Your message dated Sat, 03 Feb 2007 19:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#408839: fixed in bbclone 0.4.6-8
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: bbclone
Version: 0.4.6-7
Severity: important
Tags: security
Hi, a vulnerability has been identified in BBClone, which could be exploited
by attackers to execute arbitrary commands. This issue is due to an
input validation error in the "lib/selectlang.php" script that does not
validate the "BBC_LIB_PATH" parameter, which could be exploited by
remote attackers to include malicious PHP scripts and execute arbitrary
commands with the privileges of the web server.
Affected:
BBClone version 0.4.9 and prior.
Reference:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0508
http://www.frsirt.com/english/advisories/2007/0318
http://secunia.com/advisories/23874
Note:
Please mention the CVE id in the changelog.
regards,
--
.''`.
: :' : Alex de Oliveira Silva | enerv
`. `' www.enerv.net
`-
--- End Message ---
--- Begin Message ---
Source: bbclone
Source-Version: 0.4.6-8
We believe that the bug you reported is fixed in the latest version of
bbclone, which is due to be installed in the Debian FTP archive:
bbclone_0.4.6-8.diff.gz
to pool/main/b/bbclone/bbclone_0.4.6-8.diff.gz
bbclone_0.4.6-8.dsc
to pool/main/b/bbclone/bbclone_0.4.6-8.dsc
bbclone_0.4.6-8_all.deb
to pool/main/b/bbclone/bbclone_0.4.6-8_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tiago Bortoletto Vaz <[EMAIL PROTECTED]> (supplier of updated bbclone package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 2 Feb 2007 20:02:59 -0300
Source: bbclone
Binary: bbclone
Architecture: source all
Version: 0.4.6-8
Distribution: unstable
Urgency: high
Maintainer: Tiago Bortoletto Vaz <[EMAIL PROTECTED]>
Changed-By: Tiago Bortoletto Vaz <[EMAIL PROTECTED]>
Description:
bbclone - A PHP based Web Counter on Steroids
Closes: 408839
Changes:
bbclone (0.4.6-8) unstable; urgency=high
.
* Fix vulnerability on missining input check for "BBC_LIB_PATH" parameter.
Thanks to Alex de Oliveira Silva for reporting.
- Add 02_CVE-2007-0508.dpatch
- Security reference: CVE-2007-0508
- Closes: #408839
Files:
0022a301613158f7c888d1cff7beb901 586 web optional bbclone_0.4.6-8.dsc
371e341afb21cf1ab5eb1bb27cc9db90 9953 web optional bbclone_0.4.6-8.diff.gz
4bf1aa47e64d11ebdc01f5f69be4bf19 461808 web optional bbclone_0.4.6-8_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFxN1LLqiZQEml+FURArZEAJ0Ui4A6kCdUTg2bYYga7grGCI+ABQCfZWQ1
t7OpBVGsktQNUdfaAErcqRc=
=CfOT
-----END PGP SIGNATURE-----
--- End Message ---
