Bug#588038: marked as done (Directory traversal flaw by editing and saving list entries via php-admin web interface)

[Debian Bug Tracking System]

Your message dated Sun, 18 Jul 2010 19:17:52 +0000
with message-id <e1oazn2-0007mn...@franck.debian.org>
and subject line Bug#588038: fixed in mlmmj 1.2.17-1.1
has caused the Debian Bug report #588038,
regarding Directory traversal flaw by editing and saving list entries via 
php-admin web interface
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
588038: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588038
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: mlmmj
Severity: grave
Tags: security

Hi,
please see 
http://www.openwall.com/lists/oss-security/2010/06/23/5
https://bugzilla.redhat.com/show_bug.cgi?id=607256

Proposed patch by upstream:
http://www.openwall.com/lists/oss-security/2010/06/26/1

This is CVE-2009-4896.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages mlmmj depends on:
ii  dctrl-tools                   2.14       Command-line tools to process Debi
ii  debconf [debconf-2.0]         1.5.32     Debian configuration management sy
ii  exim4-daemon-light [mail-tran 4.71-4     lightweight Exim MTA (v4) daemon
ii  libc6                         2.10.2-9   Embedded GNU C Library: Shared lib

mlmmj recommends no packages.

Versions of packages mlmmj suggests:
pn  mlmmj-php-web                 <none>     (no description available)
pn  mlmmj-php-web-admin           <none>     (no description available)

--- End Message ---

--- Begin Message ---

Source: mlmmj
Source-Version: 1.2.17-1.1

We believe that the bug you reported is fixed in the latest version of
mlmmj, which is due to be installed in the Debian FTP archive:

mlmmj-php-web-admin_1.2.17-1.1_all.deb
  to main/m/mlmmj/mlmmj-php-web-admin_1.2.17-1.1_all.deb
mlmmj-php-web_1.2.17-1.1_all.deb
  to main/m/mlmmj/mlmmj-php-web_1.2.17-1.1_all.deb
mlmmj_1.2.17-1.1.diff.gz
  to main/m/mlmmj/mlmmj_1.2.17-1.1.diff.gz
mlmmj_1.2.17-1.1.dsc
  to main/m/mlmmj/mlmmj_1.2.17-1.1.dsc
mlmmj_1.2.17-1.1_amd64.deb
  to main/m/mlmmj/mlmmj_1.2.17-1.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 588...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated mlmmj package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 17 Jul 2010 02:21:19 +0800
Source: mlmmj
Binary: mlmmj mlmmj-php-web mlmmj-php-web-admin
Architecture: source amd64 all
Version: 1.2.17-1.1
Distribution: unstable
Urgency: high
Maintainer: Daniel Walrond <deb...@djw.org.uk>
Changed-By: Thomas Goirand <z...@debian.org>
Description: 
 mlmmj      - mail server independent mailing list manager
 mlmmj-php-web - web interface for mlmmj, written in php
 mlmmj-php-web-admin - administrative web interface for mlmmj, written in php
Closes: 588038
Changes: 
 mlmmj (1.2.17-1.1) unstable; urgency=high
 .
   * Non-maintainer QA upload.
   * Fixes CVE-2009-4896 mlmmj-php-admin directory traversal (Closes: #588038).
Checksums-Sha1: 
 92d8676106448b066a6f390a9d52aa8fac6f45f8 1017 mlmmj_1.2.17-1.1.dsc
 0bd88c44f082c100b9d2752990354763a2a51eb7 22085 mlmmj_1.2.17-1.1.diff.gz
 43258d1481a6009e2a7caa75622c2012d061f79c 210554 mlmmj_1.2.17-1.1_amd64.deb
 98ac368b91ecfed2d9e6d21cc58133b0352563ee 18076 mlmmj-php-web_1.2.17-1.1_all.deb
 5b6c57478814983be131753ed20d5b5c35ad1806 33224 
mlmmj-php-web-admin_1.2.17-1.1_all.deb
Checksums-Sha256: 
 ec48493e649fcf6859d98967a17c0317db3effff9f10000a58d5031461cfdbef 1017 
mlmmj_1.2.17-1.1.dsc
 7c7e8bca7b31e408281a7563161d1981c9fdba724946d0b10a88eb8e03c6e514 22085 
mlmmj_1.2.17-1.1.diff.gz
 d0e2311b56544af3fa698870f5e4c23eeae5a7d1d015919379b5bae274336971 210554 
mlmmj_1.2.17-1.1_amd64.deb
 63e043415bb937be3c81eecee4e600f28ca7d40114eb95e82edea6a5567e8242 18076 
mlmmj-php-web_1.2.17-1.1_all.deb
 f798353c19cfb4234002b1e21c540ee7c6c293c249b432cb53af8ccb6845b473 33224 
mlmmj-php-web-admin_1.2.17-1.1_all.deb
Files: 
 b88ef62bbb89c57d286d455fcd77ab4b 1017 mail optional mlmmj_1.2.17-1.1.dsc
 0331f65b07abd8efa54ae4bacc1e6637 22085 mail optional mlmmj_1.2.17-1.1.diff.gz
 fc00198f013d346c5a400a6c79cf1237 210554 mail optional 
mlmmj_1.2.17-1.1_amd64.deb
 4211238db2c18118b6b1f7543e775209 18076 mail optional 
mlmmj-php-web_1.2.17-1.1_all.deb
 7334469c163410560d5355d395ad8678 33224 mail optional 
mlmmj-php-web-admin_1.2.17-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkxDOfgACgkQl4M9yZjvmkl6ggCeIsRaIJHmOt8fw85aqFNAnXpx
3PoAoOBdXoeItA5bcb1+O2mVgpRbyAaB
=rkU5
-----END PGP SIGNATURE-----

--- End Message ---