Your message dated Sat, 16 Dec 2006 15:02:17 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#403345: fixed in tdiary 2.1.4-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: tdiary
Version: 2.1.4-5
Severity: critical
Tags: security
Justification: root security hole
Vulnerability has been reported in tDiary, which can be exploited by
malicious people to run arbitary commands on web server.
Input passed to unspecified parameters is not properly sanitised before
being returned to the user. This can be exploited to execute arbitrary
code in a web server hosting the tDiary CGI.
The vulnerability is reported in versions blow:
- prior to 2.0.3 (Debian stable, testing and unstable)
- prior to tDiary 2.1.4.20061127 (Debian experimental)
An announcement from the upstream site is
http://www.tdiary.org/20061210.html. (written in Japanese only)
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable'), (90, 'unstable'), (1,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP)
Versions of packages tdiary depends on:
ii libdpkg-ruby1.8 0.3.2 modules/classes for dpkg on ruby 1
ii libuconv-ruby1.8 0.4.12-2 Unicode/EUC-JP translation module
ii rdtool 0.6.20-1 RD document formatter
ii ruby 1.8.2-1 An interpreter of object-oriented
Versions of packages tdiary recommends:
ii tdiary-mode 2.0.3-1 tDiary editing mode for Emacsen
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: tdiary
Source-Version: 2.1.4-6
We believe that the bug you reported is fixed in the latest version of
tdiary, which is due to be installed in the Debian FTP archive:
tdiary-contrib_2.1.4-6_all.deb
to pool/main/t/tdiary/tdiary-contrib_2.1.4-6_all.deb
tdiary-mode_2.1.4-6_all.deb
to pool/main/t/tdiary/tdiary-mode_2.1.4-6_all.deb
tdiary-plugin_2.1.4-6_all.deb
to pool/main/t/tdiary/tdiary-plugin_2.1.4-6_all.deb
tdiary-theme_2.1.4-6_all.deb
to pool/main/t/tdiary/tdiary-theme_2.1.4-6_all.deb
tdiary_2.1.4-6.diff.gz
to pool/main/t/tdiary/tdiary_2.1.4-6.diff.gz
tdiary_2.1.4-6.dsc
to pool/main/t/tdiary/tdiary_2.1.4-6.dsc
tdiary_2.1.4-6_all.deb
to pool/main/t/tdiary/tdiary_2.1.4-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daigo Moriwaki <[EMAIL PROTECTED]> (supplier of updated tdiary package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 16 Dec 2006 23:30:44 +0900
Source: tdiary
Binary: tdiary-plugin tdiary tdiary-mode tdiary-contrib tdiary-theme
Architecture: source all
Version: 2.1.4-6
Distribution: experimental
Urgency: high
Maintainer: Daigo Moriwaki <[EMAIL PROTECTED]>
Changed-By: Daigo Moriwaki <[EMAIL PROTECTED]>
Description:
tdiary - a communication-friendly weblog system
tdiary-contrib - Plugins of tDiary to add functionalities
tdiary-mode - tDiary editing mode for Emacsen
tdiary-plugin - Plugins of tDiary to add functionalities
tdiary-theme - Themes of tDiary to change the design
Closes: 403345
Changes:
tdiary (2.1.4-6) experimental; urgency=high
.
* An Vulnerability reported by the upstream has been fixed using a patch
from them. (Closes: #403345)
Files:
640b41d758f6232ef83d6a7ab9f79cb8 637 web optional tdiary_2.1.4-6.dsc
1fe66c8d6534f718bd2bb011aa415d51 28742 web optional tdiary_2.1.4-6.diff.gz
12cdde7c0b67d553cd4b88a4e9552be9 195768 web optional tdiary_2.1.4-6_all.deb
afaf271157a8b40df6e80df25818b39b 3289896 web optional
tdiary-theme_2.1.4-6_all.deb
b3e4d37a23a671ac9642d93ccf5dc318 235404 web optional
tdiary-plugin_2.1.4-6_all.deb
0065ae84f2e1d64c77fd8366b831740e 32604 web optional tdiary-mode_2.1.4-6_all.deb
301fabf44f7d5db2240e8ade2b3943fe 162420 web optional
tdiary-contrib_2.1.4-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFhAWnNcPj+ukc0lARAlMQAJ9j2F2g+i9KfjR4WsfiJwsoOVwVoQCfW1E1
jpd5VRS4JW4jUf67XEnPPDY=
=mPUZ
-----END PGP SIGNATURE-----
--- End Message ---
