Bug#551938: w3c-libwww: CVE-2009-2625

2009-10-24 Thread Richard Atterer
tags 551938 wontfix patch severity 551938 normal thanks On Fri, Oct 23, 2009 at 06:48:21PM +0200, Moritz Muehlenhoff wrote: > > Well, I've already prepared new versions of the packages, although they > > are completely untested ATM, except that I had a look at them with > > debdiff/interdiff:

Processed: Re: Bug#551938: w3c-libwww: CVE-2009-2625

2009-10-24 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tags 551938 wontfix patch Bug #551938 [w3c-libwww] w3c-libwww: CVE-2009-2625 Added tag(s) patch and wontfix. > severity 551938 normal Bug #551938 [w3c-libwww] w3c-libwww: CVE-2009-2625 Severity set to 'normal' from 'serious' > thanks Stopping pro

Bug#551938: w3c-libwww: CVE-2009-2625

2009-10-23 Thread Moritz Muehlenhoff
Richard Atterer wrote: > > Since CVE-2009-2625 doesn't allow code injection, but only DoS and given > > that libwww in oldstable is only used by wmweather, I think we can ignore > > it, unless Nico wants to work on an update? > > Well, I've already prepared new versions of the packages, althou

Bug#551938: w3c-libwww: CVE-2009-2625

2009-10-22 Thread Michael Gilbert
On Fri, 23 Oct 2009 00:37:29 +0200 Richard Atterer wrote: > On Thu, Oct 22, 2009 at 11:34:32PM +0200, Moritz Muehlenhoff wrote: > > But please proceed with the removal from unstable by filing a removal bug > > against ftp.debian.org. Amaya has been removed and the other users have > > been fixed

Bug#551938: w3c-libwww: CVE-2009-2625

2009-10-22 Thread Richard Atterer
On Thu, Oct 22, 2009 at 11:34:32PM +0200, Moritz Muehlenhoff wrote: > But please proceed with the removal from unstable by filing a removal bug > against ftp.debian.org. Amaya has been removed and the other users have > been fixed. I've filed for removal: #552033 > Since CVE-2009-2625 doesn't a

Bug#551938: w3c-libwww: CVE-2009-2625

2009-10-22 Thread Moritz Muehlenhoff
On Thu, Oct 22, 2009 at 11:28:46AM +0200, Richard Atterer wrote: > Hello Mike, > > thanks for noticing that w3c-libwww ships a vulnerable local copy of expat! > > On Wed, Oct 21, 2009 at 06:40:08PM -0400, Michael Gilbert wrote: > > hello, a security issue has been disclosed for expat. see [0], [

Bug#551938: w3c-libwww: CVE-2009-2625

2009-10-22 Thread Nico Golde
Hi, * Richard Atterer [2009-10-22 15:34]: > On Wed, Oct 21, 2009 at 06:40:08PM -0400, Michael Gilbert wrote: > > hello, a security issue has been disclosed for expat. see [0], [1]. > > w3c-libwww embeds expat, so it is also affected. this affects all > > supported debian releases, so please coor

Bug#551938: w3c-libwww: CVE-2009-2625

2009-10-22 Thread Richard Atterer
Hello Mike, thanks for noticing that w3c-libwww ships a vulnerable local copy of expat! On Wed, Oct 21, 2009 at 06:40:08PM -0400, Michael Gilbert wrote: > hello, a security issue has been disclosed for expat. see [0], [1]. > w3c-libwww embeds expat, so it is also affected. this affects all > su

Bug#551938: w3c-libwww: CVE-2009-2625

2009-10-21 Thread Michael Gilbert
package: w3c-libwww version: 5.4.0-11 severity: serious tags: security hello, a security issue has been disclosed for expat. see [0], [1]. w3c-libwww embeds expat, so it is also affected. this affects all supported debian releases, so please coordinate with the security team to prepare DSAs. mi