Your message dated Sat, 03 Feb 2007 16:02:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#408568: fixed in gosa 2.5.6-2.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gosa
Version: 2.5.6-2
Severity: grave
Tags: security
Justification: user security hole
I'm filing this bug to track that gosa in Etch is still vulnerable
to the vulnerability fixed in 2.5.8:
| - Security fix, that removes the possibility to change several settings
| for non priviledged users.
|
| I encourage everyone who is using 2.5.x releases to upgrade to 2.5.8. As
| reported by Torben Mühlbach it is possible to alter some values when tricking
| around with POST values directly. It is even possible to expose the
| administrator rights: we were able to change an admin password without the
| required privileges - which should be considered critical.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: gosa
Source-Version: 2.5.6-2.1
We believe that the bug you reported is fixed in the latest version of
gosa, which is due to be installed in the Debian FTP archive:
gosa-help-de_2.5.6-2.1_all.deb
to pool/main/g/gosa/gosa-help-de_2.5.6-2.1_all.deb
gosa-help-fr_2.5.6-2.1_all.deb
to pool/main/g/gosa/gosa-help-fr_2.5.6-2.1_all.deb
gosa-help-nl_2.5.6-2.1_all.deb
to pool/main/g/gosa/gosa-help-nl_2.5.6-2.1_all.deb
gosa-schema_2.5.6-2.1_all.deb
to pool/main/g/gosa/gosa-schema_2.5.6-2.1_all.deb
gosa_2.5.6-2.1.dsc
to pool/main/g/gosa/gosa_2.5.6-2.1.dsc
gosa_2.5.6-2.1.tar.gz
to pool/main/g/gosa/gosa_2.5.6-2.1.tar.gz
gosa_2.5.6-2.1_all.deb
to pool/main/g/gosa/gosa_2.5.6-2.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <[EMAIL PROTECTED]> (supplier of updated gosa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 3 Feb 2007 16:15:10 +0000
Source: gosa
Binary: gosa-help-de gosa-schema gosa-help-fr gosa gosa-help-nl
Architecture: source all
Version: 2.5.6-2.1
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Cajus Pollmeier <[EMAIL PROTECTED]>
Changed-By: Luk Claes <[EMAIL PROTECTED]>
Description:
gosa - Web Based LDAP Administration Program
gosa-help-de - German online help for GOsa
gosa-help-fr - French online help for GOsa
gosa-help-nl - Dutch online help for GOsa
gosa-schema - LDAP schema for GOsa
Closes: 408568
Changes:
gosa (2.5.6-2.1) testing-proposed-updates; urgency=high
.
* Non-maintainer upload to fix security issue.
* Applied security patch supplied by maintainer (Closes: #408568).
Files:
d5d0a2bc7345886c21a5a9fb86f1ece0 556 web optional gosa_2.5.6-2.1.dsc
a71e10d02e4534457768804a199f7657 4201352 web optional gosa_2.5.6-2.1.tar.gz
6d63e3ef72f9d6ff24d84736bef1c48d 2722270 web optional gosa_2.5.6-2.1_all.deb
380a97397629c7b0bd81e6132ae0a3db 12806 web optional
gosa-schema_2.5.6-2.1_all.deb
9705ac2072c1d9b978cdc4a30e616310 162858 web optional
gosa-help-de_2.5.6-2.1_all.deb
b1b290ae9b67998e0e69a083a85b3293 119842 web optional
gosa-help-fr_2.5.6-2.1_all.deb
54daec94e71acf4d8f7354c0c0b41ceb 63348 web optional
gosa-help-nl_2.5.6-2.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFxKp65UTeB5t8Mo0RAhTeAKCAw7CQSHL+xAjLSki/CcklOhTFFACcClJI
PPDXxFNzWQWXNPYTv7x48+U=
=65yW
-----END PGP SIGNATURE-----
--- End Message ---
