1
has caused the Debian Bug report #575366,
regarding HTTP response splitting vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
575366: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575366
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
package: interchange
severity: critical
tags: security, fixed-upstream

Interchange 5.7.6 closes a potential HTTP response splitting
vulnerability.

For details see http://www.icdevgroup.org/i/dev/news?mv_arg=00042.

The patch to fix the vulnerability is here:

http://git.icdevgroup.org/?p=interchange.git;a=patch;h=c2d7cc435b71ffaaa1e6e1050566a087f8b5e510

I'll upload Interchange 5.7.6 packages today.

Regards
        Racke

--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team

--- End Message ---
--- Begin Message --- 
Source: interchange
Source-Version: 5.7.6-1

We believe that the bug you reported is fixed in the latest version of
interchange, which is due to be installed in the Debian FTP archive:

interchange-cat-standard_5.7.6-1_all.deb
  to main/i/interchange/interchange-cat-standard_5.7.6-1_all.deb
interchange-ui_5.7.6-1_all.deb
  to main/i/interchange/interchange-ui_5.7.6-1_all.deb
interchange_5.7.6-1.diff.gz
  to main/i/interchange/interchange_5.7.6-1.diff.gz
interchange_5.7.6-1.dsc
  to main/i/interchange/interchange_5.7.6-1.dsc
interchange_5.7.6-1_amd64.deb
  to main/i/interchange/interchange_5.7.6-1_amd64.deb
interchange_5.7.6.orig.tar.gz
  to main/i/interchange/interchange_5.7.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 575...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Hornburg (Racke) <ra...@linuxia.de> (supplier of updated interchange 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 25 Mar 2010 10:18:41 +0100
Source: interchange
Binary: interchange-cat-standard interchange-ui interchange
Architecture: source all amd64
Version: 5.7.6-1
Distribution: unstable
Urgency: high
Maintainer: Stefan Hornburg (Racke) <ra...@linuxia.de>
Changed-By: Stefan Hornburg (Racke) <ra...@linuxia.de>
Description: 
 interchange - e-commerce and general HTTP database display system
 interchange-cat-standard - Standard store, a sample Interchange catalog
 interchange-ui - Interchange administration interface (UI)
Closes: 571694 575366
Changes: 
 interchange (5.7.6-1) unstable; urgency=high
 .
   * new upstream release, fixes potential HTTP response splitting
     vulnerability (Closes: #575366)
   * running in PreFork mode requires Tie::ShadowHash module, dependency
     added to interchange package (Closes: #571694)
Checksums-Sha1: 
 0413d2efc1112b8c956e06ead349f31d8986fe41 1215 interchange_5.7.6-1.dsc
 47f1682b71909956d78857a6a90eb2d13c9e4eda 2520673 interchange_5.7.6.orig.tar.gz
 2aa1ebcbefc644eb1326520c10ea73981343f2ab 18914 interchange_5.7.6-1.diff.gz
 a70392a549260462e83a3238e8db5f78e0f1ed00 912758 
interchange-cat-standard_5.7.6-1_all.deb
 ee05acaa11236946f61b452d1d5af7e0c1f6b105 597562 interchange-ui_5.7.6-1_all.deb
 841430cc24c57815f515514b9083f5976c512220 1190426 interchange_5.7.6-1_amd64.deb
Checksums-Sha256: 
 9de7f527bfe665f4ba630728c1161bf012db3e3e898f33e29cd8fffe65373689 1215 
interchange_5.7.6-1.dsc
 acef1ca6be6a5ac82fcd806a8f472abee7b871af41526fd404d527b7099b0b7d 2520673 
interchange_5.7.6.orig.tar.gz
 5d5f8b6a55a7b06ffd39a081fb9bc11af84ce5cb8883c666aff826b0e78df6a2 18914 
interchange_5.7.6-1.diff.gz
 5102442dddabd1d4f8219b1f9eea89222757c189571c310fc46acdbee1e3e335 912758 
interchange-cat-standard_5.7.6-1_all.deb
 ae4c4cb7dd1a304824ac30d1cc19a7463783b90bc618d22b6e6e889a91b26b02 597562 
interchange-ui_5.7.6-1_all.deb
 1c9f7e1df10260f97619f2d1c1df60325dfd1b2c20dd0ecbd706c6d01c782a0d 1190426 
interchange_5.7.6-1_amd64.deb
Files: 
 e1888549fa0aec4948e733e2bedc4b63 1215 web optional interchange_5.7.6-1.dsc
 103419dd871b14823bf19e921fc91793 2520673 web optional 
interchange_5.7.6.orig.tar.gz
 dc72db46c7a6ce401f3b7c08f0e8a05a 18914 web optional interchange_5.7.6-1.diff.gz
 207c369a966ffaa46e8191116493f3be 912758 web optional 
interchange-cat-standard_5.7.6-1_all.deb
 910336b698e59ba80d3aed719941af00 597562 web optional 
interchange-ui_5.7.6-1_all.deb
 727da7a86927f14a61103b864971118a 1190426 web optional 
interchange_5.7.6-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkurM4YACgkQjgVfE5tya3HY7gCgjSf4rtCtMYSFqgbWMMuK6UDP
c+UAoL6VKr2h/IqwFXeV6VRsHyDWOQsh
=cTfU
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to