Bug#660828: marked as done ([fex] Security fix is too minimal ( initialisation missing))

[Debian Bug Tracking System]

Your message dated Sat, 25 Feb 2012 18:47:17 +0000
with message-id <e1s1mel-0004bz...@franck.debian.org>
and subject line Bug#660828: fixed in fex 20100208+debian1-1+squeeze3
has caused the Debian Bug report #660828,
regarding [fex] Security fix is too minimal ( initialisation missing)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
660828: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660828
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: fex
Version: 20100208+debian1-1+squeeze2
Severity: grave

--- Please enter the report below this line. ---

Following lines are missing for the security-patch to work:

--- bin/fexsrv
+++ bin/fexsrv
@@ -137,7 +137,7 @@
 
 seek $log,0,SEEK_END;
 
-$ENV{REQUEST_URI} = '';
+$ENV{REQUEST_URI} = $uri = '';
 $http_req = $cgi = '';
 $hl = 0;
 
@@ -225,7 +225,7 @@
     goto REQUEST; # uh-uhhhh! ugly! ;-)
   } elsif (/^(GET|HEAD|POST)\s+(.+)\s(HTTP\/[\d\.]+$)/i) {
     $ENV{REQUEST_METHOD} = uc($1);
-    $ENV{REQUEST_URI}    = $cgi = $2;
+    $ENV{REQUEST_URI}    = $uri = $cgi = $2;
     $ENV{HTTP_VERSION}   = $protocol = $3;
     $ENV{QUERY_STRING}   = $1               if $cgi =~ s/\?(.*)//;



--- System information. ---

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.

--- End Message ---

--- Begin Message ---

Source: fex
Source-Version: 20100208+debian1-1+squeeze3

We believe that the bug you reported is fixed in the latest version of
fex, which is due to be installed in the Debian FTP archive:

fex-utils_20100208+debian1-1+squeeze3_all.deb
  to main/f/fex/fex-utils_20100208+debian1-1+squeeze3_all.deb
fex_20100208+debian1-1+squeeze3.diff.gz
  to main/f/fex/fex_20100208+debian1-1+squeeze3.diff.gz
fex_20100208+debian1-1+squeeze3.dsc
  to main/f/fex/fex_20100208+debian1-1+squeeze3.dsc
fex_20100208+debian1-1+squeeze3_all.deb
  to main/f/fex/fex_20100208+debian1-1+squeeze3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 660...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kilian Krause <kil...@debian.org> (supplier of updated fex package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 23 Feb 2012 15:39:33 +0100
Source: fex
Binary: fex fex-utils
Architecture: source all
Version: 20100208+debian1-1+squeeze3
Distribution: stable-security
Urgency: high
Maintainer: Giuseppe Iuculano <iucul...@debian.org>
Changed-By: Kilian Krause <kil...@debian.org>
Description: 
 fex        - web service for transfering very large files
 fex-utils  - web service for transfering very large files (utils)
Closes: 660828
Changes: 
 fex (20100208+debian1-1+squeeze3) stable-security; urgency=high
 .
   * Fixup for last upload. (Missing initialization, Closes: #660828)
Checksums-Sha1: 
 10b2e663db6896749a993004fdbe427f56efd304 1247 
fex_20100208+debian1-1+squeeze3.dsc
 336b648eda40816ff807e0cf25f9535240cde451 9603 
fex_20100208+debian1-1+squeeze3.diff.gz
 9f977d57ae1a40e5201cae5585ccdf002e63458a 147402 
fex_20100208+debian1-1+squeeze3_all.deb
 219e6f5f65444064b08989b513ceed2a37e83d58 27284 
fex-utils_20100208+debian1-1+squeeze3_all.deb
Checksums-Sha256: 
 2cf315c8b91a6ac2bc695d8145ad34bd2d2d1c152249ea3af2f962d606dbbc6c 1247 
fex_20100208+debian1-1+squeeze3.dsc
 6f5599d01308daa5f84db389cd48e12c64c1763f5e3d87229fc1b109eda87592 9603 
fex_20100208+debian1-1+squeeze3.diff.gz
 5e6816aab2dbe59876828b09adbdea1993899be397306ea73fabf218006058dc 147402 
fex_20100208+debian1-1+squeeze3_all.deb
 30c2fe435d6eb040c1c231ea075f5b87351132a254e3681c6f7a92a8002f32d7 27284 
fex-utils_20100208+debian1-1+squeeze3_all.deb
Files: 
 246433265047e5373e841a7199d67dea 1247 web optional 
fex_20100208+debian1-1+squeeze3.dsc
 0a1b78e1cad4b69bee914ac1e5f31abd 9603 web optional 
fex_20100208+debian1-1+squeeze3.diff.gz
 8048b55939f86853debeece12d1e06f4 147402 web optional 
fex_20100208+debian1-1+squeeze3_all.deb
 0f2a7c1bddf73d077f9ff376eb83c8e0 27284 web optional 
fex-utils_20100208+debian1-1+squeeze3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPR5Vsvdkzt4X+wX8RAiLwAJ0crcyt8e0Xz8SEn8xY3wLmIxagvgCfXhwd
2wXNWvoC0a4/FD3sBDM22nU=
=uu5w
-----END PGP SIGNATURE-----

--- End Message ---