Your message dated Wed, 22 Apr 2009 22:47:17 +0000
with message-id <[email protected]>
and subject line Bug#227251: fixed in planner 0.14.4-1
has caused the Debian Bug report #227251,
regarding planner: Single quotes not escaped writing to database
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
227251: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=227251
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: planner
Version: 0.11-4
Severity: normal
When planner writes the tasks to the database, a task name with a ' in
it will not be written. The SQL string that planner is building to
INSERT the data is not properly escaping strings contining ' or \.
Of course in this case it is not a security issue (i.e. SQL injection)
because anyone using planner to write to that database could use psql
and inject whatever directly.
Thanks,
Andrew McMillan.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux kant.mcmillan.net.nz 2.6.1-rc2-kant #1 Thu Jan 8 08:00:22 NZDT
2004 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages planner depends on:
ii libart-2.0-2 2.3.16-1 Library of functions for 2D graphi
ii libatk1.0-0 1.4.1-1 The ATK accessibility toolkit
ii libaudiofile0 0.2.3-4 The Audiofile Library
ii libbonobo2-0 2.4.2.0-1 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.4.2-1 The Bonobo UI library
ii libbz2-1.0 1.0.2-1 A high-quality block-sorting file
ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an
ii libesd-alsa0 [libesd0] 0.2.29-1 Enlightened Sound Daemon (ALSA) -
ii libfontconfig1 2.2.1-13 generic font configuration library
ii libfreetype6 2.1.7-1.1 FreeType 2 font engine, shared lib
ii libgconf2-4 2.4.0.1-3 GNOME configuration database syste
ii libgcrypt1 1.1.12-4 LGPL Crypto library - runtime libr
ii libglade2-0 2.0.1-6 Library to load .glade files at ru
ii libglib2.0-0 2.2.3-1 The GLib library of C routines
ii libgnome2-0 2.4.0-4 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.4.0-1 A powerful object-oriented display
ii libgnomeprint2.2-0 2.4.2-2 The GNOME 2.2 print architecture -
ii libgnomeprintui2.2-0 2.4.2-1 The GNOME 2.2 print architecture U
ii libgnomeui-0 2.4.0.1-6 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 2.4.1-4.1 The GNOME virtual file-system libr
ii libgnomevfs2-common 2.4.1-4.1 The GNOME virtual file-system libr
ii libgnutls7 0.8.12-3.1 GNU TLS library - runtime library
ii libgsf-1 1.8.2-5 Structured File Library - runtime
ii libgtk2.0-0 2.2.4-3 The GTK+ graphical user interface
ii libjpeg62 6b-9 The Independent JPEG Group's JPEG
ii liborbit2 1:2.8.3-2 libraries for ORBit2 - a CORBA ORB
ii libpango1.0-0 1.2.5-2.1 Layout and rendering of internatio
ii libpopt0 1.7-4 lib for parsing cmdline parameters
ii libpq3 7.4.1-1 Shared library libpq.so.3 for Post
ii libtasn1-0 0.1.2-1 Manage ASN.1 structures (runtime)
ii libxml2 2.6.3-1 GNOME XML library
ii libxslt1.1 1.1.2-1 XSLT processing library - runtime
ii scrollkeeper 0.3.14-2 A free electronic cataloging syste
ii xlibs 4.3.0-0pre1v4 X Window System client libraries
ii zlib1g 1:1.2.1-3 compression library - runtime
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: planner
Source-Version: 0.14.4-1
We believe that the bug you reported is fixed in the latest version of
planner, which is due to be installed in the Debian FTP archive:
planner-dev_0.14.4-1_i386.deb
to pool/main/p/planner/planner-dev_0.14.4-1_i386.deb
planner_0.14.4-1.diff.gz
to pool/main/p/planner/planner_0.14.4-1.diff.gz
planner_0.14.4-1.dsc
to pool/main/p/planner/planner_0.14.4-1.dsc
planner_0.14.4-1_i386.deb
to pool/main/p/planner/planner_0.14.4-1_i386.deb
planner_0.14.4.orig.tar.gz
to pool/main/p/planner/planner_0.14.4.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Oswald <[email protected]> (supplier of updated planner package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 22 Apr 2009 23:05:52 +0200
Source: planner
Binary: planner planner-dev
Architecture: source i386
Version: 0.14.4-1
Distribution: unstable
Urgency: low
Maintainer: Xavier Oswald <[email protected]>
Changed-By: Xavier Oswald <[email protected]>
Description:
planner - project management application
planner-dev - Planner development library
Closes: 227251 516747
Changes:
planner (0.14.4-1) unstable; urgency=low
.
* New upstream release
* New maintainer is me
* Update debian/compat to 7
* debian/control:
- Remove DM flag
+ Update debhelper to 7
+ Update Standards-Version to 3.8.1
* Update debian/copyright
* Fix lintian warnings:
W: planner: command-with-path-in-maintainer-script postrm:38
/usr/bin/update-mime-database
W: planner: command-with-path-in-maintainer-script postinst:33
/usr/bin/update-mime-database
W: planner: desktop-mimetype-without-update-call
/usr/share/applications/planner.desktop
* Fix FTBFS in unstable(Closes: #516747) fixed upstream
* Fix Single quotes problems with databases (Closes: #227251) fixed upstream
Checksums-Sha1:
059c2cda0411099855c03f603d5a38dc00de55f3 1552 planner_0.14.4-1.dsc
827bf6670b5b53ae4cf1e0e958beb3a24041d123 4443689 planner_0.14.4.orig.tar.gz
ecf4d72074f74bdb5e46726d8a62bb22a803e27e 9172 planner_0.14.4-1.diff.gz
45c5270828ef0d9cad0b1761496fe29f879a00b7 3758462 planner_0.14.4-1_i386.deb
d83db756646e66fcc750f70e325cc1a739308239 55304 planner-dev_0.14.4-1_i386.deb
Checksums-Sha256:
1f3e305cd8e58adeac2ffc7e496215bcd527edd32725117978fa4b96553ce8b6 1552
planner_0.14.4-1.dsc
ac427140d42725d6bf622ec6fa39c594e6505573a1af7554980484fe32c8c46a 4443689
planner_0.14.4.orig.tar.gz
9613da4e3e18162da9839b1cff82df81e9c089c2791f70b8310f0578731c65cd 9172
planner_0.14.4-1.diff.gz
cc002984f42f044fa747263952c86b5fc7af931af9bf2ecd3df92bee348381b9 3758462
planner_0.14.4-1_i386.deb
4ef830780e1dd94a6695d1e4f31e8ca651502f1048f3570a5685299f342d8e68 55304
planner-dev_0.14.4-1_i386.deb
Files:
afd6c4ee0342bbcf235321f4791c2963 1552 gnome optional planner_0.14.4-1.dsc
65f89cc853fcad9c81a0718be74d1f3a 4443689 gnome optional
planner_0.14.4.orig.tar.gz
91f4ac334f8742c02111e09aaf0f6228 9172 gnome optional planner_0.14.4-1.diff.gz
ce1b12ec954539a4f7ff2bdde4a77486 3758462 gnome optional
planner_0.14.4-1_i386.deb
9f20a089397ea60b4101e154cac70777 55304 libdevel optional
planner-dev_0.14.4-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknvm50ACgkQpDDGqoi7tR6wfQCeOkGMSXu7aDdhHk4MzRfmSAPs
+sYAniJOKr3NnJf4szbTB+lPwl3/TVaA
=L0CD
-----END PGP SIGNATURE-----
--- End Message ---
