Your message dated Sat, 27 Oct 2007 17:47:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#447753: fixed in mnogosearch 3.3.4-4.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mnogosearch
Severity: important
Tags: security
Hi Thorsten,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mnogosearch.
CVE-2007-5588[0]:
| Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43
| allows remote attackers to inject arbitrary web script or HTML via the
| t parameter in search.cgi, as reachable from search.htm-dist.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
I am not entirely sure if the version in unstable is
not affected, please contact upstream about that. At least
the version in stable and testing is.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5588
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpKM0jwMRTDq.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: mnogosearch
Source-Version: 3.3.4-4.1
We believe that the bug you reported is fixed in the latest version of
mnogosearch, which is due to be installed in the Debian FTP archive:
mnogosearch-common_3.3.4-4.1_all.deb
to pool/main/m/mnogosearch/mnogosearch-common_3.3.4-4.1_all.deb
mnogosearch-dev_3.3.4-4.1_all.deb
to pool/main/m/mnogosearch/mnogosearch-dev_3.3.4-4.1_all.deb
mnogosearch-doc_3.3.4-4.1_all.deb
to pool/main/m/mnogosearch/mnogosearch-doc_3.3.4-4.1_all.deb
mnogosearch-mysql_3.3.4-4.1_i386.deb
to pool/main/m/mnogosearch/mnogosearch-mysql_3.3.4-4.1_i386.deb
mnogosearch-pgsql_3.3.4-4.1_i386.deb
to pool/main/m/mnogosearch/mnogosearch-pgsql_3.3.4-4.1_i386.deb
mnogosearch-sqlite_3.3.4-4.1_i386.deb
to pool/main/m/mnogosearch/mnogosearch-sqlite_3.3.4-4.1_i386.deb
mnogosearch_3.3.4-4.1.diff.gz
to pool/main/m/mnogosearch/mnogosearch_3.3.4-4.1.diff.gz
mnogosearch_3.3.4-4.1.dsc
to pool/main/m/mnogosearch/mnogosearch_3.3.4-4.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated mnogosearch package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 27 Oct 2007 14:50:29 +0200
Source: mnogosearch
Binary: mnogosearch-common mnogosearch-doc mnogosearch-pgsql mnogosearch-sqlite
mnogosearch-mysql mnogosearch-dev
Architecture: source i386 all
Version: 3.3.4-4.1
Distribution: unstable
Urgency: high
Maintainer: Philipp Hug <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
mnogosearch-common - full-featured web search engine (common files)
mnogosearch-dev - development libraries and header files for mnogosearch
mnogosearch-doc - documentation for mnogosearch
mnogosearch-mysql - full-featured web search engine (MySQL)
mnogosearch-pgsql - full-featured web search engine (PostgreSQL)
mnogosearch-sqlite - full-featured web search engine (SQLite)
Closes: 447753
Changes:
mnogosearch (3.3.4-4.1) unstable; urgency=high
.
* Non-maintainer upload by testing security team.
* Fix cross-site scripting (CVE-2007-5588) (Closes: #447753).
Files:
b12c025348aa8b4ae19ecf93e22eaeda 995 web optional mnogosearch_3.3.4-4.1.dsc
9b933cfafa004f5434b8cfbf873f860e 43686 web optional
mnogosearch_3.3.4-4.1.diff.gz
3e042f0d84cbfaff74def912efbf3161 1783836 web optional
mnogosearch-common_3.3.4-4.1_all.deb
7d2bd2ae691175f150871ce594282ede 196646 doc optional
mnogosearch-doc_3.3.4-4.1_all.deb
0a99843899a4bb22733c79b2810fa6cb 48248 web optional
mnogosearch-dev_3.3.4-4.1_all.deb
2857caee7a716deac11044a9da614b36 1442078 web optional
mnogosearch-pgsql_3.3.4-4.1_i386.deb
fa77570335024e89dd4c317014b3dbe7 1442426 web optional
mnogosearch-mysql_3.3.4-4.1_i386.deb
7c9f4c87f37fcbb07c43b6767ae5842d 1440248 web optional
mnogosearch-sqlite_3.3.4-4.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHI3aiHYflSXNkfP8RAsmJAJ46WYn3H6+94qRkQ5QayCwBQqqx4wCcCd4C
A3BXON2wMe5dUXtZVcswJ5I=
=LPIS
-----END PGP SIGNATURE-----
--- End Message ---
