Your message dated Sun, 30 Oct 2005 23:23:43 +0100
with message-id <[EMAIL PROTECTED]>
and subject line This is CVE-2005-0085
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 23 Apr 2005 13:34:30 +0000
>From [EMAIL PROTECTED] Sat Apr 23 06:34:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mrelay3.uni-hannover.de [130.75.2.41] (root)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DPKmC-00023F-00; Sat, 23 Apr 2005 06:34:29 -0700
Received: from mail.itp.uni-hannover.de (mail.itp.uni-hannover.de
[130.75.25.242])
by mrelay3.uni-hannover.de (8.12.10/8.12.10) with ESMTP id
j3NDYM9e000438
for <[EMAIL PROTECTED]>; Sat, 23 Apr 2005 15:34:22 +0200 (MEST)
Received: from pleione.itp.uni-hannover.de (pleione.itp.uni-hannover.de
[130.75.25.99])
by mail.itp.uni-hannover.de (Postfix) with ESMTP
id 283EF1B604; Sat, 23 Apr 2005 15:34:18 +0200 (CEST)
Received: by pleione.itp.uni-hannover.de (Postfix, from userid 237)
id EA7125F48; Sat, 23 Apr 2005 15:34:17 +0200 (CEST)
From: Helge Kreutzmann <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: htdig: Unescaped output in htsearch and qtest causes security problems.
X-Mailer: reportbug 1.50
Date: Sat, 23 Apr 2005 15:34:17 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.2.2
(mrelay3.uni-hannover.de [130.75.2.41]); Sat, 23 Apr 2005 15:34:22 +0200 (MEST)
X-Scanned-By: MIMEDefang 2.42
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: htdig
Version: N/A; reported 2005-04-23
Severity: important
Tags: security, woody, sarge
Please see the Fedora-alert:
http://lwn.net/Alerts/132723/
Unfortunately, the information given is quite scarce, so I don't know
if this is already fixed in previous (stable) uploads. Please close if
reported in error or change the tags if it only applies to testing.
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US
---------------------------------------
Received: (at 305996-done) by bugs.debian.org; 30 Oct 2005 22:23:48 +0000
>From [EMAIL PROTECTED] Sun Oct 30 14:23:48 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.enyo.de [212.9.189.167]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EWLae-00022W-00; Sun, 30 Oct 2005 14:23:48 -0800
Received: from deneb.vpn.enyo.de ([212.9.189.177] helo=deneb.enyo.de)
by albireo.enyo.de with esmtp id 1EWLae-00035O-6z
for [EMAIL PROTECTED]; Sun, 30 Oct 2005 23:23:48 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.54)
id 1EWLaZ-00066W-4e
for [EMAIL PROTECTED]; Sun, 30 Oct 2005 23:23:43 +0100
From: Florian Weimer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: This is CVE-2005-0085
Date: Sun, 30 Oct 2005 23:23:43 +0100
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
According to <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144127>
(referenced from the LWN alert), this is CVE-2005-0085, which has
already been fixed in DSA-680-1 (and htdig 1:3.1.6-11 for sid).
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
