Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
On 06/06/2010 06:16 PM, Olivier Berger wrote: > Thanks for caring. > > I've tried and fix the most obvious problems reported by lintian and > update the changelog, and have re-uploaded an updated package to > mentors. If you can upload it for me, many thanks in advance. > > Best regards, I've added a comma in the changelog and uploaded your package. * New upstream release (includes fix for CVE-2010-0403, CVE-2010-0404, -Closes: #584518 #584517). +Closes: #584518, #584517). * Remove upstream-security-20090722.diff patch (SA35519 / DSA-1978-1 / btw, there are some minor lintian info/warning/pedantic, consider to fix them, they are easy to fix (lintian -iIvE --pedantic *.changes) Cheers, Giuseppe. signature.asc Description: OpenPGP digital signature
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
Hi. Le vendredi 04 juin 2010 à 12:48 +0200, Giuseppe Iuculano a écrit : > On 06/04/2010 12:44 PM, Olivier Berger wrote: > > Here : > > http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=phpgroupware > > Please add the "Closes" entries for the security bugs and add the source > format (W: phpgroupware source: missing-debian-source-format). > Thanks for caring. I've tried and fix the most obvious problems reported by lintian and update the changelog, and have re-uploaded an updated package to mentors. If you can upload it for me, many thanks in advance. Best regards, Message transféré De: mentors.debian.net À: olivier.ber...@it-sudparis.eu Sujet: 'phpgroupware' uploaded to mentors.debian.net Date: Sun, 6 Jun 2010 18:10:52 +0200 (CEST) Your upload of the package 'phpgroupware' to mentors.debian.net was successful. Sponsors can now download it. The URL of your package is: http://mentors.debian.net/debian/pool/main/p/phpgroupware The respective dsc file can be found at: http://mentors.debian.net/debian/pool/main/p/phpgroupware/phpgroupware_0.9.16.016+dfsg-1.dsc - Processing your upload took 30.2 seconds. - -- Olivier BERGER http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) signature.asc Description: Ceci est une partie de message numériquement signée
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
On 06/04/2010 12:44 PM, Olivier Berger wrote: > Here : > http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=phpgroupware Please add the "Closes" entries for the security bugs and add the source format (W: phpgroupware source: missing-debian-source-format). Cheers. Giuseppe. signature.asc Description: OpenPGP digital signature
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
Hi. Le vendredi 04 juin 2010 à 11:29 +0200, Giuseppe Iuculano a écrit : > Hi Christian, > > On 06/04/2010 11:24 AM, christian bac wrote: > > -the unstable version : 1:0.9.16.016+dfsg-1 that is uploaded on > > mentors. > > Here : http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=phpgroupware > > do you need a sponsor ? > Yes. Thanks in advance if you can upload this for us. Best regards, -- Olivier BERGER http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) signature.asc Description: Ceci est une partie de message numériquement signée
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
On Fri, 2010-06-04 at 11:29 +0200, Giuseppe Iuculano wrote: > Hi Christian, > > On 06/04/2010 11:24 AM, christian bac wrote: > > -the unstable version : 1:0.9.16.016+dfsg-1 that is uploaded on > > mentors. > > > > do you need a sponsor ? > > > Cheers, > Giuseppe > A last upload that close these bugs may be interesting. C.Bac -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
Hi Christian, On 06/04/2010 11:24 AM, christian bac wrote: > -the unstable version : 1:0.9.16.016+dfsg-1 that is uploaded on > mentors. > do you need a sponsor ? Cheers, Giuseppe signature.asc Description: OpenPGP digital signature
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
As you can see in the changelog, these bugs are fixed in : -the stable version : 1:0.9.16.012+dfsg-8+lenny2 -the unstable version : 1:0.9.16.016+dfsg-1 that is uploaded on mentors. These version does not work correctly on unstable and squeeze due to non conformance to php5.3. Upstream does not want to provide a tarball for php5.3, only keep the stable version alive, and wait for a proper version to work with php 5.3. C.Bac On Fri, 2010-06-04 at 10:52 +0200, Giuseppe Iuculano wrote: > Package: phpgroupware > Severity: grave > Tags: security > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for phpgroupware. > > CVE-2010-0404[0]: > | Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before > | 0.9.16.016 allow remote attackers to execute arbitrary SQL commands > | via unspecified parameters to (1) class.sessions_db.inc.php, (2) > | class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in > | phpgwapi/inc/. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0404 > http://security-tracker.debian.org/tracker/CVE-2010-0404 > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAkwIvrgACgkQNxpp46476aq41wCfQ0VPTXt9wJea3uxc8AyFqinN > iJEAn23Iev9NwpsKs0mobx63GDSVoOKs > =T2FI > -END PGP SIGNATURE- > > > -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
Package: phpgroupware Severity: grave Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for phpgroupware. CVE-2010-0404[0]: | Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before | 0.9.16.016 allow remote attackers to execute arbitrary SQL commands | via unspecified parameters to (1) class.sessions_db.inc.php, (2) | class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in | phpgwapi/inc/. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0404 http://security-tracker.debian.org/tracker/CVE-2010-0404 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkwIvrgACgkQNxpp46476aq41wCfQ0VPTXt9wJea3uxc8AyFqinN iJEAn23Iev9NwpsKs0mobx63GDSVoOKs =T2FI -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org