Your message dated Thu, 22 Mar 2007 11:17:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#414830: fixed in ktorrent 2.0.3+dfsg1-2.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: ktorrent
Version: 2.0.3+dfsg1-2
Severity: grave
Tags: security
Justification: user security hole
Hello Joel,
long time no see...
I guess some work lies ahead:
| Bryan Burns of Juniper networks found 2 security vulnerabilities in
| KTorrent. These have now been fixed in the 2.1.2 release.
|
| This is just 2.1.1 with these 2 fixes. It would be advisable to upgrade.
as seen on <http://ktorrent.org/forum/viewtopic.php?t=1401>.
This concerns
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384> and
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385>.
Ubuntu Security Notice USN-436-1 has already been issued[0] on this matter.
Even though these vulnerabilities don't affect the current stable
release, they need to be fixed for the upcoming release "Etch".
Please extract the relevant patches and apply them to ktorrent as
currently present in unstable. Changes for non-release-critical issues
are no longer accepted for Etch as per the latest release update[0], so
please stick to just these necessary changes.
Once a fixed package will have been uploaded we need to ask the release
managers to allow propagation to Etch.
Cheers,
Flo
[0] <http://www.ubuntu.com/usn/usn-436-1>
[1] <http://lists.debian.org/debian-devel-announce/2007/03/msg00012.html>
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: ktorrent
Source-Version: 2.0.3+dfsg1-2.1
We believe that the bug you reported is fixed in the latest version of
ktorrent, which is due to be installed in the Debian FTP archive:
ktorrent_2.0.3+dfsg1-2.1.diff.gz
to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.1.diff.gz
ktorrent_2.0.3+dfsg1-2.1.dsc
to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.1.dsc
ktorrent_2.0.3+dfsg1-2.1_amd64.deb
to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Habouzit <[EMAIL PROTECTED]> (supplier of updated ktorrent package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 22 Mar 2007 11:11:20 +0100
Source: ktorrent
Binary: ktorrent
Architecture: source amd64
Version: 2.0.3+dfsg1-2.1
Distribution: unstable
Urgency: high
Maintainer: Joel Johnson <[EMAIL PROTECTED]>
Changed-By: Pierre Habouzit <[EMAIL PROTECTED]>
Description:
ktorrent - BitTorrent client for KDE
Closes: 414830 414832
Changes:
ktorrent (2.0.3+dfsg1-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix security issue (Closes: 414832, 414830):
+ drop patch from #414832 in debian/patches.
+ use quilt as a patches management system to deal with it.
+ urgency set to high due to RC bugfix.
Files:
0918857e98518996c891d6c0bcfd51f1 663 kde optional ktorrent_2.0.3+dfsg1-2.1.dsc
e210f4dad18fcbcdd4d41dcad502557a 5544 kde optional
ktorrent_2.0.3+dfsg1-2.1.diff.gz
4cea68a9ea4d948a5feeef658bdb02d1 1583504 kde optional
ktorrent_2.0.3+dfsg1-2.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGAmG0vGr7W6HudhwRAqvzAJ9rT2HhkzJ98Jff2xuDyk3WgylFuQCfUFaL
t05wZTqC1eq46avtriUAkBY=
=9iYO
-----END PGP SIGNATURE-----
--- End Message ---
