Your message dated Wed, 12 Oct 2011 01:55:16 +0000
with message-id <e1rdo2o-0004xe...@franck.debian.org>
and subject line Bug#611176: fixed in bugzilla 3.6.2.0-4.4
has caused the Debian Bug report #611176,
regarding Multiple security vulnerabilities, including account compromise
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
611176: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611176
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: bugzilla
Version: 3.0.4.1-2+lenny2
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: bugzilla
Version: FILLINAFFECTEDVERSION
Severity: FILLINSEVERITY
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for bugzilla.
CVE-2010-4568[0]:
| ** RESERVED **
| This candidate has been reserved by an organization or individual that
| will use it when announcing a new security problem. When the
| candidate has been publicized, the details for this candidate will be
| provided.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4568
http://security-tracker.debian.org/tracker/CVE-2010-4568
- -- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJNQBmsAAoJEFOUR53TUkxRgrAP/jL0yZw/L/rJNDukhVM+J4DT
3XJp1+PGnP7/kLf16tWz3TTiJnKEXBEp/mlZPdjgl6wvtaT7HAa0XxoGEEKvb9zg
o0pgdVnpLIh1Uod+vAlNKZgcISD/3Mdj1QRUxZCRRLeGz6C1drajMA9PZVGEYSd1
hcGXxcfFbOkOrNOsubXFgMgrr8lW7xlcVo5PEsFFuXpCK8CxEAaCP4F5IkKq9kA5
gbqZnW4yx4wuEAS/5KyN1FAz1yhAjhhiN1bD08didBmOM0d49GmP4mPDo7XqmW22
SI2AWHpYsVSdbnu5X7SWWWJTqw6FPSWTeAIDTRXkgO6LCnY6jz+EwltGmVNecRjv
5SerGEv3mdO9UCQ7rfdfHwQHhuMp78jkg+mqa94wIVjj9IqEslhZpLvOyhEKwuXm
9CCw83J7v/v76C90A8T3VZN64RX76Fxs/kGnbsyeiCsDTbVYEPKgUKbBd78AnuOI
5sncfwe6YxKuYvfKMz9LK5GSuk6pmL6K4B8kNVdDY5Xl38HFbw73Yg1GEqOmdqRi
xdMzfIdUgDKniiC6CDJs6sixCNf9H4EC/fKzzkacOJ6s3XqcSVJFBiPH4ZL7ypAp
TPtHIP54SiDKJqOqhP4HnyeCQLQ9BOKt6poTqtnjOz5zwveZCndIOI/YnQyYmaZQ
w+MYBc5b2s7d0FkFKTXS
=50Zi
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: bugzilla
Source-Version: 3.6.2.0-4.4
We believe that the bug you reported is fixed in the latest version of
bugzilla, which is due to be installed in the Debian FTP archive:
bugzilla3-doc_3.6.2.0-4.4_all.deb
to main/b/bugzilla/bugzilla3-doc_3.6.2.0-4.4_all.deb
bugzilla3_3.6.2.0-4.4_all.deb
to main/b/bugzilla/bugzilla3_3.6.2.0-4.4_all.deb
bugzilla_3.6.2.0-4.4.debian.tar.gz
to main/b/bugzilla/bugzilla_3.6.2.0-4.4.debian.tar.gz
bugzilla_3.6.2.0-4.4.dsc
to main/b/bugzilla/bugzilla_3.6.2.0-4.4.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 611...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated bugzilla package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 09 Oct 2011 14:35:55 +0100
Source: bugzilla
Binary: bugzilla3 bugzilla3-doc
Architecture: source all
Version: 3.6.2.0-4.4
Distribution: stable-security
Urgency: low
Maintainer: Raphael Bossek <boss...@debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description:
bugzilla3 - web-based bug tracking system
bugzilla3-doc - comprehensive guide to Bugzilla
Closes: 611176
Changes:
bugzilla (3.6.2.0-4.4) stable-security; urgency=low
.
* Non-maintainer upload.
