Bug#584671: marked as done ([lxr-cvs] new stable version fix security hole)

[Debian Bug Tracking System]

Your message dated Mon, 02 Aug 2010 15:02:48 +0000
with message-id <e1ofwxq-0001k0...@franck.debian.org>
and subject line Bug#584671: fixed in lxr-cvs 0.9.5+cvs20071020-1.1
has caused the Debian Bug report #584671,
regarding [lxr-cvs] new stable version fix security hole
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584671: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584671
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: lxr-cvs
Version: 0.9.5+cvs20071020-1
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org

--- Please enter the report below this line. ---
Please update lxr-cvs to the new stable version. The new version 0.9.8 of 
lxrng fix several cross-site scripting vulnerabilities (CVE-2009-4497) reported 
in bug #575745
The new version was published 2010-01-15 on 
http://sourceforge.net/projects/lxr/

regards
xavier
--- System information. ---
Architecture: amd64
Kernel:       Linux 2.6.32-5-amd64

Debian Release: squeeze/sid
  500 unstable        ftp.fr.debian.org 
  500 unstable        debian-multimedia.gnali.org 
  500 instable        download.tuxfamily.org 
  101 experimental-snapshots qt-kde.debian.net 
  101 experimental    ftp2.fr.debian.org 

--- Package information. ---
Depends                     (Version) | Installed
=====================================-+-==============
apache2                               | 2.2.15-5
 OR apache-ssl                        | 
 OR apache-perl                       | 
 OR apache                            | 
 OR httpd-cgi                         | 
exuberant-ctags                       | 1:5.8-2
perl5                                 | 
libfile-mmagic-perl                   | 1.27-1
perl                    (>= 5.6.0-16) | 5.10.1-12


Recommends             (Version) | Installed
================================-+-===========
mysql-server                     | 
 OR postgresql                   | 8.4.4-1
libdbd-mysql-perl                | 4.014-1
 OR libdbd-pg-perl               | 


Suggests                  (Version) | Installed
===================================-+-===========
swish-e                    (>= 2.1) | 
libapache2-mod-perl2                | 
 OR libapache-mod-perl              | 





Xavier
xav...@alternatif.org - 09 54 06 16 26

--- End Message ---

--- Begin Message ---

Source: lxr-cvs
Source-Version: 0.9.5+cvs20071020-1.1

We believe that the bug you reported is fixed in the latest version of
lxr-cvs, which is due to be installed in the Debian FTP archive:

lxr-cvs_0.9.5+cvs20071020-1.1.diff.gz
  to main/l/lxr-cvs/lxr-cvs_0.9.5+cvs20071020-1.1.diff.gz
lxr-cvs_0.9.5+cvs20071020-1.1.dsc
  to main/l/lxr-cvs/lxr-cvs_0.9.5+cvs20071020-1.1.dsc
lxr-cvs_0.9.5+cvs20071020-1.1_all.deb
  to main/l/lxr-cvs/lxr-cvs_0.9.5+cvs20071020-1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 584...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated lxr-cvs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 31 Jul 2010 15:57:41 +0200
Source: lxr-cvs
Binary: lxr-cvs
Architecture: source all
Version: 0.9.5+cvs20071020-1.1
Distribution: unstable
Urgency: high
Maintainer: Giacomo Catenazzi <c...@debian.org>
Changed-By: Nico Golde <n...@debian.org>
Description: 
 lxr-cvs    - A general hypertext cross-referencing tool
Closes: 575745 584671 588036 588137
Changes: 
 lxr-cvs (0.9.5+cvs20071020-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backported upstream security fixes from current release (Closes: #584671).
   * This update addresses the following security issues:
     - CVE-2010-1448: reflected XSS via title tag on search page (Closes: 
#588036).
     - CVE-2010-1625: reflected XSS in search results page (Closes: #588137).
     - CVE-2009-4497: XSS via the i parameter of the ident script (Closes: 
#575745).
Checksums-Sha1: 
 7492c59dd538b96b12bd44c40b63f04593abb23c 1042 lxr-cvs_0.9.5+cvs20071020-1.1.dsc
 38f50b6fdd65a277319cc67ada39cb10ec515d8e 9601 
lxr-cvs_0.9.5+cvs20071020-1.1.diff.gz
 249ecfc78c981a9cb95b037aca2752ad20bf0651 72170 
lxr-cvs_0.9.5+cvs20071020-1.1_all.deb
Checksums-Sha256: 
 bd53ab6c4def0a7e740c36a6348a470f31fd0bd0046dc975ad7bb3d2bfa6efaf 1042 
lxr-cvs_0.9.5+cvs20071020-1.1.dsc
 ff8efd1d2d77bd6ab7937c3c5ae79fb9e876de3149ada951fb967ea736b9e3f6 9601 
lxr-cvs_0.9.5+cvs20071020-1.1.diff.gz
 ed77ffc0464e5da4917ad04efd77d8194ec163fd017c8b1fb106e13e10241b4f 72170 
lxr-cvs_0.9.5+cvs20071020-1.1_all.deb
Files: 
 9508cb537bd58d9d8f7139b9f8bdca34 1042 misc extra 
lxr-cvs_0.9.5+cvs20071020-1.1.dsc
 7d096b0577c133d6c87b6e37db1425e8 9601 misc extra 
lxr-cvs_0.9.5+cvs20071020-1.1.diff.gz
 977a60352cb067c67e34cebfdd781f08 72170 misc extra 
lxr-cvs_0.9.5+cvs20071020-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkxUNl8ACgkQHYflSXNkfP9ogACfSJx9m8qcCheb66P104uF9UQc
n/UAn0Rjs8t2zVoD53B5/QlIo8D/DI+8
=nc94
-----END PGP SIGNATURE-----

--- End Message ---