Your message dated Sun, 31 Jan 2016 18:04:15 +0000 with message-id <e1apwmb-0007bv...@franck.debian.org> and subject line Bug#809920: fixed in radicale 0.7-1.1+deb7u1 has caused the Debian Bug report #809920, regarding radicale: Upstream version 1.1 fixes several security issues (CVE-2015-8747 CVE-2015-8748) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 809920: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809920 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: radicale Version: 1.0.1-2 Severity: critical Upstream of radicale has released a version 1.1 of radicale fixing several security issues. See http://radicale.org/news/ "Many improvements in this release are related to security, you should upgrade Radicale as soon as possible:" Improve the regex used for well-known URIs (by Unrud) Prevent regex injection in rights management (by Unrud) Prevent crafted HTTP request from calling arbitrary functions (by Unrud) Improve URI sanitation and conversion to filesystem path (by Unrud) Decouple the daemon from its parent environment (by Unrud)
--- End Message ---
--- Begin Message ---Source: radicale Source-Version: 0.7-1.1+deb7u1 We believe that the bug you reported is fixed in the latest version of radicale, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 809...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated radicale package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 30 Jan 2016 16:27:53 +0100 Source: radicale Binary: radicale python-radicale Architecture: source all Version: 0.7-1.1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Jonas Smedegaard <d...@jones.dk> Changed-By: Markus Koschany <a...@debian.org> Description: python-radicale - simple calendar server - module radicale - simple calendar server - daemon Closes: 809920 Changes: radicale (0.7-1.1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload. * CVE-2015-8748 and CVE-2015-8747: Fix insecure path handling by sanitizing system paths and always making them absolute. Version 0.7 of Radicale is only partly affected by CVE-2015-8747 because the multifilesystem storage does not exist in this version. (Closes: #809920) Checksums-Sha1: df1d8edc220366225d01dee82ed5cb82653d457c 2133 radicale_0.7-1.1+deb7u1.dsc baefc7c61495b8639e67fcdf518f82aeae89e8e3 35922 radicale_0.7.orig.tar.gz 04b7a56c0d3d36d019a2c2473b77058d2c6fc177 15160 radicale_0.7-1.1+deb7u1.debian.tar.gz 920c42de71a5b651593945c231cc8be8b62d8671 13924 radicale_0.7-1.1+deb7u1_all.deb 6f3d51dddf4fc12d0bbb9149f2bbeea264cc076a 29018 python-radicale_0.7-1.1+deb7u1_all.deb Checksums-Sha256: f80269a585820ea6b95a7bf3d0775ef0a6d4ccafe185808e059e746fad737e4b 2133 radicale_0.7-1.1+deb7u1.dsc 3b4eddb9172209f4603ec88f497637650b324c4ad90747dcdd50e092bee02cb2 35922 radicale_0.7.orig.tar.gz 721c0f2cac580ee0f3ae3ce0c1a7318c1237f53997ae3146aa96ee00dcb22914 15160 radicale_0.7-1.1+deb7u1.debian.tar.gz 75294caf025902598a99b89478ef031d249140fd3c579e573e14eed81c3d3e15 13924 radicale_0.7-1.1+deb7u1_all.deb 80f264e999f82e634a19f7925d26dd06c9ee74afbe88098cad4777d1502cc1db 29018 python-radicale_0.7-1.1+deb7u1_all.deb Files: 255ab08ad291a7efc87d7c89044de51f 2133 web optional radicale_0.7-1.1+deb7u1.dsc 199568665d919be267485ac2147baf18 35922 web optional radicale_0.7.orig.tar.gz a6312985af3b617c6c969bc531f061b0 15160 web optional radicale_0.7-1.1+deb7u1.debian.tar.gz 5af89cd9079ab87af0e02a8305c1d2b0 13924 web optional radicale_0.7-1.1+deb7u1_all.deb d2c3a1eff7fcf062ed2af378a1dc14f4 29018 python optional python-radicale_0.7-1.1+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJWrNgnXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hk4S4P/2Uzgek/aHBYlHEVxI+4nrha MHW6fpgONLjUWwmUCBp5RV9pl7y0vxy+3dQayb7ywQQQ4k/3J2Fo04vdK9otIKUm Pd8e8uo7ztd7DG5CD0Lra5li+8dKvbaWPcZxxHbz8LzMnsbBP5HpNRmZYuHz1OQr 1ET2Wt7apr6bps7eO6kPYgeaq9aHZddJhpNgrdzq2LyMZMmquje8t7NaguEdWsMl tKNFKbp32q/c1x1eTSmgMHmqCV1XB3PaNWuQ0E2L9yZzlXXgSU+lATre1Zipycez hZpDBeiCTwaeDH1NvgP3ArO3ELRVpeZOhbd5dlXSC562UZSi+QM2UUoZThtj131N QF3l2KN9cEkTw3cPKN+vZzQVQ097envM0OGa+xMA5gK+eZlH04ZUHab5RRP7Dr2g oUev0xhKewmYVvWapbNNqc6Gz+kFrh6hfU85YN782RqsZWZT1sH8VPbQRDVuPKwt mUToX+hIjyozTfnZIQaffqigo4KBTav3ee4NyGYSMen8MnPr3E07wX4u5Zm863J3 jCiWvTfhpzJCOnzrkwYb/q+FmHKeiOCeXOLbMpvisdGCVFUEduTjHZEUddePJ+40 XTxtcGtMane2R75AnKU2qY5bzqL6siCJ6DG73PUwaVnzVkTYae1H0pPDDbzXSLr4 2YGBJct4D368v2jSgo78 =Xj/Y -----END PGP SIGNATURE-----
--- End Message ---
