Your message dated Tue, 31 Jul 2012 11:47:13 +0000 with message-id <e1swauv-00035j...@franck.debian.org> and subject line Bug#683380: fixed in transmission 2.52-3 has caused the Debian Bug report #683380, regarding CVE-2012-4037 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683380: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683380 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: transmission Severity: grave Tags: security Please see http://seclists.org/fulldisclosure/2012/Jul/348 This was assigned CVE-2012-4037 Since we're in freeze, please contact upstream for an isolated fix (or grab it from the 2.60-2.61) and fix this using an backported patch instead of updating to 2.61. Can you please also check, whether stable is affected? Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: transmission Source-Version: 2.52-3 We believe that the bug you reported is fixed in the latest version of transmission, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 683...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Leo Costela <cost...@debian.org> (supplier of updated transmission package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 31 Jul 2012 13:26:16 +0200 Source: transmission Binary: transmission transmission-common transmission-dbg transmission-cli transmission-gtk transmission-qt transmission-daemon Architecture: source all amd64 Version: 2.52-3 Distribution: unstable Urgency: high Maintainer: Leo Costela <cost...@debian.org> Changed-By: Leo Costela <cost...@debian.org> Description: transmission - lightweight BitTorrent client transmission-cli - lightweight BitTorrent client (command line programs) transmission-common - lightweight BitTorrent client (common files) transmission-daemon - lightweight BitTorrent client (daemon) transmission-dbg - lightweight BitTorrent client (debug symbols) transmission-gtk - lightweight BitTorrent client (GTK interface) transmission-qt - lightweight BitTorrent client (Qt interface) Closes: 683380 Changes: transmission (2.52-3) unstable; urgency=high (fixes CVE-2012-4037) . * [5b2ca219] backport fix to XSS in web client from 2.61 (CVE-2012-4037) (Closes: 683380) Checksums-Sha1: 6182ba051cb08368a89aa5254dc8241ff088b320 1849 transmission_2.52-3.dsc 753e9841fcf74d675c51f3e9acce4d6fe771c18a 19905 transmission_2.52-3.debian.tar.bz2 1aa18d9b2f73b5d570a982e82c788f5d7dd7ea21 1084 transmission_2.52-3_all.deb fde899976f71235fab2ea7029c0ecdea629e07d0 291270 transmission-common_2.52-3_all.deb 4173d7c71302e6f488a8f3f29c160111b650abe3 12811010 transmission-dbg_2.52-3_amd64.deb 44608b127cd53039dbf5783e7101e1933a9bf397 1152146 transmission-cli_2.52-3_amd64.deb 10e85b3483a875f44225025c561f9ee75eca0154 1153362 transmission-gtk_2.52-3_amd64.deb af1e5dd9d911ee4d5b85e5b73b2cade03aebf10a 615794 transmission-qt_2.52-3_amd64.deb 9112d45c7a687786fc2082bf0434732ac8d17a2e 234366 transmission-daemon_2.52-3_amd64.deb Checksums-Sha256: 0c516195443d0fb5eeff168521cbd4aae2c2d2aff6389fe38fba1f000897392d 1849 transmission_2.52-3.dsc fbffb5b2ebc769afca6796cb6ddd6a9e80fc17d2f3f91eee00e7c99b29595c11 19905 transmission_2.52-3.debian.tar.bz2 4f5d43236f3bc7eda000dffcc97a286c2a86a580550682580552c1dea0059c6b 1084 transmission_2.52-3_all.deb d72e39c375aaa1efc690b29173663f8f924af1cf87466a2e39bed24972afe697 291270 transmission-common_2.52-3_all.deb 3c796e486003945eb34bc1d8fabfe37f3a2ae92501c4fa9d84d6c4974c635a35 12811010 transmission-dbg_2.52-3_amd64.deb 5998a86c55561f8093a8eecbc04ca55adba0480de8865560484fc9e03d41f67d 1152146 transmission-cli_2.52-3_amd64.deb 7262a09ae5d10de0eb70b935ff7d2e8be036d502d8edb71e7356490faeb6f788 1153362 transmission-gtk_2.52-3_amd64.deb e386d445ffa401dd80f77f3343360551823f3c2d734487cae5fe1f6fa13021ed 615794 transmission-qt_2.52-3_amd64.deb 6df7b5ed0115a165e0e3ff2f948418435f7b8b95cce85ccb90d995bad38ae8ee 234366 transmission-daemon_2.52-3_amd64.deb Files: 651d48776ea464f14f738c7240c14df1 1849 net optional transmission_2.52-3.dsc 46f37ce1fe398a52f68d7cd9d130889c 19905 net optional transmission_2.52-3.debian.tar.bz2 37856d38de17548cd77eb9061adac537 1084 net optional transmission_2.52-3_all.deb e208f154b63338fc881d5eb4e6692424 291270 net optional transmission-common_2.52-3_all.deb 8927bfe0e841c296e4aeef959773dca6 12811010 debug extra transmission-dbg_2.52-3_amd64.deb b67393a7b60102648ad997ce3e69cc84 1152146 net optional transmission-cli_2.52-3_amd64.deb 1d30b8af052eb1511f6eede1de5e944e 1153362 net optional transmission-gtk_2.52-3_amd64.deb 009b90ff0ff55f31d994c6fecdf1b869 615794 net optional transmission-qt_2.52-3_amd64.deb 45e031ca520b30c853d99ec8aaf45eb6 234366 net optional transmission-daemon_2.52-3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEUEARECAAYFAlAXwyIACgkQImLTb3rflGYRKQCYipX1U6EjGruXLc2Lg3fYIca2 4gCcDWx+FuEgg14MGTYIgKAmoAbLlaA= =+av1 -----END PGP SIGNATURE-----
--- End Message ---
