Your message dated Fri, 29 Jul 2011 02:50:51 +0000
with message-id <e1qmda3-0004la...@franck.debian.org>
and subject line Bug#635837: fixed in libsoup2.4 2.34.3-1
has caused the Debian Bug report #635837,
regarding CVE-2011-2524: SoupServer directory traversal
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
635837: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635837
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libsoup2.4
Severity: grave
Tags: security
Please see the following references:
https://bugzilla.redhat.com/show_bug.cgi?id=720509
https://bugzilla.gnome.org/show_bug.cgi?id=653258
http://git.gnome.org/browse/libsoup/commit/?id=cbeeb7a0f7f0e8b16f2d382157496f9100218dea
http://git.gnome.org/browse/libsoup/commit/?h=gnome-3-0&id=51eb8798c3965b49f3010db82009d36429f28514
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: libsoup2.4
Source-Version: 2.34.3-1
We believe that the bug you reported is fixed in the latest version of
libsoup2.4, which is due to be installed in the Debian FTP archive:
gir1.2-soup-2.4_2.34.3-1_i386.deb
to main/libs/libsoup2.4/gir1.2-soup-2.4_2.34.3-1_i386.deb
libsoup-gnome2.4-1_2.34.3-1_i386.deb
to main/libs/libsoup2.4/libsoup-gnome2.4-1_2.34.3-1_i386.deb
libsoup-gnome2.4-dev_2.34.3-1_i386.deb
to main/libs/libsoup2.4/libsoup-gnome2.4-dev_2.34.3-1_i386.deb
libsoup2.4-1_2.34.3-1_i386.deb
to main/libs/libsoup2.4/libsoup2.4-1_2.34.3-1_i386.deb
libsoup2.4-dbg_2.34.3-1_i386.deb
to main/libs/libsoup2.4/libsoup2.4-dbg_2.34.3-1_i386.deb
libsoup2.4-dev_2.34.3-1_i386.deb
to main/libs/libsoup2.4/libsoup2.4-dev_2.34.3-1_i386.deb
libsoup2.4-doc_2.34.3-1_all.deb
to main/libs/libsoup2.4/libsoup2.4-doc_2.34.3-1_all.deb
libsoup2.4_2.34.3-1.debian.tar.gz
to main/libs/libsoup2.4/libsoup2.4_2.34.3-1.debian.tar.gz
libsoup2.4_2.34.3-1.dsc
to main/libs/libsoup2.4/libsoup2.4_2.34.3-1.dsc
libsoup2.4_2.34.3.orig.tar.bz2
to main/libs/libsoup2.4/libsoup2.4_2.34.3.orig.tar.bz2
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 635...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <bi...@debian.org> (supplier of updated libsoup2.4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 29 Jul 2011 03:44:00 +0200
Source: libsoup2.4
Binary: libsoup2.4-dev libsoup2.4-1 libsoup2.4-dbg libsoup-gnome2.4-1
libsoup-gnome2.4-dev libsoup2.4-doc gir1.2-soup-2.4
Architecture: source all i386
Version: 2.34.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers
<pkg-gnome-maintain...@lists.alioth.debian.org>
Changed-By: Michael Biebl <bi...@debian.org>
Description:
gir1.2-soup-2.4 - GObject introspection data for the libsoup HTTP library
libsoup-gnome2.4-1 - HTTP library implementation in C -- GNOME support library
libsoup-gnome2.4-dev - HTTP library implementation in C -- GNOME support
development fil
libsoup2.4-1 - HTTP library implementation in C -- Shared library
libsoup2.4-dbg - HTTP library implementation in C -- debugging symbols
libsoup2.4-dev - HTTP library implementation in C -- Development files
libsoup2.4-doc - HTTP library implementation in C -- API Reference
Closes: 635837
Changes:
libsoup2.4 (2.34.3-1) unstable; urgency=high
.
* New upstream release.
- Fixes CVE-2011-2524: SoupServer directory traversal vulnerability.
Closes: #635837
* debian/watch: Switch to .bz2 tarballs.
* debian/patches/01_memleaks.patch: Remove, merged upstream.
* Bump Standards-Version to 3.9.2. No further changes.
* Bump debhelper compatibility level to 8.
- Update Build-Depends on debhelper.
- Strip debian/tmp/ from .install files.
* Urgency high for the security fix.
