Your message dated Mon, 30 May 2011 22:10:29 +0000
with message-id <e1qrafn-0003cl...@franck.debian.org>
and subject line Bug#628504: Removed package(s) from unstable
has caused the Debian Bug report #628453,
regarding CVE-2011-1521: information disclosure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
628453: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628453
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3.1
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for python3.1.
CVE-2011-1521[0]:
| The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x
| before 3.2.1 process Location headers that specify redirection to
| file: URLs, which makes it easier for remote attackers to obtain
| sensitive information or cause a denial of service (resource
| consumption) via a crafted URL, as demonstrated by the
| file:///etc/passwd and file:///dev/zero URLs.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers,
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
http://security-tracker.debian.org/tracker/CVE-2011-1521
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3hwCsACgkQ62zWxYk/rQdRAgCgp95X4txXuLx3yCsB480zqwLE
tOAAn2z4xQTbUAi8uJz6XMu6Z1ED+5Uu
=i+u7
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Version: 3.1.3-1+rm
Dear submitter,
as the package python3.1 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see http://bugs.debian.org/628504
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@debian.org.
Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)
--- End Message ---
