Package: ampache
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ampache.
CVE-2008-4796[0]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
| and earlier allows remote
Hi Charlie
Thanks for the bug report.
I have addressed this issue in ampache-3.4.3-1 which is currently on
m.d.n [1] awaiting sponsoring.
With Lenny so close to release I am contacting my usual sponsor for
guidance on which would be the best solution for this bug:
a. use supplied patch,
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796
http://security-tracker.debian.net/tracker/CVE-2008-4796
[1] http://klecker.debian.org/~white/libphp-snoopy/CVE-2008-4796.patch
Steffen,
Thanks for the bug report.
I
This version won't help. First of all, I strongly doubt that the release team
would accept such intrusive changes for lenny. Second, the file should just
be removed and a dependency added against libphp-snoopy. Of course you will
have to check that it still works correctly. Keep in mind
Steffen,
I have placed ampache-3.4.1-2 up on m.d.n. for your review and upload.
http://mentors.debian.net/debian/pool/main/a/ampache
With this upload I have made the package dependent on
- libphp-snoopy - to correct bug #504169
- libjs-prototype - this is also a duplicate copy of code,
5 matches
Mail list logo