Checksums-Sha1:
2ed02c9dc064b79744fa6c4c2b647c38c91990f1 2410 libsoup2.4_2.34.3-1.dsc
ea2354aa01f52ce3c9e40175c4d5ec9f9d46c039 697132 libsoup2.4_2.34.3.orig.tar.bz2
b4d70cb06eeeb38bc7aa3ee969d24b6f1f03d595 14562
libsoup2.4_2.34.3-1.debian.tar.gz
0a3681ff8abf16be17579b6bcd05d1afaba579f2 230678 libsoup2.4-doc_2.34.3-1_all.deb
eb26096f270278483e7daf037be319a687b4c467 320376
libsoup2.4-dev_2.34.3-1_i386.deb
fd5dff75d187a62d9f34bd7367a5c23347f4178e 206276 libsoup2.4-1_2.34.3-1_i386.deb
955a02d2ebe72bf1b3563b9abb9da1bc8873b9bf 369196
libsoup2.4-dbg_2.34.3-1_i386.deb
8f4ac7989436e8ecd6c68ccee783aea55fbaa4a4 42346
libsoup-gnome2.4-1_2.34.3-1_i386.deb
472a17ca7e1818c3f465686497bff6c089c32d48 43728
libsoup-gnome2.4-dev_2.34.3-1_i386.deb
baf431a5ce6c5d072459bea8d698389ae9cb52bb 56950
gir1.2-soup-2.4_2.34.3-1_i386.deb
Checksums-Sha256:
68221ee128e116c0ba8be0356130d3370bd70b8e688f7606a40d3fc9e9c40099 2410
libsoup2.4_2.34.3-1.dsc
940fa2777542e564ba7052252ee065adc6c7982c0cae56a4c541a04329fc7dc7 697132
libsoup2.4_2.34.3.orig.tar.bz2
d77f4b08694018b5772fc95bb0727306293618fe5533f7542791e5f962e093aa 14562
libsoup2.4_2.34.3-1.debian.tar.gz
7daf2a7d48fc2bf71d2328f7ac0fc224c9c821b6e51c2122433bbda0f5896850 230678
libsoup2.4-doc_2.34.3-1_all.deb
7354eb966abe520ba372acc1142f6bc26fb97121037681947ca60a4a2366208a 320376
libsoup2.4-dev_2.34.3-1_i386.deb
ec208da48d3849e45ee68f915012d452b5db828bc8460edbef5a45493829fda9 206276
libsoup2.4-1_2.34.3-1_i386.deb
4cae3b8a5096ae01151ae4b92717a382af2d116d17c25d284439b968c4dfb943 369196
libsoup2.4-dbg_2.34.3-1_i386.deb
c7bc0e031965c9e22c23b9a870d1733607cf99bad619fdab642bde960628b3c0 42346
libsoup-gnome2.4-1_2.34.3-1_i386.deb
d20555997cf2ecba784eb8e0113dae1220efe50faf97a63a78f7ad3b52bfeb55 43728
libsoup-gnome2.4-dev_2.34.3-1_i386.deb
b48f11a992050a984d45914ff3cfbdbfa379746a36ffa8eb722af7303929c13c 56950
gir1.2-soup-2.4_2.34.3-1_i386.deb
Files:
dd1208877365ea4c63c7e2ee79f185cf 2410 devel optional libsoup2.4_2.34.3-1.dsc
7112d198724f8d29fac4647ef400e39b 697132 devel optional
libsoup2.4_2.34.3.orig.tar.bz2
dd33a875371600b8eb8a335d10aaf903 14562 devel optional
libsoup2.4_2.34.3-1.debian.tar.gz
f81d2c36676dbc41325d886d4f7bc690 230678 doc optional
libsoup2.4-doc_2.34.3-1_all.deb
7f14453230bc2e74d0694f1fb197f2d4 320376 libdevel optional
libsoup2.4-dev_2.34.3-1_i386.deb
a34bf69e6f53ad8480762f1172368116 206276 libs optional
libsoup2.4-1_2.34.3-1_i386.deb
24fa7edd3cceffba230581fc7280b3dd 369196 debug extra
libsoup2.4-dbg_2.34.3-1_i386.deb
4c8f897ecb3186a841b4f1ca0b19948f 42346 libs optional
libsoup-gnome2.4-1_2.34.3-1_i386.deb
72939cc0676786cc6b8a4e86d28379b7 43728 libdevel optional
libsoup-gnome2.4-dev_2.34.3-1_i386.deb
6c5ae330a4bf16111d7e4ee8082f2510 56950 libs optional
gir1.2-soup-2.4_2.34.3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOMhI4AAoJEGrh3w1gjyLcEk0QAJeWh8SeVqzp24L4joSU+NpK
uOittlYvjAqIgaYeEaphjfubeEFD4C7mJr3n40C850k0fBARzJZatzsm7J2ap4dB
BZ/y5FsP+6J9WYNDGddqneilBzdSho0LmTDOtdsnQH418IrSrlmR6aYo5T9YHbLS
wOIp7h+H24VTChNuQIdH8RpazRsJLTGHFJ/wAx13KhCL1f1BUpTW3jO9S6uwi1qQ
vbmhyQt0Rssw/TKMuys9HH0jtt9Tmvp1WFzMwJa7MZ2awR/JjZ2UpOAfcbJHtfRD
V5V9B5XZt4REBGVb+Mv/hW6FCo2j4TLVaKK/EfNN7bZS0La/qbsGweh2udC2VlMO
WsDLZQ+S3klfpqbBc9zdAqSOF5gshe9zUdJjn36KjjL8P+nEUjcXABNMIWkSXwP0
fODjXFkEGj6Hy0oqeVr44EHdPRbjutjxAL3EV3VMt9P6bq/DyJr4uGflCcrox3YS
qfMHMWMfzretTWZocSk1h9/5Irg2JLcrZ4IqfFfFvao/1rl7xYUjuejH+6N9E3l8
OrYZzZa7v23VK79pfkKAhLiA+9zkijG5QHRpEY+POkhxnIjTc4YaGX7knoairPaF
Ln+9KllK3XR6FttX8L8Kpyjfm4CGroiA/dczYck0flG99Wp7v+DZjOvf6UFO3NZk
+orDc+HKpwHJrmbuWuPG
=EZzv
-----END PGP SIGNATURE-----
--- End Message ---
