Your message dated Sat, 10 Aug 2013 15:47:29 +0000 with message-id <e1v8bo5-0000e6...@franck.debian.org> and subject line Bug#714362: fixed in php-radius 1.2.5-2+squeeze1 has caused the Debian Bug report #714362, regarding php-radius: CVE-2013-2220: security issue in radius_get_vendor_attr() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 714362: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714362 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: php-radius Severity: serious Tags: security patch Hi, A new upstream release of php-radius is available which fixes a security issue. http://pecl.php.net/package-info.php?package=radius&version=1.2.7 The relevant patch is https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234 A CVE id has been requested and will follow. Can you please fix this issue for unstable, and see if you can prepare updates for (old)stable? thanks, Thijs -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---Source: php-radius Source-Version: 1.2.5-2+squeeze1 We believe that the bug you reported is fixed in the latest version of php-radius, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 714...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <th...@debian.org> (supplier of updated php-radius package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 25 Jul 2013 14:28:53 +0200 Source: php-radius Binary: php5-radius php-radius-legacy Architecture: source all amd64 Version: 1.2.5-2+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: Roberto Lumbreras <ro...@debian.org> Changed-By: Thijs Kinkhorst <th...@debian.org> Description: php-radius-legacy - Radius protocol implementation in PHP php5-radius - PECL radius module for PHP 5 Closes: 714362 Changes: php-radius (1.2.5-2+squeeze1) squeeze-security; urgency=high . * Non-maintainer upload. * Fix security issue in radius_get_vendor_attr() (CVE-2013-2220, closes: #714362) Checksums-Sha1: 165466678c811caf48b75bfb6e8638240fd9f0f1 1434 php-radius_1.2.5-2+squeeze1.dsc b95e150665ba9adb3c0150a752cc8fec2200d1b5 10422 php-radius_1.2.5-2+squeeze1.diff.gz 3f971a0400fc64558200cb242bedc36ce0e0a838 8364 php-radius-legacy_1.2.5-2+squeeze1_all.deb 51985563d6231c9d0c6eefdf936fe66b73f43d5d 31640 php5-radius_1.2.5-2+squeeze1_amd64.deb Checksums-Sha256: 5af99fe18536a125b5bccb636b8c73636da93671f55bc53f30c7c20d4f1f046a 1434 php-radius_1.2.5-2+squeeze1.dsc ddbcf569d226609c99a16cbf9b90639fee695af722cfe0f8a36cc408f70d6c9f 10422 php-radius_1.2.5-2+squeeze1.diff.gz c46b6134962646e342a3165eb6938d74169ed98a2a5717dc965c563d3e4ae2a4 8364 php-radius-legacy_1.2.5-2+squeeze1_all.deb ea0bcd7dd76240db2f1134cc1b1f7a522cb7ac1b1ff9740e04568616ded92457 31640 php5-radius_1.2.5-2+squeeze1_amd64.deb Files: 70987d3c459a6e62667df128f1f5199f 1434 web optional php-radius_1.2.5-2+squeeze1.dsc dce2ca876c588d4ddfd6fd64ad075261 10422 web optional php-radius_1.2.5-2+squeeze1.diff.gz 0ca8aeef996b4181cf9601ff67c798b8 8364 web optional php-radius-legacy_1.2.5-2+squeeze1_all.deb 7a5909e513a4d5f3d4b278316e862cdb 31640 web optional php5-radius_1.2.5-2+squeeze1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJR8TJDAAoJEFb2GnlAHawE3KgH/R+XYwDFlbRjdfjInUi2ggW6 ZsXEH3O2s6rgbPmvDe5jOI9ArOpQUBZ3oNCOfW/fRT1AwUB2am6JDKxCP+PTyS8B PpNpV96ZxIjQyVBM0vpBPp8fPmtY0EkeBdwlaltH9tPXOLEbf11YzevDwTtvTcsC FR6JQdQWIabvwSGRs+d5H4TJcy/FZzG5nCMuGf3WQIbIYos6vVuOXAg6/gev8bQc Xj2VSGkQlS/TjCxToM2lP7FzDpIgxH33j0W6ABW2+gOhXzQFV9/deGLXDDeA4fK1 SY3xwVsdGsixiMedB/HKJ4T+/LCzt0qQeRytP/jNDZ7XJFndqbAxrcUkhGu2Z8M= =qEfn -----END PGP SIGNATURE-----
--- End Message ---
