Your message dated Wed, 16 Nov 2005 08:02:17 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#339079: fixed in phpsysinfo 2.3-7
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Nov 2005 20:40:54 +0000
>From [EMAIL PROTECTED] Mon Nov 14 12:40:54 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org ([193.22.164.111]
helo=vserver151.vserver151.serverflex.de)
by spohr.debian.org with esmtp (Exim 4.50)
id 1Ebl8I-0007le-LP
for [EMAIL PROTECTED]; Mon, 14 Nov 2005 12:40:54 -0800
Received: from dslb-082-083-221-179.pools.arcor-ip.net ([82.83.221.179]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1Ebl8H-0003t4-EJ
for [EMAIL PROTECTED]; Mon, 14 Nov 2005 21:40:53 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.54)
id 1Ebl86-0001Um-Fx; Mon, 14 Nov 2005 21:40:42 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CVE-2005-334[78]: Two vulnerabilities in phpsysinfo
X-Mailer: reportbug 3.17
Date: Mon, 14 Nov 2005 21:40:42 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 82.83.221.179
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-10.5 required=4.0 tests=BAYES_00,HAS_PACKAGE,
RCVD_IN_SORBS,X_DEBBUGS_CC autolearn=ham
version=2.60-bugs.debian.org_2005_01_02
Package: phpsysinfo
Severity: grave
Tags: security
Justification: user security hole
Two security problems have been found in phpsysinfo. Please see
http://www.hardened-php.net/advisory_212005.81.html for more
information. 2.4.1 fixes these issues.
MITRE has assigned the identifiers CVE-2005-3347 and CVE-2005-3348
to these problems, please mention them in the changelog when fixing
this.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 339079-close) by bugs.debian.org; 16 Nov 2005 16:07:27 +0000
>From [EMAIL PROTECTED] Wed Nov 16 08:07:27 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EcPjl-0005db-4N; Wed, 16 Nov 2005 08:02:17 -0800
From: =?utf-8?q?Frederik_Sch=C3=BCler?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#339079: fixed in phpsysinfo 2.3-7
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 16 Nov 2005 08:02:17 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 4
Source: phpsysinfo
Source-Version: 2.3-7
We believe that the bug you reported is fixed in the latest version of
phpsysinfo, which is due to be installed in the Debian FTP archive:
phpsysinfo_2.3-7.diff.gz
to pool/main/p/phpsysinfo/phpsysinfo_2.3-7.diff.gz
phpsysinfo_2.3-7.dsc
to pool/main/p/phpsysinfo/phpsysinfo_2.3-7.dsc
phpsysinfo_2.3-7_all.deb
to pool/main/p/phpsysinfo/phpsysinfo_2.3-7_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frederik Schüler <[EMAIL PROTECTED]> (supplier of updated phpsysinfo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 14 Nov 2005 22:48:42 +0100
Source: phpsysinfo
Binary: phpsysinfo
Architecture: source all
Version: 2.3-7
Distribution: unstable
Urgency: high
Maintainer: Frederik Schüler <[EMAIL PROTECTED]>
Changed-By: Frederik Schüler <[EMAIL PROTECTED]>
Description:
phpsysinfo - PHP based host information
Closes: 330454 330764 338084 339079
Changes:
phpsysinfo (2.3-7) unstable; urgency=high
.
* New Maintainer Address: I successfully passed NM.
* Fix several security issues, thanks to Martin Schulze <[EMAIL PROTECTED]>
for the patch. Closes: #339079
- Restrict sensor_program to single filenames [index.php,
debian/patches/xxx_CVE-2005-0870.diff]
- Backported parts of upstream changes and parts of changes by
Christopher Kunz [index.php, debian/patches/xxx_CVE-2005-3347.diff]
- Initialise charset variable [index.php,
debian/patches/xxx_CVE-2005-3348.diff]
* Add portuguese debconf template translation, thanks to Miguel
Figueiredo <[EMAIL PROTECTED]> and the Debianpt.org Translation Team
<[EMAIL PROTECTED]>. Closes: #338084
* Add german debconf template translation, thanks to Daniel Knabl
<[EMAIL PROTECTED]> and the German Gnome language team
<gnome-de@gnome.org>. Closes: #330454
* Add swedish debconf template translation, thanks to Daniel Nylander
<[EMAIL PROTECTED]> and the Swedish Linux-International translation
team <[EMAIL PROTECTED]>. Closes: #330764
* Updated watch file.
Files:
b1dffedf7a1e69104a22db2927209d89 583 web optional phpsysinfo_2.3-7.dsc
28bb0e691797fba01b0723e5d0de611e 12413 web optional phpsysinfo_2.3-7.diff.gz
22b6661f46a4a84dd89f288cd22e5b97 167340 web optional phpsysinfo_2.3-7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDe1Ld6n7So0GVSSARAiJhAJ91Q2mNoMOfkgcOV/nER3fjSSrT5gCfVpWF
gqAMlLzVpXNWbEBoD0R5Erc=
=VY3i
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
