Your message dated Tue, 01 Nov 2005 15:17:16 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#323928: fixed in egroupware 1.0.0.009.dfsg-3-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Aug 2005 09:34:16 +0000
>From [EMAIL PROTECTED] Fri Aug 19 02:34:16 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail-out.m-online.net [212.18.0.9]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E63GS-00067y-00; Fri, 19 Aug 2005 02:34:16 -0700
Received: from mail.m-online.net (svr20.m-online.net [192.168.3.148])
by mail-out.m-online.net (Postfix) with ESMTP id 67F41FFCE;
Fri, 19 Aug 2005 11:34:14 +0200 (CEST)
Received: from k.local (ppp-82-135-14-206.mnet-online.de [82.135.14.206])
by mail.m-online.net (Postfix) with ESMTP id 5873BDBCCB;
Fri, 19 Aug 2005 11:34:14 +0200 (CEST)
Received: from stf by k.local with local (Exim 4.52)
id 1E63GQ-0001Gl-1h; Fri, 19 Aug 2005 11:34:14 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Stefan Fritsch <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: egroupware-fudforum: Incomplete check of user rights gaining access to
all
messages (CAN-2005-2600)
X-Mailer: reportbug 3.15
Date: Fri, 19 Aug 2005 11:34:13 +0200
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: egroupware-fudforum
Version: 1.0.0.008-2.dfsg-1
Severity: grave
Tags: security
Justification: user security hole
The Fudforum in egroupware is vulnerable to CAN-2005-2600:
FUDForum 2.6.15 with "Tree View" enabled allows remote attackers
to read private posts via a modified mid parameter.
See http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0383.html
---------------------------------------
Received: (at 323928-close) by bugs.debian.org; 1 Nov 2005 23:17:50 +0000
>From [EMAIL PROTECTED] Tue Nov 01 15:17:50 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EX5NU-0007pB-00; Tue, 01 Nov 2005 15:17:16 -0800
From: Peter Eisentraut <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#323928: fixed in egroupware 1.0.0.009.dfsg-3-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 01 Nov 2005 15:17:16 -0800
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: egroupware
Source-Version: 1.0.0.009.dfsg-3-2
We believe that the bug you reported is fixed in the latest version of
egroupware, which is due to be installed in the Debian FTP archive:
egroupware-addressbook_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-addressbook_1.0.0.009.dfsg-3-2_all.deb
egroupware-bookmarks_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-bookmarks_1.0.0.009.dfsg-3-2_all.deb
egroupware-calendar_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-calendar_1.0.0.009.dfsg-3-2_all.deb
egroupware-comic_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-comic_1.0.0.009.dfsg-3-2_all.deb
egroupware-core_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-core_1.0.0.009.dfsg-3-2_all.deb
egroupware-developer-tools_1.0.0.009.dfsg-3-2_all.deb
to
pool/main/e/egroupware/egroupware-developer-tools_1.0.0.009.dfsg-3-2_all.deb
egroupware-email_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-email_1.0.0.009.dfsg-3-2_all.deb
egroupware-emailadmin_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-emailadmin_1.0.0.009.dfsg-3-2_all.deb
egroupware-etemplate_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-etemplate_1.0.0.009.dfsg-3-2_all.deb
egroupware-felamimail_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-felamimail_1.0.0.009.dfsg-3-2_all.deb
egroupware-filemanager_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-filemanager_1.0.0.009.dfsg-3-2_all.deb
egroupware-forum_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-forum_1.0.0.009.dfsg-3-2_all.deb
egroupware-ftp_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-ftp_1.0.0.009.dfsg-3-2_all.deb
egroupware-fudforum_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-fudforum_1.0.0.009.dfsg-3-2_all.deb
egroupware-headlines_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-headlines_1.0.0.009.dfsg-3-2_all.deb
egroupware-infolog_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-infolog_1.0.0.009.dfsg-3-2_all.deb
egroupware-jinn_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-jinn_1.0.0.009.dfsg-3-2_all.deb
egroupware-ldap_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-ldap_1.0.0.009.dfsg-3-2_all.deb
egroupware-manual_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-manual_1.0.0.009.dfsg-3-2_all.deb
egroupware-messenger_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-messenger_1.0.0.009.dfsg-3-2_all.deb
