Bug#608397: marked as done (redmine: security issues in 1.0.1 (fixed in 1.0.5))

[Debian Bug Tracking System]

Your message dated Thu, 16 Jun 2011 01:54:44 +0000
with message-id <e1qx1na-0004ql...@franck.debian.org>
and subject line Bug#608397: fixed in redmine 1.0.1-2
has caused the Debian Bug report #608397,
regarding redmine: security issues in 1.0.1 (fixed in 1.0.5)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
608397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: redmine
Version: 1.0.1-1
Severity: grave
Tag: security

Hi,

 I found the article that describes redmine 1.0.5 fixes 3 security issues.
 See http://www.redmine.org/news/49

 You've already uploaded it to unstable, that's good. However, unfortunately 
 the package in Squeeze is still vulnerable. So, could you provide security
 fix for that, please?


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane

--- End Message ---

--- Begin Message ---

Source: redmine
Source-Version: 1.0.1-2

We believe that the bug you reported is fixed in the latest version of
redmine, which is due to be installed in the Debian FTP archive:

redmine-mysql_1.0.1-2_all.deb
  to main/r/redmine/redmine-mysql_1.0.1-2_all.deb
redmine-pgsql_1.0.1-2_all.deb
  to main/r/redmine/redmine-pgsql_1.0.1-2_all.deb
redmine-sqlite_1.0.1-2_all.deb
  to main/r/redmine/redmine-sqlite_1.0.1-2_all.deb
redmine_1.0.1-2.debian.tar.gz
  to main/r/redmine/redmine_1.0.1-2.debian.tar.gz
redmine_1.0.1-2.dsc
  to main/r/redmine/redmine_1.0.1-2.dsc
redmine_1.0.1-2_all.deb
  to main/r/redmine/redmine_1.0.1-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 608...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jérémy Lal <kapo...@melix.org> (supplier of updated redmine package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 04 Jan 2011 22:49:03 +0100
Source: redmine
Binary: redmine redmine-mysql redmine-pgsql redmine-sqlite
Architecture: source all
Version: 1.0.1-2
Distribution: stable-security
Urgency: high
Maintainer: Jérémy Lal <kapo...@melix.org>
Changed-By: Jérémy Lal <kapo...@melix.org>
Description: 
 redmine    - flexible project management web application
 redmine-mysql - metapackage providing MySQL dependencies for Redmine
 redmine-pgsql - metapackage providing PostgreSQL dependencies for Redmine
 redmine-sqlite - metapackage providing sqlite dependencies for Redmine
Closes: 608397
Changes: 
 redmine (1.0.1-2) stable-security; urgency=high
 .
   * Security update, fixes
     - Infoleak in journals controller,
     - Persistent XSS in issue description,
     - Command Execution in repository.
     (Closes: #608397)
Checksums-Sha1: 
 d17a54c95b9cbea1a77d523825da361bf4ad167b 1640 redmine_1.0.1-2.dsc
 e96bf28639af4e51f477a1e33d532f4a88c10723 4804274 redmine_1.0.1.orig.tar.gz
 6536d6ea4450b0c0a7698e4135a194b545170b8e 32762 redmine_1.0.1-2.debian.tar.gz
 8ae7c535ea86fbc7a366617a3cb6760c3ca60032 1586314 redmine_1.0.1-2_all.deb
 95546ca6decaae8217f29d2104eb180d8b670cc1 32480 redmine-mysql_1.0.1-2_all.deb
 5a2f9e61e9bc9af41ed41c26c44d0a5a98827535 32458 redmine-pgsql_1.0.1-2_all.deb
 3e64be94192fad070eb3e06ca1ede01e8e2d2bb3 32436 redmine-sqlite_1.0.1-2_all.deb
Checksums-Sha256: 
 fa306e9b88655608c59c2420496322b2baae43dc130ce9cf3a3bd9db4c6b49ba 1640 
redmine_1.0.1-2.dsc
 974677b19a448ae43d78f6375a0efc224765251e0323159419ac96617124c07e 4804274 
redmine_1.0.1.orig.tar.gz
 2a309b0de13e99c27291a9ba6ea8140a0306e47ddbe23e1ee27567a37a8f1317 32762 
redmine_1.0.1-2.debian.tar.gz
 3b11566d21e5dc2203266a2202f0846c4822ca3b8eff567f597ef16b64fcff28 1586314 
redmine_1.0.1-2_all.deb
 4af2ba8870991d969bb71b1bf7fb6eaf57abe42eb07c86b6f4b0a0f116ed6bdb 32480 
redmine-mysql_1.0.1-2_all.deb
 80a9727df39eca060f434ff162ead7920df0d3c4d22e921605331e8e3a967d28 32458 
redmine-pgsql_1.0.1-2_all.deb
 185fcfdfc8ba492119c45629d08f88159cca82a7f4261398a52499abb076ea5c 32436 
redmine-sqlite_1.0.1-2_all.deb
Files: 
 16850e44e0194ca854f3d65d83230418 1640 web extra redmine_1.0.1-2.dsc
 3bcb608f462b4cd0f272acd4fb2e2384 4804274 web extra redmine_1.0.1.orig.tar.gz
 d593e77bc949f0e5ad9b78a42bef50b9 32762 web extra redmine_1.0.1-2.debian.tar.gz
 b04e3ec0635be5256439c9f694e59324 1586314 web extra redmine_1.0.1-2_all.deb
 d47ffd557fd53f59a4e66b0940899ce5 32480 web extra redmine-mysql_1.0.1-2_all.deb
 29459e68816b6b82df18d77cefbf2018 32458 web extra redmine-pgsql_1.0.1-2_all.deb
 f8f1d704ae4eea6e35006a08bc40ba7d 32436 web extra redmine-sqlite_1.0.1-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJN+I+xAAoJEOxfUAG2iX57bCsIAKdS9wLyoOCFWvWVv30XCUaR
laI55qTr4EfEvkLZFKZcuQelwd8vY701Xqn0KVBVD1b6YDFNF1UL6thF6GMB1dHQ
uzWUocvQrz/WyuKueH/UOx/qgpGspqc+Y5eTjmDxqVdKXHrxNlJHBPjh1HVtOt8Z
JS+RSFtpIMPW6RIC5Ocs4xpLFQBfYhJTMldbsQas/9hRnR6Z6NrhSPSlW8IbwFvw
tmT27xSLCX18+KOJwyWtFy+UMczKX7RFsG+7GD+4YzOkSHpQE5B9ufuYGp0jtsVW
FI0W+dKv/nI62K/G5qUks/s9M5Y65RbT1fFOplpvZ5XGXuOVs21/OT27t3MZRws=
=QXSl
-----END PGP SIGNATURE-----

--- End Message ---