Bug#660621: marked as done (multiple cross-site scripting issues in fup script)

Debian Bug Tracking System Sat, 25 Feb 2012 10:51:28 -0800

Your message dated Sat, 25 Feb 2012 18:47:08 +0000
with message-id <e1s1mec-0004ap...@franck.debian.org>
and subject line Bug#660621: fixed in fex 20100208+debian1-1+squeeze2
has caused the Debian Bug report #660621,
regarding multiple cross-site scripting issues in fup script
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
660621: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660621
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: fex
Severity: grave
Tags: security

Hi,
there is a new upstream release of F*x fixing a cross-site scripting issue via 
the id parameter of the fup script.
http://fex.rus.uni-stuttgart.de/fex.html

There is no CVE id for this issue yet.

Kind regards
Nico

pgpjWqVUGZI9o.pgp
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: fex
Source-Version: 20100208+debian1-1+squeeze2

We believe that the bug you reported is fixed in the latest version of
fex, which is due to be installed in the Debian FTP archive:

fex-utils_20100208+debian1-1+squeeze2_all.deb
  to main/f/fex/fex-utils_20100208+debian1-1+squeeze2_all.deb
fex_20100208+debian1-1+squeeze2.diff.gz
  to main/f/fex/fex_20100208+debian1-1+squeeze2.diff.gz
fex_20100208+debian1-1+squeeze2.dsc
  to main/f/fex/fex_20100208+debian1-1+squeeze2.dsc
fex_20100208+debian1-1+squeeze2_all.deb
  to main/f/fex/fex_20100208+debian1-1+squeeze2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 660...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kilian Krause <kil...@debian.org> (supplier of updated fex package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 21 Feb 2012 11:14:34 +0100
Source: fex
Binary: fex fex-utils
Architecture: source all
Version: 20100208+debian1-1+squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Giuseppe Iuculano <iucul...@debian.org>
Changed-By: Kilian Krause <kil...@debian.org>
Description: 
 fex        - web service for transfering very large files
 fex-utils  - web service for transfering very large files (utils)
Closes: 660621
Changes: 
 fex (20100208+debian1-1+squeeze2) stable-security; urgency=high
 .
   * Add debian/patches/08_xss.patch (backported from and by upstream) to fix
     XSS (Closes: #660621) - CVE-2012-0869
Checksums-Sha1: 
 2fb2c2a3b334298cb042f91da76501a72cc46793 1247 
fex_20100208+debian1-1+squeeze2.dsc
 57d47fc99184e62b21e12b326b3de748cf23e5fd 9576 
fex_20100208+debian1-1+squeeze2.diff.gz
 04855a76abefaad371031099981ea279186c1720 144628 
fex_20100208+debian1-1+squeeze2_all.deb
 ec69fb72fc3d435f1a858ab3391455ae1a9daf36 27256 
fex-utils_20100208+debian1-1+squeeze2_all.deb
Checksums-Sha256: 
 1a9195103eb14382f68994635603591f5880aacd1800baea0df09b13483f5393 1247 
fex_20100208+debian1-1+squeeze2.dsc
 3987b835903b204c4d1e202d1fb17eac2514fc681633588ed9f1bc4dafe28312 9576 
fex_20100208+debian1-1+squeeze2.diff.gz
 36da4bfb05db718c873fc15ba901b0dfbb7a36a20fd5fa2d8c7924381ae8f9ef 144628 
fex_20100208+debian1-1+squeeze2_all.deb
 8668ce4fec3d0eba2ae5685bf92805715afce79ae5315b2d1d48b6b849c388a5 27256 
fex-utils_20100208+debian1-1+squeeze2_all.deb
Files: 
 a7b13e74a29c822b2c5398c84a43f0f9 1247 web optional 
fex_20100208+debian1-1+squeeze2.dsc
 7b08f62266983f18f8d43a939136f7e5 9576 web optional 
fex_20100208+debian1-1+squeeze2.diff.gz
 54db1e43f0e5bd7c4fb13c9b26545b64 144628 web optional 
fex_20100208+debian1-1+squeeze2_all.deb
 cbd01649006cde108edf51c62e2b2b5f 27256 web optional 
fex-utils_20100208+debian1-1+squeeze2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFPQ7euvdkzt4X+wX8RAsgYAJ9pn/FFv6PHufltlDPytIuzGFk/LgCfSoXy
M2UFK8rnd/wcLtmF12i7xiQ=
=+fh9
-----END PGP SIGNATURE-----

--- End Message ---

Bug#660621: marked as done (multiple cross-site scripting issues in fup script)

Reply via email to