Your message dated Sat, 20 Jan 2007 10:47:03 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Fwd: Accepted tdiary 2.0.2+20060303-5 (source all)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: tdiary
Version: 2.1.4-5
Severity: critical
Tags: security
Justification: root security hole
Vulnerability has been reported in tDiary, which can be exploited by
malicious people to run arbitary commands on web server.
Input passed to unspecified parameters is not properly sanitised before
being returned to the user. This can be exploited to execute arbitrary
code in a web server hosting the tDiary CGI.
The vulnerability is reported in versions blow:
- prior to 2.0.3 (Debian stable, testing and unstable)
- prior to tDiary 2.1.4.20061127 (Debian experimental)
An announcement from the upstream site is
http://www.tdiary.org/20061210.html. (written in Japanese only)
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable'), (90, 'unstable'), (1,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP)
Versions of packages tdiary depends on:
ii libdpkg-ruby1.8 0.3.2 modules/classes for dpkg on ruby 1
ii libuconv-ruby1.8 0.4.12-2 Unicode/EUC-JP translation module
ii rdtool 0.6.20-1 RD document formatter
ii ruby 1.8.2-1 An interpreter of object-oriented
Versions of packages tdiary recommends:
ii tdiary-mode 2.0.3-1 tDiary editing mode for Emacsen
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 2.0.2+20060303-5
This upload fixes #403345 in unstable
---------- Forwarded Message ----------
Subject: Accepted tdiary 2.0.2+20060303-5 (source all)
Date: Wednesday 17 January 2007 14:02
From: Daigo Moriwaki <[EMAIL PROTECTED]>
To: debian-devel-changes@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 13 Jan 2007 16:19:01 +0900
Source: tdiary
Binary: tdiary-plugin tdiary tdiary-mode tdiary-contrib tdiary-theme
Architecture: source all
Version: 2.0.2+20060303-5
Distribution: unstable
Urgency: high
Maintainer: Daigo Moriwaki <[EMAIL PROTECTED]>
Changed-By: Daigo Moriwaki <[EMAIL PROTECTED]>
Description:
tdiary - a communication-friendly weblog system
tdiary-contrib - Plugins of tDiary to add functionalities
tdiary-mode - tDiary editing mode for Emacsen
tdiary-plugin - Plugins of tDiary to add functionalities
tdiary-theme - Themes of tDiary to change the design
Closes: 404940
Changes:
tdiary (2.0.2+20060303-5) unstable; urgency=high
.
* SA23465: tdiary: Unspecified Ruby Code Execution Vulnerability
A patch from Stefan Fritsch, which makes the previous backport
perfect. (Closes: #404940)
Files:
c6de824c27f6ccc2e816097daad8c51c 676 web optional
tdiary_2.0.2+20060303-5.dsc dff409cf78bfd1c4434cc3305f5a9aae 25916
web optional tdiary_2.0.2+20060303-5.diff.gz
f6ac23d2c8e55af50ff24b0acbad4df5 162462 web optional
tdiary_2.0.2+20060303-5_all.deb a9aa13fbbb546bc8a7f79ddf0a14872c
1919660 web optional tdiary-theme_2.0.2+20060303-5_all.deb
ea3dd3f08e783ef5f7f526b6249aa552 171512 web optional
tdiary-plugin_2.0.2+20060303-5_all.deb
10d679dd845a6b15863fc46b1243effe 30276 web optional
tdiary-mode_2.0.2+20060303-5_all.deb
b95b112d55fb75982fa1029c5e5026f4 158784 web optional
tdiary-contrib_2.0.2+20060303-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFqIihNcPj+ukc0lARAsK1AJ0f25KiAg/J9FXloDcC1cU0KsbB0QCcCNZr
