Your message dated Wed, 18 Jun 2014 21:34:22 +0000 with message-id <e1wxnus-0000gr...@franck.debian.org> and subject line Bug#751867: fixed in frontaccounting 2.3.21-1 has caused the Debian Bug report #751867, regarding CVE-2014-3973: frontaccounting: multiple SQL injection vulnerabilities to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 751867: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751867 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: frontaccounting Version: 2.2.10-3.1 Severity: important Tags: security, fixed-upstream Multiple SQL injection vulnerabilities in FrontAccounting has been fixed in 2.3.21 version. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3973 http://sourceforge.net/p/frontaccounting/mercurial/ci/7ab9e443a8eb9d1b03cbed33006b7665bda9383e http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php Please use CVE in changelog. I'm happy to help in case you need PoC / reproduce or some other help. --- Henri Salo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: frontaccounting Source-Version: 2.3.21-1 We believe that the bug you reported is fixed in the latest version of frontaccounting, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 751...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael C. Schultheiss <schul...@debian.org> (supplier of updated frontaccounting package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 18 Jun 2014 19:14:38 +0000 Source: frontaccounting Binary: frontaccounting Architecture: source all Version: 2.3.21-1 Distribution: unstable Urgency: high Maintainer: Michael C. Schultheiss <schul...@debian.org> Changed-By: Michael C. Schultheiss <schul...@debian.org> Description: frontaccounting - web-based double-entry accounting and ERP program Closes: 689129 705016 732887 751867 Changes: frontaccounting (2.3.21-1) unstable; urgency=high . * New upstream release * Fixes multiple SQL injection vulnerabilities. CVE-2014-3973 Closes: #751867 * Incorporate NMUs (Thanks to Scott Kitterman, Evgeni Golov, Jamie McClelland) * debian/control: + Add MariaDB as alternative to MySQL (Closes: #732887) + Add libgnome2-perl dependency (Closes: #705016) * debian/postinst: Don't delete config_db.php.template (Closes: #689129) Checksums-Sha1: 7c9e7a820b3e79a030e83bcc2cdf7b0804258277 1877 frontaccounting_2.3.21-1.dsc 10b593677a34dbf012d0e9d9e1e1601a34b740c5 1288134 frontaccounting_2.3.21.orig.tar.gz ed246d14ec12834ded851521296765d85aa1ded5 38840 frontaccounting_2.3.21-1.debian.tar.xz 1ddbb1dd0521d287b142508aa0160cfe55429a03 922458 frontaccounting_2.3.21-1_all.deb Checksums-Sha256: 34be7e27ff74a87b6c68c7bf491923352bee8e89b87125c98469a6469c40ddde 1877 frontaccounting_2.3.21-1.dsc 61da4b1d792ce3463b75c4e9b09e5f72598b020807713beff6dcd845c01586e7 1288134 frontaccounting_2.3.21.orig.tar.gz 5f167048329d86dc79d46e954eb07fbf4c29be7a83a895b079e583d124c58c6e 38840 frontaccounting_2.3.21-1.debian.tar.xz d9538dda6513680e1f612508eea843cec99dd1f58ff4ab7cf75c28e3c30f8a2f 922458 frontaccounting_2.3.21-1_all.deb Files: bb26438de76a6e612e92ea1b0c4738dd 922458 web optional frontaccounting_2.3.21-1_all.deb 20ce5f296bd80841207c82612fb7c908 1877 web optional frontaccounting_2.3.21-1.dsc 8ef3730bef394d34e1c07acba719dfe0 1288134 web optional frontaccounting_2.3.21.orig.tar.gz 17e2740df1dd5956a4f69a7b02d7ad23 38840 web optional frontaccounting_2.3.21-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJToe1mAAoJEJ7AAv4cnKUXW2YQANc/b0bN2PTODRZNokosQ3y0 QKRUa6DSQFbaGkkriorWY7LJoArZ7vC7WyPOpKwM/r+7miIylQfPi+zQtdECsSwe 4jjurlFWObeXufiboSvFTqt57FOzmTgHC0unIwh+SiMR9sYQokRp28D+2VphgVjd ughm6jypJ/dw4Q1kuZNNg9t4HXr+76qt36AbtbXDPHTreONrfVhYdjujnUTlV1gQ 0QG13zahiFqmcfz+5yGVhXZ1sEK+kCT5byeuWl2GwEh9g81Qwwda+k6jZ1M6bipJ 3fLX41PGwae+rr9U9fDMpxyawBu7S1m67eYPi6aP7txzzj2XUepxv+fK4LUn1qBz 91axT3l4nLWnnVAPvOyKLmL36Kj+g2xCBPiOapfbCbEvA8kj8mXUkHvfH8Nt47u1 PriyK5fK85defeid+h3Q47CftMYRm73Zr9vXa5Oy9PrLApRuXkXtHbqT/09Ic7wN fhSEKXKA9UAqdkh2qWOZWD0kSYhjpzAaDSCvNewuGZglAkCjBHi1oau4hTfru88R OOaZCIadUM6Y1P5NOiE7/gzP46idDSJuIJxOPD+e+01aIFeqSZ6N86Eg4xGJ7Wfs x1jcin4Vx2d0+9XNGVDWiR77HNOXA/XpVrswQ9oMhEDMxs2fnkQuuIdotpVadjYk uSpcqK0MjdGEbE0Ya8c8 =grm9 -----END PGP SIGNATURE-----
--- End Message ---
