Your message dated Wed, 31 Dec 2008 17:47:07 +0000
with message-id <e1li59v-0005bb...@ries.debian.org>
and subject line Bug#508026: fixed in phppgadmin 4.2.2-1
has caused the Debian Bug report #508026,
regarding register_globals on is not supported
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
508026: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: phppgadmin
Version: 4.0.1-3.1
Severity: grave
Tags: security
Hi,
A vulnerability that allows an attacker to perform a local files inclusion
attack in phpPgAdmin has been exposed at [1].
Note that the vulnerability can only be exploited when register_globals=on
(which is the default in /etc/phppgadmin/apache.conf).
If you fix the vulnerability please also make sure to include the CVE id in
the changelog entry, when one is assigned.
[1]http://www.milw0rm.com/exploits/7363
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: phppgadmin
Source-Version: 4.2.2-1
We believe that the bug you reported is fixed in the latest version of
phppgadmin, which is due to be installed in the Debian FTP archive:
phppgadmin_4.2.2-1.diff.gz
to pool/main/p/phppgadmin/phppgadmin_4.2.2-1.diff.gz
phppgadmin_4.2.2-1.dsc
to pool/main/p/phppgadmin/phppgadmin_4.2.2-1.dsc
phppgadmin_4.2.2-1_all.deb
to pool/main/p/phppgadmin/phppgadmin_4.2.2-1_all.deb
phppgadmin_4.2.2.orig.tar.gz
to pool/main/p/phppgadmin/phppgadmin_4.2.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 508...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Eisentraut <pet...@debian.org> (supplier of updated phppgadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 31 Dec 2008 19:32:22 +0200
Source: phppgadmin
Binary: phppgadmin
Architecture: source all
Version: 4.2.2-1
Distribution: unstable
Urgency: low
Maintainer: Isaac Clerencia <is...@debian.org>
Changed-By: Peter Eisentraut <pet...@debian.org>
Description:
phppgadmin - web-based administration tool for PostgreSQL
Closes: 508026 508026
Changes:
phppgadmin (4.2.2-1) unstable; urgency=low
.
* New upstream release
- Fixes local file inclusion vulnerability (CVE-2008-5587) (closes:
#508026)
* Removed register_globals from debian/apache.conf (closes: #508026)
Checksums-Sha1:
1e20751f5734e52317594c966baae7844bd86a99 1202 phppgadmin_4.2.2-1.dsc
a30ff18101982f138bd1a3c9690781bcdfe3ca22 904262 phppgadmin_4.2.2.orig.tar.gz
4f7211eb7d67f14d07ef8ebe97bfc97fc041b34a 7624 phppgadmin_4.2.2-1.diff.gz
e29dacc0380464dc732483d162989c9370e8fa5c 904672 phppgadmin_4.2.2-1_all.deb
Checksums-Sha256:
05aaf4214d6387d5ea91f10383d60b61b4c1003adaa5a68a4262086ec07b816b 1202
phppgadmin_4.2.2-1.dsc
253503a3c8110eb3e08236c961ca3801879ef2973ab169a400cf0ccdb6a2db05 904262
phppgadmin_4.2.2.orig.tar.gz
1659fed9edd5f4dce6ea4aca3f781def7eb86050922a3c65317c49c876c17418 7624
phppgadmin_4.2.2-1.diff.gz
9f983cfc47a31df81d6cc5b449dd9b68aa94ed535aa9e07fb29196fcbc3e6537 904672
phppgadmin_4.2.2-1_all.deb
Files:
a2a0adfd30938934c1f27ac3ad20bf12 1202 web extra phppgadmin_4.2.2-1.dsc
68280bb47d6420f423578a0a8d731051 904262 web extra phppgadmin_4.2.2.orig.tar.gz
65be07c334e04cfdaae06804d53a52b0 7624 web extra phppgadmin_4.2.2-1.diff.gz
e31f93dd9377732ba7a96632decdeafa 904672 web extra phppgadmin_4.2.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklbrQ0ACgkQTTx8oVVPtMZakACgoxAiIk+bsaGDPab3M/+VxeOR
V1UAnRtc7p3rigGPZRDwQWItwt4ORRFE
=4+P4
-----END PGP SIGNATURE-----
--- End Message ---