3VQFBi0EN8ttz1YIz3brROA=
=gr54
-----END PGP SIGNATURE-----
Accepted:
tdiary-contrib_2.0.2+20060303-5_all.deb
to pool/main/t/tdiary/tdiary-contrib_2.0.2+20060303-5_all.deb
tdiary-mode_2.0.2+20060303-5_all.deb
to pool/main/t/tdiary/tdiary-mode_2.0.2+20060303-5_all.deb
tdiary-plugin_2.0.2+20060303-5_all.deb
to pool/main/t/tdiary/tdiary-plugin_2.0.2+20060303-5_all.deb
tdiary-theme_2.0.2+20060303-5_all.deb
to pool/main/t/tdiary/tdiary-theme_2.0.2+20060303-5_all.deb
tdiary_2.0.2+20060303-5.diff.gz
to pool/main/t/tdiary/tdiary_2.0.2+20060303-5.diff.gz
tdiary_2.0.2+20060303-5.dsc
to pool/main/t/tdiary/tdiary_2.0.2+20060303-5.dsc
tdiary_2.0.2+20060303-5_all.deb
to pool/main/t/tdiary/tdiary_2.0.2+20060303-5_all.deb
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED] with a subject of
"unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 13 Jan 2007 16:19:01 +0900
Source: tdiary
Binary: tdiary-plugin tdiary tdiary-mode tdiary-contrib tdiary-theme
Architecture: source all
Version: 2.0.2+20060303-5
Distribution: unstable
Urgency: high
Maintainer: Daigo Moriwaki <[EMAIL PROTECTED]>
Changed-By: Daigo Moriwaki <[EMAIL PROTECTED]>
Description:
tdiary - a communication-friendly weblog system
tdiary-contrib - Plugins of tDiary to add functionalities
tdiary-mode - tDiary editing mode for Emacsen
tdiary-plugin - Plugins of tDiary to add functionalities
tdiary-theme - Themes of tDiary to change the design
Closes: 404940
Changes:
tdiary (2.0.2+20060303-5) unstable; urgency=high
.
* SA23465: tdiary: Unspecified Ruby Code Execution Vulnerability
A patch from Stefan Fritsch, which makes the previous backport
perfect. (Closes: #404940)
Files:
c6de824c27f6ccc2e816097daad8c51c 676 web optional tdiary_2.0.2+20060303-5.dsc
dff409cf78bfd1c4434cc3305f5a9aae 25916 web optional
tdiary_2.0.2+20060303-5.diff.gz
f6ac23d2c8e55af50ff24b0acbad4df5 162462 web optional
tdiary_2.0.2+20060303-5_all.deb
a9aa13fbbb546bc8a7f79ddf0a14872c 1919660 web optional
tdiary-theme_2.0.2+20060303-5_all.deb
ea3dd3f08e783ef5f7f526b6249aa552 171512 web optional
tdiary-plugin_2.0.2+20060303-5_all.deb
10d679dd845a6b15863fc46b1243effe 30276 web optional
tdiary-mode_2.0.2+20060303-5_all.deb
b95b112d55fb75982fa1029c5e5026f4 158784 web optional
tdiary-contrib_2.0.2+20060303-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFqIihNcPj+ukc0lARAsK1AJ0f25KiAg/J9FXloDcC1cU0KsbB0QCcCNZr
3VQFBi0EN8ttz1YIz3brROA=
=gr54
-----END PGP SIGNATURE-----
Accepted:
tdiary-contrib_2.0.2+20060303-5_all.deb
to pool/main/t/tdiary/tdiary-contrib_2.0.2+20060303-5_all.deb
tdiary-mode_2.0.2+20060303-5_all.deb
to pool/main/t/tdiary/tdiary-mode_2.0.2+20060303-5_all.deb
tdiary-plugin_2.0.2+20060303-5_all.deb
to pool/main/t/tdiary/tdiary-plugin_2.0.2+20060303-5_all.deb
tdiary-theme_2.0.2+20060303-5_all.deb
to pool/main/t/tdiary/tdiary-theme_2.0.2+20060303-5_all.deb
tdiary_2.0.2+20060303-5.diff.gz
to pool/main/t/tdiary/tdiary_2.0.2+20060303-5.diff.gz
tdiary_2.0.2+20060303-5.dsc
to pool/main/t/tdiary/tdiary_2.0.2+20060303-5.dsc
tdiary_2.0.2+20060303-5_all.deb
to pool/main/t/tdiary/tdiary_2.0.2+20060303-5_all.deb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--- End Message ---