egroupware-news-admin_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-news-admin_1.0.0.009.dfsg-3-2_all.deb
egroupware-phpbrain_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-phpbrain_1.0.0.009.dfsg-3-2_all.deb
egroupware-phpldapadmin_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-phpldapadmin_1.0.0.009.dfsg-3-2_all.deb
egroupware-phpsysinfo_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-phpsysinfo_1.0.0.009.dfsg-3-2_all.deb
egroupware-polls_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-polls_1.0.0.009.dfsg-3-2_all.deb
egroupware-projects_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-projects_1.0.0.009.dfsg-3-2_all.deb
egroupware-registration_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-registration_1.0.0.009.dfsg-3-2_all.deb
egroupware-sitemgr_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-sitemgr_1.0.0.009.dfsg-3-2_all.deb
egroupware-stocks_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-stocks_1.0.0.009.dfsg-3-2_all.deb
egroupware-tts_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-tts_1.0.0.009.dfsg-3-2_all.deb
egroupware-wiki_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware-wiki_1.0.0.009.dfsg-3-2_all.deb
egroupware_1.0.0.009.dfsg-3-2.diff.gz
to pool/main/e/egroupware/egroupware_1.0.0.009.dfsg-3-2.diff.gz
egroupware_1.0.0.009.dfsg-3-2.dsc
to pool/main/e/egroupware/egroupware_1.0.0.009.dfsg-3-2.dsc
egroupware_1.0.0.009.dfsg-3-2_all.deb
to pool/main/e/egroupware/egroupware_1.0.0.009.dfsg-3-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Eisentraut <[EMAIL PROTECTED]> (supplier of updated egroupware package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 1 Nov 2005 23:47:36 +0100
Source: egroupware
Binary: egroupware-news-admin egroupware-felamimail egroupware-projects
egroupware-polls egroupware-jinn egroupware-calendar egroupware-messenger
egroupware egroupware-bookmarks egroupware-wiki egroupware-filemanager
egroupware-ldap egroupware-addressbook egroupware-headlines egroupware-tts
egroupware-etemplate egroupware-registration egroupware-comic
egroupware-emailadmin egroupware-ftp egroupware-developer-tools
egroupware-phpldapadmin egroupware-phpsysinfo egroupware-stocks
egroupware-manual egroupware-infolog egroupware-core egroupware-email
egroupware-fudforum egroupware-sitemgr egroupware-phpbrain egroupware-forum
Architecture: source all
Version: 1.0.0.009.dfsg-3-2
Distribution: unstable
Urgency: low
Maintainer: Peter Eisentraut <[EMAIL PROTECTED]>
Changed-By: Peter Eisentraut <[EMAIL PROTECTED]>
Description:
egroupware - web-based groupware suite
egroupware-addressbook - eGroupWare addressbook management application
egroupware-bookmarks - eGroupWare bookmark management application
egroupware-calendar - eGroupWare calendar management application
egroupware-comic - eGroupWare comic strip application
egroupware-core - eGroupWare core modules
egroupware-developer-tools - eGroupWare developer tools
egroupware-email - eGroupWare E-mail client application
egroupware-emailadmin - eGroupWare E-mail user administration application
egroupware-etemplate - widget-based template system for eGroupWare
egroupware-felamimail - eGroupWare FeLaMiMail application
egroupware-filemanager - eGroupWare file manager application
egroupware-forum - eGroupWare forum application
egroupware-ftp - eGroupWare FTP application
egroupware-fudforum - eGroupWare FUDforum application
egroupware-headlines - eGroupWare headlines catcher application
egroupware-infolog - eGroupWare infolog application
egroupware-jinn - content management system for eGroupWare
egroupware-ldap - eGroupware LDAP support files
egroupware-manual - eGroupWare manual
egroupware-messenger - eGroupWare messenger application
egroupware-news-admin - eGroupWare news administration interface
egroupware-phpbrain - eGroupWare phpbrain application
egroupware-phpldapadmin - eGroupWare phpLDAPadmin application
egroupware-phpsysinfo - eGroupWare phpSysInfo application
egroupware-polls - eGroupWare polling application
egroupware-projects - eGroupWare projects management application
egroupware-registration - eGroupWare registration application
egroupware-sitemgr - eGroupWare site manager application
egroupware-stocks - eGroupWare stock management application
egroupware-tts - eGroupWare trouble ticket system application
egroupware-wiki - eGroupWare wiki application
Closes: 323928 333750
Changes:
egroupware (1.0.0.009.dfsg-3-2) unstable; urgency=low
.
