Your message dated Sat, 14 Mar 2015 17:48:46 +0000 with message-id <e1ywqb4-00085k...@franck.debian.org> and subject line Bug#778634: fixed in libphp-snoopy 2.0.0-1 has caused the Debian Bug report #778634, regarding libphp-snoopy: CVE-2008-7313 / CVE-2014-5008 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 778634: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778634 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libphp-snoopy Severity: grave Tags: security That's all fairly messy: The fix for CVE-2008-4796 was incomplete in several ways: - First attempt to fix it was this http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 The fix was assigned CVE-2008-7313. - But this one was incomplete as well: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/ The second fix was assigned CVE-2014-5008: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.29 (it's full of whitespace noise, though). Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libphp-snoopy Source-Version: 2.0.0-1 We believe that the bug you reported is fixed in the latest version of libphp-snoopy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 778...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marcelo Jorge Vieira <me...@debian.org> (supplier of updated libphp-snoopy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 24 Feb 2015 20:52:54 -0300 Source: libphp-snoopy Binary: libphp-snoopy Architecture: source all Version: 2.0.0-1 Distribution: unstable Urgency: high Maintainer: Marcelo Jorge Vieira <me...@debian.org> Changed-By: Marcelo Jorge Vieira <me...@debian.org> Description: libphp-snoopy - Snoopy is a PHP class that simulates a web browser Closes: 778634 Changes: libphp-snoopy (2.0.0-1) unstable; urgency=high . * New upstream release: + Fixes: CVE-2008-7313 and CVE-2014-5008 (Closes: #778634) + Remove curl dependency * Control: + Remove trailing spaces + Use canonical Vcs-fields + Updated Standards-Version to 3.9.6 (no changes) * Switch to dpkg-source 3.0 (quilt) format Checksums-Sha1: 8053409e93f65df88d7c06f8b64ab100f191a469 1874 libphp-snoopy_2.0.0-1.dsc 45e2632ba20b1cc960293daa0f81e763752a46d5 22090 libphp-snoopy_2.0.0.orig.tar.gz 38b0760ae47962603aec7159bac9171c6c92025a 2256 libphp-snoopy_2.0.0-1.debian.tar.xz 0ccd86d3bd5e02ca5886f965fdf3829b8e1677e4 16188 libphp-snoopy_2.0.0-1_all.deb Checksums-Sha256: 679164eaf79016e3e0265ee0ebf81f8eba4f9cd8e673d60f860439d7f29c8f0e 1874 libphp-snoopy_2.0.0-1.dsc 3477fdf3db8c877dc0a389b18595c98d39e0e77a12cd5d2587c882d6f564a533 22090 libphp-snoopy_2.0.0.orig.tar.gz aca452f6ca8d4512a11487d5adba3ae3f69c17063679900dab34890feaa5f523 2256 libphp-snoopy_2.0.0-1.debian.tar.xz 0610c167fb26d2c2376a6f40dbb9c4c795f90269e8df6f52da4efc99bb04a8b6 16188 libphp-snoopy_2.0.0-1_all.deb Files: 0900155b90ce9e3ce35388ff64bfaf4d 1874 php optional libphp-snoopy_2.0.0-1.dsc 268585d4a2612ed70d16608134cd24a4 22090 php optional libphp-snoopy_2.0.0.orig.tar.gz 9c3661ce9196c31b935b31fbb5c8e4a8 2256 php optional libphp-snoopy_2.0.0-1.debian.tar.xz 16aefda39f817ca0954a7052cdaf8a61 16188 php optional libphp-snoopy_2.0.0-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVBG7kAAoJEFuSTuMQBVzT7w8P/2n8Y6P1Trscx9K2jVv8C1hN zexPinF1CaoU8vJrarOoSkovmm3X9fGFcv36zdHV2OmDwXa9UYHUY84b4ORFbHOz Y0Vo4HGAMbxnGLlQ8NUUQBjBr5Yoco1Xx6TjUSf4Zrq+faltzza1Img6oxCAibWX bNLe4hVvWyD7lhNuczmcIp6wxKOVAbwkCRQy5PsD6WbVHTOd3GsJQ1GWLzp2uwzW A+yyziV87KhRc2K4mx1ZI14YzsKcWRMIWyb9qtHn9SrSOqbYTtoPbIq8hA+sJkcC fAhlc0y+0mvKQ0bgUzMUaOlRPYsRKHvSQrtPoMOMtqdLFMVKTFFyaevSPFLTGb9u PjbocWBHPDK4wO5PoAEBIEBLN7Ae1+64hrteS84Z7R8fl4nYMr9l3tmIg5qkMz3E cIsTBLDxJchslllxGFRsteDjOTbNTABHNgtYSNgQC5NrFEMd5o7FDCZ13q/OqEqz jvNtt9qQ4K8Ib2Z0rlCG4x/MAAkK3iP9lyjNDwB+23xNCLs9z5+Qk1QljpDBJUQC vOIZB6ynT169+3g4VKh7yvHQiW6kb3H+WvMx+JdwOe23A0I2nrE0T/CKQwk021TO Y3UgfC7MqJALF8qCrQvfSw21Onj6JXjYvYKM4hoD4vgrZ7aug2PNPtekasiLpBoz TW5Y3Z4WHVJXywiKxr0x =w1T/ -----END PGP SIGNATURE-----
--- End Message ---
