Your message dated Tue, 12 Jan 2016 04:19:19 +0000 with message-id <e1aiqqr-00040y...@franck.debian.org> and subject line Bug#809920: fixed in radicale 1.1.1-1 has caused the Debian Bug report #809920, regarding radicale: Upstream version 1.1 fixes several security issues (CVE-2015-8747 CVE-2015-8748) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 809920: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809920 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: radicale Version: 1.0.1-2 Severity: critical Upstream of radicale has released a version 1.1 of radicale fixing several security issues. See http://radicale.org/news/ "Many improvements in this release are related to security, you should upgrade Radicale as soon as possible:" Improve the regex used for well-known URIs (by Unrud) Prevent regex injection in rights management (by Unrud) Prevent crafted HTTP request from calling arbitrary functions (by Unrud) Improve URI sanitation and conversion to filesystem path (by Unrud) Decouple the daemon from its parent environment (by Unrud)
--- End Message ---
--- Begin Message ---Source: radicale Source-Version: 1.1.1-1 We believe that the bug you reported is fixed in the latest version of radicale, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 809...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonas Smedegaard <d...@jones.dk> (supplier of updated radicale package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 12 Jan 2016 09:17:35 +0530 Source: radicale Binary: radicale python-radicale python3-radicale Architecture: source all Version: 1.1.1-1 Distribution: unstable Urgency: medium Maintainer: Jonas Smedegaard <d...@jones.dk> Changed-By: Jonas Smedegaard <d...@jones.dk> Description: python-radicale - simple calendar and addressbook server - python2 module python3-radicale - simple calendar and addressbook server - python3 module radicale - simple calendar and addressbook server - daemon Closes: 809920 Changes: radicale (1.1.1-1) unstable; urgency=medium . [ upstream ] * New release(s). Changed functionality: + Use the first matching section for rights. Security fixes: + Improve the regex used for well-known URIs. + Prevent regex injection in rights management. + Prevent crafted HTTP request from calling arbitrary functions. + Improve URI sanitation and conversion to filesystem path. + Decouple the daemon from its parent environment. Closes: bug#809920 (CVE-2015-8747 CVE-2015-8748). Thanks to Felix Knecht. Bugfixes and minor enhancements: + Assign new items to correct key. + Avoid race condition in PID file creation. + Improve the docker version. + Encode message and committer for git commits. + Test with Python 3.5. . [ Jonas Smedegaard ] * Update TODOs. * Add NEWS entry about changed access rights parsing logic. * Drop patches now included upstream. Checksums-Sha1: fb0e4f2f2b7f655c6563c122fa56da7c2b8f6286 2132 radicale_1.1.1-1.dsc cff3e6df3e55ac4534a826cb246a92591b1be1ec 52208 radicale_1.1.1.orig.tar.gz 58ff3df1eedd5a654325e453c640bc4bd9b8dfc5 20444 radicale_1.1.1-1.debian.tar.xz 8db29698c79e71f119ac0bcf8c20bab9fff8c60e 36822 python-radicale_1.1.1-1_all.deb 5b0821e8f13d808c85eea8681f49b825d495de2b 36636 python3-radicale_1.1.1-1_all.deb d50beb6e0d947c8b75490cedac236e1811b2556a 28086 radicale_1.1.1-1_all.deb Checksums-Sha256: 6e0a9971a68aeeba49fe9b614e39f500d5c9648d6a8ff47b7b8c9a92d87f53fa 2132 radicale_1.1.1-1.dsc f978e6bdfab329a8d2d643584f02c4d2788a44b360ed4c326dea9e2735df81f6 52208 radicale_1.1.1.orig.tar.gz ea06661a6a71047daf1500a5aea0c275a0f15929c8dee4bb59858144c2afb2f0 20444 radicale_1.1.1-1.debian.tar.xz 7e30f8c5b4debac2e5d346dd352c8250bfaec02533ec15f4bf98ca0824dcefb4 36822 python-radicale_1.1.1-1_all.deb b9e0f029a49a5dd813d8e519ddc695c02c31d8d4068ded19961d51b96804b727 36636 python3-radicale_1.1.1-1_all.deb 72d9343aa719420a2d2796d7c2310c49ef978b07afe340300a6a515525ff83d0 28086 radicale_1.1.1-1_all.deb Files: 9721bfa07a59418c0eb963d50261597d 2132 web optional radicale_1.1.1-1.dsc aeb388f24cd64e75dda2c03c6b7ede18 52208 web optional radicale_1.1.1.orig.tar.gz 41dc5b20f0c7fb3227caeacb09f05c46 20444 web optional radicale_1.1.1-1.debian.tar.xz 30223b247f5a47984434d91f22d5674f 36822 python optional python-radicale_1.1.1-1_all.deb 362b70813a60a74c7dbe11f12aeedfc2 36636 python optional python3-radicale_1.1.1-1_all.deb c1293afb8966c8d9d5700f0ffbdff40a 28086 web optional radicale_1.1.1-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWlHr5AAoJECx8MUbBoAEhBlIP/RFc1KMpRF1+JCa4dKSTQzT+ RQ08MtLzljGAw1fzAM/8jibep1odx8uvhtXnKrNt2A3TNKnj2sLjo2Of+utTE0qQ AIpQNfrtsEU8k4xKcueEsbJYokJVoQOj0LGsJMzzOdnSQBfZXu3PmiZPv5uh0C27 mc+ryz2v8TTL2HeZlk8D5mhU17WlVVpNxBRfvDN/X9JiETQXlUvLYHIep/TDLLYe 3bJoGPdj96D1LnFIYXOCQjy+ixJJtaWA3kUarb2ov8O39klJ/I1T9T2lj3nBobQZ BBjZksGtwQVMGeBMTZiRl1aXHrQikwqmVW4PUnQtKDqtWMWZp+Co5f6whX2mxUJN JMecT7qsHdfxYfvEYmUf7Xt9hWeCyBDRzSkmAMfkOwk7Ammn9mAHtiOAsUG6woJ+ h8dV0qp/l7uORB06m2yHPp/qCzzZcPNiXkSlqCf+vltCce+1dyPCeLVnvNBvRK8p r1DwEtm7kWRi9Wd42mupRZOVM93hpivoljgD6pWjynC16MDAAbdGkU7c/cN/K6kz a0NB3MupnK/nDte7ebGUja9jScO9GTzvh8PpA34Wbi2VsmGFz/xutS7yV8fhwpns Isyf6TgihkAH8i0cXOB7rESjluWpGcdXjfUOu6r+xqS+ELLSaljZ4RWzCD8eODWW 1C5XjLGmsMweWlw+89XS =ahBN -----END PGP SIGNATURE-----
--- End Message ---
