Bug#816780: marked as done (roundup: CVE-2014-6276: information leak)

Mon, 25 Apr 2016 10:25:10 -0700 

Your message dated Mon, 25 Apr 2016 17:23:18 +0000
with message-id <e1aukea-00089g...@franck.debian.org>
and subject line Bug#822335: Removed package(s) from unstable
has caused the Debian Bug report #816780,
regarding roundup: CVE-2014-6276: information leak
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
816780: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816780
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: roundup
Version: 1.4.20-1
Severity: grave
Tags: security upstream fixed-upstream wheezy jessie stretch sid

Hi

https://www.debian.org/security/2016/dsa-3502:
|Ralf Schlatterbeck discovered an information leak in roundup, a
|web-based issue tracking system. An authenticated attacker could use
|it to see sensitive details about other users, including their hashed
|password.

The purpose of this bug is to have a RC bug for roundup. roundup has
long seen any new upstream releases. 

>From Kai Storbeck it looks the way forward would be to have roundup
removed for unstable and stretch. Kai can you confirm that this is
still the plan vs. update to new upstream releases?

If so can you fill afer discussion with the Python App team a removal
request?

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Version: 1.4.20-1.1+deb8u1+rm

Dear submitter,

as the package roundup has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/822335

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to