Bug#535188: marked as done (CVE-2008-6838, CVE-2008-6837: Cross-Site Scripting and SQL Injection Vulnerabilities)

[Debian Bug Tracking System]

Your message dated Mon, 05 Oct 2009 23:07:19 +0000
with message-id <e1muwef-000875...@ries.debian.org>
and subject line Bug#535188: fixed in zoph 0.8.0.1-1
has caused the Debian Bug report #535188,
regarding CVE-2008-6838, CVE-2008-6837: Cross-Site Scripting and SQL Injection 
Vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
535188: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: zoph
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for zoph.

CVE-2008-6837[0]:
| SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to
| execute arbitrary SQL commands via unspecified vectors, a different
| issue than CVE-2008-3258.  NOTE: the provenance of this information is
| unknown; the details are obtained solely from third party information.

CVE-2008-6838[1]:
| Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1
| allows remote attackers to inject arbitrary web script or HTML via the
| _off parameter.  NOTE: the provenance of this information is unknown;
| the details are obtained solely from third party information.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6837
    http://security-tracker.debian.net/tracker/CVE-2008-6837
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6838
    http://security-tracker.debian.net/tracker/CVE-2008-6838

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpKLK4ACgkQNxpp46476apmpwCfRKu9hd55LmYzmyXgDqoFRl11
JcMAn3dL33VlWuQU//VUbN0wYPOvMK/+
=avJi
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: zoph
Source-Version: 0.8.0.1-1

We believe that the bug you reported is fixed in the latest version of
zoph, which is due to be installed in the Debian FTP archive:

zoph_0.8.0.1-1.diff.gz
  to pool/main/z/zoph/zoph_0.8.0.1-1.diff.gz
zoph_0.8.0.1-1.dsc
  to pool/main/z/zoph/zoph_0.8.0.1-1.dsc
zoph_0.8.0.1-1_all.deb
  to pool/main/z/zoph/zoph_0.8.0.1-1_all.deb
zoph_0.8.0.1.orig.tar.gz
  to pool/main/z/zoph/zoph_0.8.0.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Edelhard Becker <edelh...@debian.org> (supplier of updated zoph package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 05 Oct 2009 22:33:15 +0200
Source: zoph
Binary: zoph
Architecture: source all
Version: 0.8.0.1-1
Distribution: unstable
Urgency: low
Maintainer: Edelhard Becker <edelh...@debian.org>
Changed-By: Edelhard Becker <edelh...@debian.org>
Description: 
 zoph       - Web based digital image presentation and management system
Closes: 535188
Changes: 
 zoph (0.8.0.1-1) unstable; urgency=low
 .
   * new upstream release
   * fixes CVE-2008-6837 and CVE-2008-6838 (Closes: #535188)
   * bumped standards to 3.8.3 (no changes needed)
Checksums-Sha1: 
 5c5bf5f2185d0803fe394f4458460dce8697c252 962 zoph_0.8.0.1-1.dsc
 0bb88429799063bc2af4fa118697a19126cc54a3 498051 zoph_0.8.0.1.orig.tar.gz
 f823a2f94cc6141efe2003e730f9698ae5d48e3f 44737 zoph_0.8.0.1-1.diff.gz
 9de16944c228c5d318f00c4d5d59cea0bdc19694 521664 zoph_0.8.0.1-1_all.deb
Checksums-Sha256: 
 48ae7ac5e508fe6b76401fd344b0fabce72ad7b9fdc16a6686cb05d61efc60a5 962 
zoph_0.8.0.1-1.dsc
 acd125bf95874cc097dd08c87e9c4032977277dedaacfc09809f751431373778 498051 
zoph_0.8.0.1.orig.tar.gz
 61f2c191ce5c98c38d5e66f305a75f4b0fc333cccc90f836243b11dd614f6dce 44737 
zoph_0.8.0.1-1.diff.gz
 b70d85443ae2e29a947e842d0bb63d787c1f7b9ee0bda5a2d83f77b49b8546a6 521664 
zoph_0.8.0.1-1_all.deb
Files: 
 6cba85b73288eac202346ddea9cb34f0 962 web optional zoph_0.8.0.1-1.dsc
 bcd43a477adf018d6dbb518c50075b98 498051 web optional zoph_0.8.0.1.orig.tar.gz
 2d93d6eaf86b91828965867b41c8505c 44737 web optional zoph_0.8.0.1-1.diff.gz
 2a6b76d5f11f81f7cd80c6239cca426e 521664 web optional zoph_0.8.0.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFKylt9lByGkm8iLx8RAqjjAJ9p0w3Kd7AZYHmTu3jSKILyhp/TLQCdEqyZ
qP2dGNyheQ7NZUIYK5WV1AU=
=6ZRh
-----END PGP SIGNATURE-----

--- End Message ---