Your message dated Wed, 16 Nov 2005 08:02:17 -0800 with message-id <[EMAIL PROTECTED]> and subject line Bug#339079: fixed in phpsysinfo 2.3-7 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 14 Nov 2005 20:40:54 +0000 >From [EMAIL PROTECTED] Mon Nov 14 12:40:54 2005 Return-path: <[EMAIL PROTECTED]> Received: from inutil.org ([193.22.164.111] helo=vserver151.vserver151.serverflex.de) by spohr.debian.org with esmtp (Exim 4.50) id 1Ebl8I-0007le-LP for [EMAIL PROTECTED]; Mon, 14 Nov 2005 12:40:54 -0800 Received: from dslb-082-083-221-179.pools.arcor-ip.net ([82.83.221.179] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1Ebl8H-0003t4-EJ for [EMAIL PROTECTED]; Mon, 14 Nov 2005 21:40:53 +0100 Received: from jmm by localhost.localdomain with local (Exim 4.54) id 1Ebl86-0001Um-Fx; Mon, 14 Nov 2005 21:40:42 +0100 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: CVE-2005-334[78]: Two vulnerabilities in phpsysinfo X-Mailer: reportbug 3.17 Date: Mon, 14 Nov 2005 21:40:42 +0100 X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]> Message-Id: <[EMAIL PROTECTED]> X-SA-Exim-Connect-IP: 82.83.221.179 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-10.5 required=4.0 tests=BAYES_00,HAS_PACKAGE, RCVD_IN_SORBS,X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: phpsysinfo Severity: grave Tags: security Justification: user security hole Two security problems have been found in phpsysinfo. Please see http://www.hardened-php.net/advisory_212005.81.html for more information. 2.4.1 fixes these issues. MITRE has assigned the identifiers CVE-2005-3347 and CVE-2005-3348 to these problems, please mention them in the changelog when fixing this. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --------------------------------------- Received: (at 339079-close) by bugs.debian.org; 16 Nov 2005 16:07:27 +0000 >From [EMAIL PROTECTED] Wed Nov 16 08:07:27 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcPjl-0005db-4N; Wed, 16 Nov 2005 08:02:17 -0800 From: =?utf-8?q?Frederik_Sch=C3=BCler?= <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#339079: fixed in phpsysinfo 2.3-7 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Wed, 16 Nov 2005 08:02:17 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 4 Source: phpsysinfo Source-Version: 2.3-7 We believe that the bug you reported is fixed in the latest version of phpsysinfo, which is due to be installed in the Debian FTP archive: phpsysinfo_2.3-7.diff.gz to pool/main/p/phpsysinfo/phpsysinfo_2.3-7.diff.gz phpsysinfo_2.3-7.dsc to pool/main/p/phpsysinfo/phpsysinfo_2.3-7.dsc phpsysinfo_2.3-7_all.deb to pool/main/p/phpsysinfo/phpsysinfo_2.3-7_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frederik Schüler <[EMAIL PROTECTED]> (supplier of updated phpsysinfo package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 14 Nov 2005 22:48:42 +0100 Source: phpsysinfo Binary: phpsysinfo Architecture: source all Version: 2.3-7 Distribution: unstable Urgency: high Maintainer: Frederik Schüler <[EMAIL PROTECTED]> Changed-By: Frederik Schüler <[EMAIL PROTECTED]> Description: phpsysinfo - PHP based host information Closes: 330454 330764 338084 339079 Changes: phpsysinfo (2.3-7) unstable; urgency=high . * New Maintainer Address: I successfully passed NM. * Fix several security issues, thanks to Martin Schulze <[EMAIL PROTECTED]> for the patch. Closes: #339079 - Restrict sensor_program to single filenames [index.php, debian/patches/xxx_CVE-2005-0870.diff] - Backported parts of upstream changes and parts of changes by Christopher Kunz [index.php, debian/patches/xxx_CVE-2005-3347.diff] - Initialise charset variable [index.php, debian/patches/xxx_CVE-2005-3348.diff] * Add portuguese debconf template translation, thanks to Miguel Figueiredo <[EMAIL PROTECTED]> and the Debianpt.org Translation Team <[EMAIL PROTECTED]>. Closes: #338084 * Add german debconf template translation, thanks to Daniel Knabl <[EMAIL PROTECTED]> and the German Gnome language team <gnome-de@gnome.org>. Closes: #330454 * Add swedish debconf template translation, thanks to Daniel Nylander <[EMAIL PROTECTED]> and the Swedish Linux-International translation team <[EMAIL PROTECTED]>. Closes: #330764 * Updated watch file. Files: b1dffedf7a1e69104a22db2927209d89 583 web optional phpsysinfo_2.3-7.dsc 28bb0e691797fba01b0723e5d0de611e 12413 web optional phpsysinfo_2.3-7.diff.gz 22b6661f46a4a84dd89f288cd22e5b97 167340 web optional phpsysinfo_2.3-7_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDe1Ld6n7So0GVSSARAiJhAJ91Q2mNoMOfkgcOV/nER3fjSSrT5gCfVpWF gqAMlLzVpXNWbEBoD0R5Erc= =VY3i -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]