Your message dated Wed, 18 Sep 2013 19:49:59 +0000 with message-id <e1vmnl9-000620...@franck.debian.org> and subject line Bug#721221: fixed in php-openid 2.2.2-1.2 has caused the Debian Bug report #721221, regarding php-openid: CVE-2013-4701 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 721221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: php-openid Severity: grave Tags: security Justification: user security hole This was assigned CVE-2013-4701: http://jvn.jp/en/jp/JVN24713981/index.html http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000080.html Fix is here: https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: php-openid Source-Version: 2.2.2-1.2 We believe that the bug you reported is fixed in the latest version of php-openid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 721...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Artur Rona <ari-tc...@tlen.pl> (supplier of updated php-openid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 11 Sep 2013 16:57:40 +0200 Source: php-openid Binary: php-openid Architecture: source all Version: 2.2.2-1.2 Distribution: unstable Urgency: high Maintainer: Jan Hauke Rahm <j...@debian.org> Changed-By: Artur Rona <ari-tc...@tlen.pl> Description: php-openid - PHP OpenID library Closes: 721221 Changes: php-openid (2.2.2-1.2) unstable; urgency=high . * Non-maintainer upload. * debian/patches/CVE-2013-4701.patch: - Disable external XML entities and libxml errors. Fixes security issue. (Closes: #721221) - CVE-2013-4701 Checksums-Sha1: fd23e7a24907e88a01c6683bc5bf0a41880ed6b7 1858 php-openid_2.2.2-1.2.dsc e4fd9f16b5e21e2f2683d3f251386607cd37c11e 3694 php-openid_2.2.2-1.2.debian.tar.gz c6e4f33a8e529109f3fe5e185c8949b9f06b55f9 208450 php-openid_2.2.2-1.2_all.deb Checksums-Sha256: 6afd74447ad4e5090f858200cb0a55efbe576760c4ea36e5f0dc5fb1c82b6aee 1858 php-openid_2.2.2-1.2.dsc 2c99afc9cce279cce0efed3f53fef11933433f7285a04f72a6f90dccab9f60a7 3694 php-openid_2.2.2-1.2.debian.tar.gz 4b9aef62837c8f3c8d30a282de1349c14c982620a9c6340d014f0dd7020dc4ae 208450 php-openid_2.2.2-1.2_all.deb Files: f881758feffab5330c06050723bcdd29 1858 php optional php-openid_2.2.2-1.2.dsc fec78ff85d590891f311b2e7297ac9fc 3694 php optional php-openid_2.2.2-1.2.debian.tar.gz ba7ffdaec977595c3420aa549781b81b 208450 php optional php-openid_2.2.2-1.2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBCAAGBQJSN10pAAoJEEkIatPr4vMf040P/1sSx/j6OWvjl0qRAlXUVuq1 yHxhSLLLgPBZ05tRI2Pshrq7qpo1mlBFAV6LB1A8vhheopdzAJRwEBHlzWTg9YZS hsPtbd47eqYcVqVD+ihD0byVpYmyAKs9IvgcFinwK+Wn5VUSREfceBQ2nS9nXPxs nnDRqVRGdLwV3Z2OiV3wBim98RgrUqGKcJ5VKttEE3QIrbvIYwBpmY6FHvuKHuvi R5YmXtHZMGRTf3YudsZYpfZF95FF0NbmpCcvxZCsXAKOA/uRqEfzf7s5bBiUu1vz W++5eLU2h5GRFLzZ4wEk1q9tjzpDwPaXqlz25be/2EZDi5XBlrAk3V1pK3HhLYfH TuTQ2KCEQ7W7qdEjJIQ4oXee+W5oEF+vIsVucH0ayPLb0bBx7gly0Du8NfvaM41G JejsRv0Rpyay4QLpExrT66Xw2qKkdWN1V/29xyxFkK+GUwPePV+4/phuwoNT1ZIx SSTgFRh3hbQITfN6QVx0YcqgYrT9E17PRjLW35ollJWjVnPR/y3Pe+Fe37LFgL5C LsVnJNUq2nESV5J4dAMWDVOnvmcoCuzBRVGGYf/Z8XMs+hIZu4XmVbJCS9d/Z6r4 6OnkIYQR96MUCdQdg6bAzQaC6bEbB5HqnDD9hHPSXblkwwBm1PHwYpCfxb0wDmx6 Z8IQoXnjBDMQlIwASizH =ws+Q -----END PGP SIGNATURE-----
--- End Message ---
