Your message dated Wed, 09 May 2007 00:32:02 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#410568: fixed in b2evolution 0.9.2-4 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: b2evolution Severity: normal Tags: security patch b2evolution 1.8.7 fixes a XSS vulnerability that seems to be present in 0.9.2-3. See [1] for details. Solution: in the file .../htsrv/login.php replace the $redirect_to in $error .= ' <a href="'.$redirect_to.'">'.T_('Continue...').'</a>'; by htmlspecialchars($redirect_to) [1] http://secunia.com/advisories/23656
--- End Message ---
--- Begin Message ---Source: b2evolution Source-Version: 0.9.2-4 We believe that the bug you reported is fixed in the latest version of b2evolution, which is due to be installed in the Debian FTP archive: b2evolution_0.9.2-4.diff.gz to pool/main/b/b2evolution/b2evolution_0.9.2-4.diff.gz b2evolution_0.9.2-4.dsc to pool/main/b/b2evolution/b2evolution_0.9.2-4.dsc b2evolution_0.9.2-4_all.deb to pool/main/b/b2evolution/b2evolution_0.9.2-4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Luthi <[EMAIL PROTECTED]> (supplier of updated b2evolution package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 30 Mar 2007 14:48:35 +0200 Source: b2evolution Binary: b2evolution Architecture: source all Version: 0.9.2-4 Distribution: unstable Urgency: high Maintainer: Xavier Luthi <[EMAIL PROTECTED]> Changed-By: Xavier Luthi <[EMAIL PROTECTED]> Description: b2evolution - a multilingual, multiuser, multi-blog engine Closes: 410568 416648 Changes: b2evolution (0.9.2-4) unstable; urgency=high . * Patch blogs/htsrv/login.php to fix a Cross-Site Scripting vulnerability reported in CVE-2007-0175 (Closes: #410568) * Modify the debian/postrm script to use a conditional call to debconf (Closes: #416648) * debian/control: po-debconf added in Build-Depends (as suggested by a lintian error) Files: 7db4f6bc5e7634f3598cec08383b0829 590 web optional b2evolution_0.9.2-4.dsc 096cc95c9019cce3f6ab60e2d92e2d22 14375 web optional b2evolution_0.9.2-4.diff.gz 66c9a41c19bcfdda9e233655fd20102f 2777108 web optional b2evolution_0.9.2-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGQRQRyJBzD6P54w4RAqcwAJ41osxUNLLJpR2TjwaLIZ/DOeNw+QCfRqoF mFGnMUGn6lFjIWkmWPjwuI4= =g0TT -----END PGP SIGNATURE-----
--- End Message ---