* Add security patches (Closes: #611176):
- 79_cve-2010-4572.sh (CVE-2010-4572)
- 80_cve-2010-4567_cve-2011-0048.sh
(CVE-2010-4567 CVE-2011-0048)
- 81_cve-2010-4568.sh (CVE-2010-4568)
- 82_cve-2011-0046.sh (CVE-2011-0046)
- 83_cve-2011-2978.sh (CVE-2011-2978)
- 84_cve-2011-2381.sh (CVE-2011-2381)
- 85_cve-2011-2380.sh (CVE-2011-2979, CVE-2011-2380)
- 86_cve-2011-2379.sh (CVE-2011-2379)
Checksums-Sha1:
3d4bd0d3f7f8243f9e5413e30802e60a49c7a72a 1819 bugzilla_3.6.2.0-4.4.dsc
d6152f6bbfe3c685c00865bfc324ca3f1f1a8450 4452904 bugzilla_3.6.2.0.orig.tar.gz
0c0763676985d6c3e9d79b093374fa7dadbc2243 108758
bugzilla_3.6.2.0-4.4.debian.tar.gz
ff518d8d4a83439f4331dc6fd419003c46d47b78 2771036 bugzilla3_3.6.2.0-4.4_all.deb
de42e26e263020a14e49182f6cf5eef2d34e473b 1416190
bugzilla3-doc_3.6.2.0-4.4_all.deb
Checksums-Sha256:
21945539aa93086d3be477074e1fca95172faefb9dde218a4821a51f550b3bba 1819
bugzilla_3.6.2.0-4.4.dsc
3f31675b546f76eab611c37ceaa7462ab0fb207f7edd6b2820c6b56f598f37f2 4452904
bugzilla_3.6.2.0.orig.tar.gz
8137454990478afbee4a668e73b77cca26f7c0efe152850ee2f45261d2a9047b 108758
bugzilla_3.6.2.0-4.4.debian.tar.gz
5c983661e6e50a1daac4f5549573bf224b7a46719f13536f635901218d30df79 2771036
bugzilla3_3.6.2.0-4.4_all.deb
2f68fab762618cef4cb94286a93c6b55b2d0d540f5cc454f0fb374691cdbad58 1416190
bugzilla3-doc_3.6.2.0-4.4_all.deb
Files:
bc28d8fc22a5caa1a840fb69cf06be33 1819 web optional bugzilla_3.6.2.0-4.4.dsc
07ba25fb3c6aa9de846813fd9dedf1d7 4452904 web optional
bugzilla_3.6.2.0.orig.tar.gz
6aec84d8f5b569e234e3c6a600633c09 108758 web optional
bugzilla_3.6.2.0-4.4.debian.tar.gz
4881eac89b514991fb221daec5004608 2771036 web optional
bugzilla3_3.6.2.0-4.4_all.deb
deed43001e2088b93a919d4b09353538 1416190 doc optional
bugzilla3-doc_3.6.2.0-4.4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJOka2wAAoJEFOUR53TUkxRb0kP/3wdwJoOor9sjDaZeeIHrLBz
KI5SwCDZdz3FYxd5FV+lFnLGc97I9amrq00clyUyGBf+ejSEIpJV/LVCU8KPaNNj
edoDNETPcX1dowisp6GeCLJvVnVCpeVq0ZE8hNfdzKVrttZ+gjQjbFUpQEoW9ib9
M+lPMhDFYoV4KHyU5ntv0Jmi8N0WOjqtrNvPK0NXlwrQT8lHMkDoIJTt5Z7MZonD
+S+pW1/b/r+7shOZ5h2krPT1fiHl5ANU0/68LoMblB97fR41yVS6XymMKKDNk/YB
YyjsUPBzVOWuYmXoQnyoPbC8sFfYA+a6wPecqmKYgpuxPpn1FbdefHFRYH67dDVf
A09F+MFA+OUSh3a8xZuoEHqmXJRSVz+Om2Axg4AR0HYuLeg+qVhZqkisNgO4tZ5A
UzUBXcQSLYpYq65KfcdLfxCQwzgzTSPYh6bpUwE05VTFVH1HlwkoGBgS0Y+HLZbG
oVxJdPiWUFAD9WQv7G5ioJpvEgZ3+dNzm8wICKH/OeDIS0kIja4C5PyFeoi9g122
Xtr/16fYMIBK0rBWnTP6ZsZAIjPZqI3knfkEc8DLEhhbpzNebZWBo5x/5oYwFl1G
EiU+bi0ZdQDoFZWaTMc62zgT8EPBaTssRwIrL1SiX2xx3N9zNVbxtVsCBN6Yk44+
PnyFonfEz7jOxKnErTu1
=zRn/
-----END PGP SIGNATURE-----
--- End Message ---