* Fixed fudforum cross-site scripting security problem (CAN-2005-2600)
(closes: #323928)
* New Swedish translation of debconf templates by Daniel Nylander
(closes: #333750)
Files:
8ce1962c9e4991deacff84dc31081df4 1275 web optional
egroupware_1.0.0.009.dfsg-3-2.dsc
508f02132942700cefe55ebc871d2d1c 37254 web optional
egroupware_1.0.0.009.dfsg-3-2.diff.gz
d3b380023988a2e98fdd8e152025ebe2 4640 web optional
egroupware_1.0.0.009.dfsg-3-2_all.deb
b2526b840ce73c100c04177689841734 3779220 web optional
egroupware-core_1.0.0.009.dfsg-3-2_all.deb
358bdac2134f39cbd276cdab3ba0c00a 7390 web optional
egroupware-ldap_1.0.0.009.dfsg-3-2_all.deb
c1c237c710d11fb568d511baddbb0e55 149280 web optional
egroupware-addressbook_1.0.0.009.dfsg-3-2_all.deb
a2bd5da55e9935e48ec2af9d69b2fd70 125350 web optional
egroupware-bookmarks_1.0.0.009.dfsg-3-2_all.deb
34b8c8120239c78c7ca466451c924afb 382878 web optional
egroupware-calendar_1.0.0.009.dfsg-3-2_all.deb
789aca33d8b75c4163018c7571669543 256260 web optional
egroupware-comic_1.0.0.009.dfsg-3-2_all.deb
6f4d8dd6c548cbc6174f0811604c827a 53650 web optional
egroupware-developer-tools_1.0.0.009.dfsg-3-2_all.deb
584b98b32730066f3e7415f2886f4938 1244010 web optional
egroupware-email_1.0.0.009.dfsg-3-2_all.deb
66fcd7d6623873df4e922e6591720a1f 38354 web optional
egroupware-emailadmin_1.0.0.009.dfsg-3-2_all.deb
e1456af48658d499a5661035498a5dd2 1363444 web optional
egroupware-etemplate_1.0.0.009.dfsg-3-2_all.deb
a30ed2dd604d083b63116e5387a5c69f 275566 web optional
egroupware-felamimail_1.0.0.009.dfsg-3-2_all.deb
17dea83fd3554792f34f21b35cb55d8b 173060 web optional
egroupware-filemanager_1.0.0.009.dfsg-3-2_all.deb
0108e3b4a90aa98b6541ddb817d54e18 51548 web optional
egroupware-forum_1.0.0.009.dfsg-3-2_all.deb
dfcc3f41f2d4e4e69453d811a8ee452a 38256 web optional
egroupware-ftp_1.0.0.009.dfsg-3-2_all.deb
8662e41c4d43ff36a5690d7c327b41a9 1486646 web optional
egroupware-fudforum_1.0.0.009.dfsg-3-2_all.deb
1a81f0af09a9772f120ce155f2658f33 75164 web optional
egroupware-headlines_1.0.0.009.dfsg-3-2_all.deb
60a10b26a62288c38ed1ae5015f71408 202494 web optional
egroupware-infolog_1.0.0.009.dfsg-3-2_all.deb
2f5058a31a67cb6418c08e1ecf17b5d0 205220 web optional
egroupware-jinn_1.0.0.009.dfsg-3-2_all.deb
8a1f9c3dfa4541890fbd6b3112c57b0c 17536 web optional
egroupware-manual_1.0.0.009.dfsg-3-2_all.deb
3162a50a4822efbea91c203b23839e9f 32376 web optional
egroupware-messenger_1.0.0.009.dfsg-3-2_all.deb
4d49e11cfdc3112340824fdc77a9bcc7 50934 web optional
egroupware-news-admin_1.0.0.009.dfsg-3-2_all.deb
2fde746bf9ea2ce60e0d886dd7126c3f 119498 web optional
egroupware-phpbrain_1.0.0.009.dfsg-3-2_all.deb
ca3d169c66338e0535b5b9ecf64c0091 139800 web optional
egroupware-phpldapadmin_1.0.0.009.dfsg-3-2_all.deb
3fa8c6a6650abbf8e3b178f8378a1f2f 116144 web optional
egroupware-phpsysinfo_1.0.0.009.dfsg-3-2_all.deb
e839f73002e2899379d661d4d564a53a 36292 web optional
egroupware-polls_1.0.0.009.dfsg-3-2_all.deb
38b917c687e28ba919b178025622658b 302702 web optional
egroupware-projects_1.0.0.009.dfsg-3-2_all.deb
8ea3da205c86861feacd33f4393be78b 100050 web optional
egroupware-registration_1.0.0.009.dfsg-3-2_all.deb
069d20b4398a1240b80b6b905ef315b3 486666 web optional
egroupware-sitemgr_1.0.0.009.dfsg-3-2_all.deb
b8fda2c90218f263ba65229952a183a0 26736 web optional
egroupware-stocks_1.0.0.009.dfsg-3-2_all.deb
143682f18fc7a6781159575f36210f60 93970 web optional
egroupware-tts_1.0.0.009.dfsg-3-2_all.deb
b78d05c49275056af5a05b8a38925182 92830 web optional
egroupware-wiki_1.0.0.009.dfsg-3-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDZ/HxTTx8oVVPtMYRAjJ2AJ4gaVI6Xg+rKig9qyLj4PHW1ilkQwCgg6ED
Qa2SYxGkqY9EqEMZI1JEneQ=
=XFNd
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
