Bug#606386: marked as done (CVE-2010-4335)

Debian Bug Tracking System Thu, 16 Dec 2010 08:18:32 -0800

Your message dated Thu, 16 Dec 2010 16:17:09 +0000
with message-id <e1ptgvx-0001xg...@franck.debian.org>
and subject line Bug#606386: fixed in cakephp 1.3.2-1.1
has caused the Debian Bug report #606386,
regarding CVE-2010-4335
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
606386: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606386
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: cakephp
Severity: grave
Tags: security

A security issue has been found in cakephp, please see here for a fix:
https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb

Please upload an isolated fix to sid, which can migrate to testing.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages cakephp depends on:
pn  php5                          <none>     (no description available)

Versions of packages cakephp recommends:
pn  cakephp-scripts               <none>     (no description available)

Versions of packages cakephp suggests:
pn  cakephp-instaweb              <none>     (no description available)
pn  php5-mysql                    <none>     (no description available)

--- End Message ---

--- Begin Message ---

Source: cakephp
Source-Version: 1.3.2-1.1

We believe that the bug you reported is fixed in the latest version of
cakephp, which is due to be installed in the Debian FTP archive:

cakephp-scripts_1.3.2-1.1_all.deb
  to main/c/cakephp/cakephp-scripts_1.3.2-1.1_all.deb
cakephp_1.3.2-1.1.debian.tar.gz
  to main/c/cakephp/cakephp_1.3.2-1.1.debian.tar.gz
cakephp_1.3.2-1.1.dsc
  to main/c/cakephp/cakephp_1.3.2-1.1.dsc
cakephp_1.3.2-1.1_all.deb
  to main/c/cakephp/cakephp_1.3.2-1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 606...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated cakephp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 14 Dec 2010 15:41:20 +0000
Source: cakephp
Binary: cakephp cakephp-scripts
Architecture: source all
Version: 1.3.2-1.1
Distribution: unstable
Urgency: high
Maintainer: Chris Lamb <la...@debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description: 
 cakephp    - MVC rapid application development framework for PHP
 cakephp-scripts - MVC rapid application development framework for PHP (scripts)
Closes: 606386
Changes: 
 cakephp (1.3.2-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Patch for CVE-2010-4335 (unsafe unserialize)
     Closes: #606386
Checksums-Sha1: 
 fe5723a820351d75112824b5b3840afbcbfcfa3a 1793 cakephp_1.3.2-1.1.dsc
 9ccd94cbb71282d2075dd3e6958788e68605c503 7524 cakephp_1.3.2-1.1.debian.tar.gz
 a43af6ebe1e14a152a5f030924a8d3a794f3bec6 872672 cakephp_1.3.2-1.1_all.deb
 1d360d107d22a12b46f6d1a09dd38d2c63753b22 98232 
cakephp-scripts_1.3.2-1.1_all.deb
Checksums-Sha256: 
 54550c08be77e3259fd30cd0901b8493b978911e934ec125f8fc4c6dc2f9b6f6 1793 
cakephp_1.3.2-1.1.dsc
 5f704199101cd5ee9d87bd5b52e801398fbddc24adfefa66bc505fd20c87ba22 7524 
cakephp_1.3.2-1.1.debian.tar.gz
 acaf22efa85431107dbbf0c482f759862cf1064cf13ebdd5a9eadf24005a35bf 872672 
cakephp_1.3.2-1.1_all.deb
 316e9f174457c0d3cac831832c091d3bdeee3369472044a7b8add2f6b3d7febc 98232 
cakephp-scripts_1.3.2-1.1_all.deb
Files: 
 37cc814f1994c20aa714837cd2c3c892 1793 web optional cakephp_1.3.2-1.1.dsc
 ab16946b98adc37269e8ba68b4180cfb 7524 web optional 
cakephp_1.3.2-1.1.debian.tar.gz
 52d26bc8f13b104c6206eefa939fa4df 872672 web optional cakephp_1.3.2-1.1_all.deb
 e0bc417362db75ad18b87a3a0dd4c84c 98232 web optional 
cakephp-scripts_1.3.2-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJNB5KNAAoJEFOUR53TUkxRsOYP/RZW0GshY8gcU5xiG6UqSJ2e
e8GDtfZ4CskEym0IDwxczE86git821tcUvlXG3gMyUzTZwcDXDiRID+uu+ntWu7/
QD8kbfTkYSiu2IewDuFJ/1+0xhJlMS+mua6hjkitPjRM9xNSid8iuuwbmBUeyp/e
51wK/y6WrWTdOkgxHjLK0bWYCHnisy0QMYOl7mflU7T0eV78TzHSjnrpWRGShnJu
f5x3R7RYuAeNFPVqNeqMVicYSfpcaE8Uka6j3v5FhjzdYSBdPOQPhENGSplX70Mk
kjiyvJ88wcVr3PXd7pT++apBqqI5TQOkUcPTM8Gh0xlDYO3FIxCu7ybv2AO+t0qL
fVX4oSLN6Egi6waZG9Wd3QQspnoaKY0BaHZfsMXBvOgAZ68rJyysfO6CJQdbfBzi
+Tg9ImvRMD3gGW1oe0/IUfc4ppENN5V94EeL/F+9DTWEtGmDXOk27JQ8O3eLpb2r
dpBmZArXf8y3Wrh9XDtD8408gm2UFwwMdR43HDEogjGCLQFXhmpqv6FOiiNWIxf5
72jaEbsTwz8vnEoigghlvD7g/4yJyVit5ko4XNclsiSjO5141SJXvwxog5VC/HPf
tkwxBblPzc5yo1epNdIIhRznsE2yfjqTGF1MDuJC9yzhQ2xSaPWhSDCuUJEnefAn
4bTg9isTDAxEfo9SIK0T
=OD3I
-----END PGP SIGNATURE-----

--- End Message ---

Bug#606386: marked as done (CVE-2010-4335)

Reply via email to