Your message dated Sun, 14 Oct 2012 21:01:37 +0000 with message-id <e1tnvjz-0000et...@franck.debian.org> and subject line Bug#679069: fixed in viewvc 1.1.5-1.3 has caused the Debian Bug report #679069, regarding CVE-2012-3356 / CVE-2012-3357 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 679069: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679069 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: viewvc Severity: grave Tags: security Please see http://seclists.org/oss-sec/2012/q2/540 http://seclists.org/oss-sec/2012/q2/544 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: viewvc Source-Version: 1.1.5-1.3 We believe that the bug you reported is fixed in the latest version of viewvc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 679...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <th...@debian.org> (supplier of updated viewvc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 14 Oct 2012 20:12:07 +0000 Source: viewvc Binary: viewvc viewvc-query Architecture: source all Version: 1.1.5-1.3 Distribution: unstable Urgency: low Maintainer: David MartÃnez Moreno <en...@debian.org> Changed-By: Thijs Kinkhorst <th...@debian.org> Description: viewvc - web interface for CVS and/or Subversion repositories viewvc-query - utility to query CVS and Subversion commit database Closes: 671482 679069 Changes: viewvc (1.1.5-1.3) unstable; urgency=low . * Non-maintainer upload. . [ gregor herrmann ] * [SECURITY] Fix "CVE-2012-3356 / CVE-2012-3357": - CVE-2012-3356: * security fix: complete authz support for remote SVN views - CVE-2012-3357: * security fix: log msg leak in SVN revision view with unreadable copy source Add patches "CVE-2012-3356" and "CVE-2012-3357", taken from upstream svn. (Closes: #679069) . [ Ben Hutchings ] * view_query: No longer allow an undocumented URL parameter to override the admin-declared SQL row limit, which could result in excessive CPU usage and memory consumption (CVE-2009-5024) (Closes: #671482) Checksums-Sha1: e8f722eefbd046db5cccc86ea358d7efb9122765 1462 viewvc_1.1.5-1.3.dsc 0408927320d2c8683ce9562d677f9c3bdf2243ee 29835 viewvc_1.1.5-1.3.diff.gz f8196929e603705c989753737d5ef4e26bf523e6 606516 viewvc_1.1.5-1.3_all.deb e334694ab1bd10908665c91ddafbdc72a9fd0c2f 12114 viewvc-query_1.1.5-1.3_all.deb Checksums-Sha256: 411e3a36179603b5a097cbb6570a52b659ea131fd63d3b0406cecf04c8926eba 1462 viewvc_1.1.5-1.3.dsc 76e0f4201958c59f262c9b02a32ab7932f45a420e53536668b0b10d6116501e7 29835 viewvc_1.1.5-1.3.diff.gz 7dbe4d488d0e4c9bc8d6a53e7ed0e6586dca6a526ecf4873a26b399adbfc415c 606516 viewvc_1.1.5-1.3_all.deb 834d341965ffe1029e78a913b373de0a39de40eea6a84d87645da26b64f7ff68 12114 viewvc-query_1.1.5-1.3_all.deb Files: 3cdd704b2a03a593a04c08c86733ddc0 1462 vcs optional viewvc_1.1.5-1.3.dsc aa2e3704af494f107351a7a0a2662200 29835 vcs optional viewvc_1.1.5-1.3.diff.gz 6604f55ee46ad534b98f12caa37d0f84 606516 vcs optional viewvc_1.1.5-1.3_all.deb 78df85ec268919b90f9ab845ec434d98 12114 vcs optional viewvc-query_1.1.5-1.3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJQex37AAoJEFb2GnlAHawEZFwH/22cGocgU2vTgoD4OAdILy6U MFhaS+r6D1WR/NQ+i7odr+5vczdfFZwDrAnDgarXnQbb4BQwhGxxtOQmwpc32bBM /Zv6MiXFblD77JbUZCbhbYm2N+dWId4b1zU+GAaxdaN0tOCwOF2K4ZhfC5q0BbRa 0ZS6L+g5HbCdW63YuLap3kJkzNrwzxLNZwDdVOmk86Lp/zFThBdYqv4aYkMFHDh5 fXGj9YknStYiQF7scNEOG9C6l9yZxWyM0Gheh6ybcAk8bC2das+R/rFTFl3aIp4O 3UsgQFkJ9Al4MHewb8dZM0b/Dtvum45DUd0nsLEXqUiutRCkfAI8t1uSi9Ju4as= =UJzW -----END PGP SIGNATURE-----
--- End Message ---
