Your message dated Sun, 5 Nov 2006 22:54:57 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Closing
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: twiki
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been found in twiki:
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4
allows remote attackers to read arbitrary files via a .. (dot dot) in the
filename parameter.
I could not find information about version 20040902, so this has to be checked.
See
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294
--- End Message ---
--- Begin Message ---
Version: 1:4.0.4-3
This upload closes all these bugs:
twiki (1:4.0.4-3) unstable; urgency=high
* added Hotfix 4 for TWiki 4.0.4
-- Sven Dowideit <[EMAIL PROTECTED]> Fri, 15 Sep 2006 00:00:01 -1000
twiki (1:4.0.4-2) unstable; urgency=high
* added Hotfix 3 for TWiki 4.0.4
includes:
Item 2714 - SECURITY ISSUE! - Topics with ALLOWTOPICVIEW
defined in "Edit Settings" (META) can be read by anyone
with a specially crafted SEARCH.
Item 2806 - Security Alert CVE-2006-4294 - viewfile doesn't
follow rules for mapping attachment names
-- Sven Dowideit <[EMAIL PROTECTED]> Sat, 09 Sep 2006 00:00:01 -1000
twiki (1:4.0.4-1) unstable; urgency=high
* added Hotfix 2 for TWiki 4.0.4
includes (CVE-2006-3819) - Configure robustness update
-- Sven Dowideit <[EMAIL PROTECTED]> Sun, 20 Aug 2006 00:00:01 -1000
twiki (1:4.0.4-0.1) unstable; urgency=high
* new upstream version TWiki-4.0.4
includes prevent script execution of uploaded files (CVE-2006-3336)
(Closes: #381907)
4.0.2 includes CVE-2006-1387: DoS with INCLUDE
(Closes: #367973)
* restricted access to configure script
* added libcgi-session-perl dependency
* stopped failure when /etc/apache-foo/conf.d/twiki.conf_old doesn't
exist
* cleaned up handling of apache reload/restart calls
-- Andrew Moise <[EMAIL PROTECTED]> Fri, 11 Aug 2006 15:05:06 -0400
twiki (1:4.0.1-1) unstable; urgency=high
* new upstream version TWiki-4.0.1
(Closes: #255782, #221514, #338118, #311662, #305793, #345668)
* added brute force restart of apache & apache2 (Closes: #300601)
* fixed regex that was supposed to set WIKIWEBMASTER (Closes: #305034)
* removed data dir from apache.conf (Closes #307928)
* added debconf-2.0 dependancy (Closes: #332129)
* improved RedirectMatch (Closes: #293369)
* updated Czech translation of debconf (Closes: #321818)
* added Vietnamese translation of debconf (Closes: #322398)
* added Swedish translation of debconf (Closes: #341095)
* fixed up debconf spelling mistake (Closes: #322399)
* added dependancy option of apache-perl (Closes: #235603)
* cleaned up index.html (Closes: #228748)
* added extra test for existing data (Closes: #229036)
* added primitive test and use of htpasswd2 for apache2 (Closes: #233943)
* remove use of wwwconfig (Closes: 251340)
-- Sven Dowideit <[EMAIL PROTECTED]> Sun, 26 Feb 2006 00:00:01 -1000
Thanks.
--
ยท''`. If I can't dance to it, it's not my revolution
: :' : -- Emma Goldman
`. `' Proudly running Debian GNU/Linux (unstable)
`- www.amayita.com www.malapecora.com www.chicasduras.com
--- End Message ---
