Your message dated Tue, 31 Jul 2012 12:02:12 +0000 with message-id <e1swb9q-0004gl...@franck.debian.org> and subject line Bug#683380: fixed in transmission 2.61-1 has caused the Debian Bug report #683380, regarding CVE-2012-4037 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683380: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683380 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: transmission Severity: grave Tags: security Please see http://seclists.org/fulldisclosure/2012/Jul/348 This was assigned CVE-2012-4037 Since we're in freeze, please contact upstream for an isolated fix (or grab it from the 2.60-2.61) and fix this using an backported patch instead of updating to 2.61. Can you please also check, whether stable is affected? Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: transmission Source-Version: 2.61-1 We believe that the bug you reported is fixed in the latest version of transmission, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 683...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Leo Costela <cost...@debian.org> (supplier of updated transmission package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 31 Jul 2012 13:42:43 +0200 Source: transmission Binary: transmission transmission-common transmission-dbg transmission-cli transmission-gtk transmission-qt transmission-daemon Architecture: source all amd64 Version: 2.61-1 Distribution: experimental Urgency: low Maintainer: Leo Costela <cost...@debian.org> Changed-By: Leo Costela <cost...@debian.org> Description: transmission - lightweight BitTorrent client transmission-cli - lightweight BitTorrent client (command line programs) transmission-common - lightweight BitTorrent client (common files) transmission-daemon - lightweight BitTorrent client (daemon) transmission-dbg - lightweight BitTorrent client (debug symbols) transmission-gtk - lightweight BitTorrent client (GTK interface) transmission-qt - lightweight BitTorrent client (Qt interface) Closes: 683380 Changes: transmission (2.61-1) experimental; urgency=low . * [76d3715e] Imported Upstream version 2.61 - fixes XSS vulnerability in web client (closes: 683380) Checksums-Sha1: a3cc44bd2f8d58c36390b80878069081bba5fdc2 1849 transmission_2.61-1.dsc 7df170ecee6e62766859dca6ae0cf4e89c1ea99f 4199705 transmission_2.61.orig.tar.bz2 11b27f7fcd23b704349900149d36f0c392be0847 16439 transmission_2.61-1.debian.tar.bz2 90a22fc3f928f49c8d09cd68474b5571ea9f9c80 1086 transmission_2.61-1_all.deb dcb94f93812d5acdff49762fe2729cd243e3068a 292476 transmission-common_2.61-1_all.deb 94b6db45235654f095b1f54638a90ff0f6df7b96 12821304 transmission-dbg_2.61-1_amd64.deb f22215a6c96dca299b5037baf98295cce270b4b3 1152872 transmission-cli_2.61-1_amd64.deb 9c78ac8ef42e02c8729ab694b69f57029e9069d7 1183918 transmission-gtk_2.61-1_amd64.deb 7893b2bf0ca40e6c7c8e2cb473db1e39f0806218 631884 transmission-qt_2.61-1_amd64.deb e121df6bd6d01ce4e71d98055a7abfa6409565a4 234798 transmission-daemon_2.61-1_amd64.deb Checksums-Sha256: 3fe5158c97f9f7b754d6abec7587303fc3a6590cb2207af07976f695707ba091 1849 transmission_2.61-1.dsc 5750d2bcd9bf95bff8f36d01a889a2f0ff8651504ee5f5c05f98e5ad8874e4dc 4199705 transmission_2.61.orig.tar.bz2 edc3e8facc5119db5c6a086f61b45af63c47b68eba82ad5652bb78252bd1cf45 16439 transmission_2.61-1.debian.tar.bz2 64f4eea1ec29dc72d795fc4bc7b473e6fa4807fbdc4d0e3a0c1a815291dc06a7 1086 transmission_2.61-1_all.deb 59627d2cdf7c60d5d96361f685b431a594ed4eceb62571e63167ca725a97e03c 292476 transmission-common_2.61-1_all.deb abe9efcb92b1d73a01ed26a7db09b8d19887b5e03dfdb0602c80e9903ccebf09 12821304 transmission-dbg_2.61-1_amd64.deb d0a220b4416073583d4b1fec696e1bbd06af0766c0e2e8899718261d885f8d4c 1152872 transmission-cli_2.61-1_amd64.deb 473eb326b56bc764e7dabc5689ef6bc9029ddc6adf21b5c76eb698c563adf7b1 1183918 transmission-gtk_2.61-1_amd64.deb 8847c28b25c2ba3ad6fab4d26e0e07c96044ae2f224f4524fd6a1472e083a34a 631884 transmission-qt_2.61-1_amd64.deb ffb78e5d81f44f5a2c42cf6833d384de2ad2bd5d3b27b89f42c07b5bda93cb90 234798 transmission-daemon_2.61-1_amd64.deb Files: 8cf3ff3a22a21766519de335005c4b63 1849 net optional transmission_2.61-1.dsc a7849550d82d8a51ddaacd35edc8afe0 4199705 net optional transmission_2.61.orig.tar.bz2 740eef6b5f9fe9b5d57ba54c3896ce0d 16439 net optional transmission_2.61-1.debian.tar.bz2 4bc7f5b168a0edcc4e9056f1e883c015 1086 net optional transmission_2.61-1_all.deb e4e2513acc25b3d43b260547cd34650e 292476 net optional transmission-common_2.61-1_all.deb 348be774b4f91655aef1c64ceb068ea1 12821304 debug extra transmission-dbg_2.61-1_amd64.deb ec1c9b2aaffc2df99c4566e70e10e0df 1152872 net optional transmission-cli_2.61-1_amd64.deb 3d401531ea29ea5c5e8ab1fb5e0087bd 1183918 net optional transmission-gtk_2.61-1_amd64.deb aaf9cf3aa890faa868ded0f47102758e 631884 net optional transmission-qt_2.61-1_amd64.deb c475061ecfe093ba70f424d685b2fb53 234798 net optional transmission-daemon_2.61-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlAXx4wACgkQImLTb3rflGZ+fgCg3t3HnJVebdPQKB2oyml32EG4 2GMAoIyha/jtUtwJWSHcw0XRHfqsGkU7 =3S46 -----END PGP SIGNATURE-----
--- End Message ---
