Your message dated Sun, 31 Jan 2016 18:02:46 +0000 with message-id <e1apwkk-0006p4...@franck.debian.org> and subject line Bug#809920: fixed in radicale 0.9-1+deb8u1 has caused the Debian Bug report #809920, regarding radicale: Upstream version 1.1 fixes several security issues (CVE-2015-8747 CVE-2015-8748) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 809920: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809920 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: radicale Version: 1.0.1-2 Severity: critical Upstream of radicale has released a version 1.1 of radicale fixing several security issues. See http://radicale.org/news/ "Many improvements in this release are related to security, you should upgrade Radicale as soon as possible:" Improve the regex used for well-known URIs (by Unrud) Prevent regex injection in rights management (by Unrud) Prevent crafted HTTP request from calling arbitrary functions (by Unrud) Improve URI sanitation and conversion to filesystem path (by Unrud) Decouple the daemon from its parent environment (by Unrud)
--- End Message ---
--- Begin Message ---Source: radicale Source-Version: 0.9-1+deb8u1 We believe that the bug you reported is fixed in the latest version of radicale, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 809...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated radicale package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 30 Jan 2016 16:36:20 +0100 Source: radicale Binary: radicale python-radicale Architecture: source all Version: 0.9-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Jonas Smedegaard <d...@jones.dk> Changed-By: Markus Koschany <a...@debian.org> Description: python-radicale - simple calendar server - module radicale - simple calendar server - daemon Closes: 809920 Changes: radicale (0.9-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload. * CVE-2015-8748 and CVE-2015-8747: Fix insecure path handling by sanitizing system paths and always making them absolute. Fix multifilesystem backend allowed access to arbitrary files on all platforms. (Closes: #809920) Checksums-Sha1: 85cf841fd364a8b68e11ea706b1e5dad5a1d6de8 2171 radicale_0.9-1+deb8u1.dsc ed82a88f818bd96a1be57cd8660bf3cf2636048b 47833 radicale_0.9.orig.tar.gz d827ea147a8dc4f4b5d6df20a19b41a27f9f4adb 23708 radicale_0.9-1+deb8u1.debian.tar.xz df478680441b3e45e698dc1b2474230048aa7c96 26692 radicale_0.9-1+deb8u1_all.deb c2d1bf71a17f47fdc097ae8fcb25547c1918d02b 33512 python-radicale_0.9-1+deb8u1_all.deb Checksums-Sha256: 2afeff23304025654b9d204ae223c76090061928601e3924ab992cb0278fec79 2171 radicale_0.9-1+deb8u1.dsc 512ae0b0af552bfd921e004ef795d1b42f090188e7afa2fa96276512be5a1205 47833 radicale_0.9.orig.tar.gz 2f0d120539163a8fe4e621c9d918ff4f33fcef19b0afe1026f10ddd6fabbafb2 23708 radicale_0.9-1+deb8u1.debian.tar.xz 605a8ab6fc95ce5a05a8bb22898a29cbfa2dc0201a0bf28237f44a99e647daf1 26692 radicale_0.9-1+deb8u1_all.deb 2932f3e202d757e98487d65cb717e62a6974b7f74ee2ef1cfd54a5ed7370b246 33512 python-radicale_0.9-1+deb8u1_all.deb Files: 850b0d520eaa24eab91682c9fc7694fe 2171 web optional radicale_0.9-1+deb8u1.dsc ed4043f3d5659d8f5e5954db3ffd177a 47833 web optional radicale_0.9.orig.tar.gz 153fa68cfd04b3da16bba2ee24698377 23708 web optional radicale_0.9-1+deb8u1.debian.tar.xz ec95469f2a07be460ecb1e8ac5c66404 26692 web optional radicale_0.9-1+deb8u1_all.deb 1c5f1169677edc1f7eb6d5b105651bc3 33512 python optional python-radicale_0.9-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJWrNlxXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkfBEP/RDOItaJq30VssEDIPBlTSRe gJQJh5GO4cpl2qqok7sGqUw8YjgzcjCdnOINh5ywN4+MlGI6E0YigF9lDKsOE4sO 8YIEMquhVnnvLWKM6dYGc60HZhTwHnzsqfxXDUmyji4YWhcdaPxqPAZSnbJZEyyF 9dN5n0BUeaWFCxFkOHFLHvgD4YSaRayqwdfOEz2ZYivSA9GIdho0xvDTOx0afWj4 VtTCQXzu7UlMPKotaZR6JQ2HDearS7gsCFgF9XlL6xE+wkPsWyUUnWxrtMB7Wktt 9fbxY48YK3fEmXansk3LvAcEwf0Cuq6HMWWX0UK5kYsWJAUqWl+mv1ACsQUbk8gN dL7PvOzh3IToR5iyolmpoDpAbRw5WuAvjVNfZqs+zoyT9wt/qXou6WOHJVKJOjV2 /ucE/XHIMdXg35IQ8l8/8eAf7aQyIllOwEssD7UdfqOSp0mix2Vt7QX5X99VMpr8 q+BaoGBpbbDhWd05tDK7mvqtJA9eNfzdOp59CRbn2MltvJqZlAG3SrTt+nytnpgU tN2WbTW8Kky/YF7d27GowsC2NubbziCB1DC4Vt3OAe5LY7Jjq7tNd2rcAXBk6W/k B4A9snmbt7gRzJ7K7L7NaJksMPlPa1A1T7UdOrYlq7YUTJVblw4QpQUSSBsFWFEI QDkqGrMkLUx/U8bWwSCI =dQ/D -----END PGP SIGNATURE-----
--- End Message ---
