Your message dated Mon, 19 Dec 2005 08:02:07 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#335997: fixed in flyspray 0.9.8-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Oct 2005 09:31:20 +0000
>From [EMAIL PROTECTED] Thu Oct 27 02:31:20 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EV46S-0006By-00; Thu, 27 Oct 2005 02:31:20 -0700
Received: from wlan-client-066.informatik.uni-bremen.de ([134.102.116.67]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1EV46Q-00066D-Sj
for [EMAIL PROTECTED]; Thu, 27 Oct 2005 11:31:18 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.54)
id 1EV475-0002av-QQ; Thu, 27 Oct 2005 11:31:59 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: flyspray: Multiple XSS vulnerabilities
X-Mailer: reportbug 3.17
Date: Thu, 27 Oct 2005 11:31:59 +0200
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.116.67
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: flyspray
Severity: grave
Tags: security
Justification: user security hole
Multiple Cross-Site-Scripting vulnerabilties have been found in
Flyspray. Have a look at
http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-variable.html
for more details. This has been assigned CVE-2005-3334, please mention so in
the changelog when fixing this.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 335997-close) by bugs.debian.org; 19 Dec 2005 16:10:59 +0000
>From [EMAIL PROTECTED] Mon Dec 19 08:10:59 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EoNSh-0000Lh-BE; Mon, 19 Dec 2005 08:02:07 -0800
From: Pierre Habouzit <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#335997: fixed in flyspray 0.9.8-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 19 Dec 2005 08:02:07 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 4
Source: flyspray
Source-Version: 0.9.8-6
We believe that the bug you reported is fixed in the latest version of
flyspray, which is due to be installed in the Debian FTP archive:
flyspray_0.9.8-6.diff.gz
to pool/main/f/flyspray/flyspray_0.9.8-6.diff.gz
flyspray_0.9.8-6.dsc
to pool/main/f/flyspray/flyspray_0.9.8-6.dsc
flyspray_0.9.8-6_all.deb
to pool/main/f/flyspray/flyspray_0.9.8-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Habouzit <[EMAIL PROTECTED]> (supplier of updated flyspray package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 19 Dec 2005 16:41:05 +0100
Source: flyspray
Binary: flyspray
Architecture: source all
Version: 0.9.8-6
Distribution: unstable
Urgency: low
Maintainer: Pierre Habouzit <[EMAIL PROTECTED]>
Changed-By: Pierre Habouzit <[EMAIL PROTECTED]>
Description:
flyspray - lightweight Bug Tracking System (BTS) in PHP
Closes: 335997 337717 342544 343610 344014
Changes:
flyspray (0.9.8-6) unstable; urgency=low
.
* Php apps cannot depends upon phpapi (closes: #343610).
* Postinst typos fixed (closes: #344014).
* Update fr.po (closes: #337717).
.
* Update patches to use flypsray-update1 instead of home-brewed patches.
- it fixes the htmlspecialchars problem (closes: #342544).
- it fixes the security problem with upstream's method (closes: #335997).
Files:
95f09672d4fd4d4df8ccb1c54db73fab 595 web optional flyspray_0.9.8-6.dsc
5b90e8db34dd8d09b2fc81752ec834d1 22849 web optional flyspray_0.9.8-6.diff.gz
b56fa04cc6af97df8eedd175691410f7 390420 web optional flyspray_0.9.8-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDptVpvGr7W6HudhwRApGDAJ9nwB15tj+NjcyVOW3+ZnP1j8CYpQCfU6J6
2XDAe5WJyuAZWeEv4TZjNyU=
=aytD
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
