Your message dated Fri, 18 Jan 2013 20:47:33 +0000 with message-id <e1twiqb-0004yi...@franck.debian.org> and subject line Bug#698439: fixed in couchdb 1.2.0-4 has caused the Debian Bug report #698439, regarding couchdb: CVE-2012-5650 CVE-2012-5649 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 698439: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698439 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: couchdb Severity: grave Tags: security Justification: user security hole Please see http://seclists.org/fulldisclosure/2013/Jan/82 http://seclists.org/fulldisclosure/2013/Jan/80 Please apply isolated fixes instead of updating to a full new release. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: couchdb Source-Version: 1.2.0-4 We believe that the bug you reported is fixed in the latest version of couchdb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 698...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <g...@debian.hu> (supplier of updated couchdb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 18 Jan 2013 20:04:01 +0100 Source: couchdb Binary: couchdb Architecture: source amd64 Version: 1.2.0-4 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.hu> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.hu> Description: couchdb - RESTful document oriented database Closes: 698439 Changes: couchdb (1.2.0-4) unstable; urgency=high . * Fix CVE-2012-5649 and CVE-2012-5650 with adding upstream fixes as patches: improve_parsing_of_mochiweb_relative_paths.patch , improve_script_url_validation.patch and include_a_comment_before_jsonp_output.patch (closes: #698439). Checksums-Sha1: db6951c398718e9cfaf823ec011ff2bb54b51e40 1246 couchdb_1.2.0-4.dsc bc9bcfaa03a8cd3f57df84b03b2fd483304a4695 10909 couchdb_1.2.0-4.debian.tar.gz 36a609671755ab1daf534e44ace2f9da0570956c 1026938 couchdb_1.2.0-4_amd64.deb Checksums-Sha256: afb6d30ecfabdd421803eb318a5f22c2a898decb4e17bf811118dae629e6fac5 1246 couchdb_1.2.0-4.dsc f837158f017d190787d831ccce1c54c9d4778c0d0bab73331ad1575df0704ac5 10909 couchdb_1.2.0-4.debian.tar.gz d9c524bd7d7f127c0f7ebb6e9304b026f93b2d110950e5eb344e123279488aa5 1026938 couchdb_1.2.0-4_amd64.deb Files: 08f4bf2cbc100ff9ae513676c0a878bc 1246 misc optional couchdb_1.2.0-4.dsc 36bd943948e28bb11bd27544b28794d9 10909 misc optional couchdb_1.2.0-4.debian.tar.gz 4c450627a3fb847deb577bd442694ae7 1026938 misc optional couchdb_1.2.0-4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlD5p08ACgkQMDatjqUaT93n3wCfV0LF2QLP8lQMtzXZWSx86EId RqcAnRMH0qlGf7ijuTitTaYODqNyJ8Si =9Q0W -----END PGP SIGNATURE-----
--- End Message ---
