Bug#466449: marked as done (diatheke: Diatheke allows arbitrary command execution using the range parameter)
Your message dated Sat, 26 Jul 2008 09:58:01 + with message-id [EMAIL PROTECTED] and subject line Bug#466449: fixed in sword 1.5.9-2etch1 has caused the Debian Bug report #466449, regarding diatheke: Diatheke allows arbitrary command execution using the range parameter to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 466449: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: diatheke Severity: critical Tags: security Justification: root security hole The Diatheke CGI allows arbitrary command execution in the context of the webserver, e.g. www-data by simply abusing the range parameter. For example, range=`yes` will consume tons of resources on the affected webserver. Escalation of privleges and command shells are left as an exercise to the reader. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh Versions of packages diatheke depends on: ii libc6 2.7-8 GNU C Library: Shared libraries ii libcomerr21.40.6-1 common error description library ii libgcc1 1:4.3-20080202-1 GCC support library ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.7-5OpenLDAP libraries ii libstdc++64.3-20080202-1 The GNU Standard C++ Library v3 ii libsword6 1.5.9-7.1 API/library for bible software ii zlib1g1:1.2.3.3.dfsg-11 compression library - runtime Versions of packages diatheke recommends: ii apache2 2.2.8-1Next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.2.8-1Traditional model for Apache HTTPD ---End Message--- ---BeginMessage--- Source: sword Source-Version: 1.5.9-2etch1 We believe that the bug you reported is fixed in the latest version of sword, which is due to be installed in the Debian FTP archive: diatheke_1.5.9-2etch1_i386.deb to pool/main/s/sword/diatheke_1.5.9-2etch1_i386.deb libsword-dev_1.5.9-2etch1_i386.deb to pool/main/s/sword/libsword-dev_1.5.9-2etch1_i386.deb libsword6_1.5.9-2etch1_i386.deb to pool/main/s/sword/libsword6_1.5.9-2etch1_i386.deb sword_1.5.9-2etch1.diff.gz to pool/main/s/sword/sword_1.5.9-2etch1.diff.gz sword_1.5.9-2etch1.dsc to pool/main/s/sword/sword_1.5.9-2etch1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst [EMAIL PROTECTED] (supplier of updated sword package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 21 Feb 2008 23:35:10 +0100 Source: sword Binary: libsword-dev libsword6 diatheke Architecture: source i386 Version: 1.5.9-2etch1 Distribution: stable-security Urgency: high Maintainer: Daniel Glassey [EMAIL PROTECTED] Changed-By: Thijs Kinkhorst [EMAIL PROTECTED] Description: diatheke - CGI script for making bible website libsword-dev - Development files for libsword libsword6 - API/library for bible software Closes: 466449 Changes: sword (1.5.9-2etch1) stable-security; urgency=high . * Non-maintainer upload by the security team. * Fix remote command execution in diatheke.pl (Closes: #466449) with maintainer-supplied patch. Files: d93f49c3798272c9de84ec6ae5d1cbed 1026 libs optional sword_1.5.9-2etch1.dsc 346539f31b41015161d8dd0d2f035243 1806178 libs optional sword_1.5.9.orig.tar.gz c39c316e9c81e54136eb02f68292c09d 82071 libs optional sword_1.5.9-2etch1.diff.gz 95b5aaff3ccec4dcd1f77e95f6bf2da0 526314 libs optional libsword6_1.5.9-2etch1_i386.deb e3c8ec3d6dcfcfae0cddbb618353db36 701078 libdevel optional libsword-dev_1.5.9-2etch1_i386.deb 0a384fecde3e4492fda105eb9d82ce35 62206 web optional diatheke_1.5.9-2etch1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR74B9mz0hbPcukPfAQK1vQgAslglZdmw1KrpxLpOGJFk9mPJDzX6lTDa xL0r/4/IxFapDxUoxD0Yk/wOsVltChGM8e8Ro4955sWKabR/s0vw1mJg08l9cGy4
Bug#466449: marked as done (diatheke: Diatheke allows arbitrary command execution using the range parameter)
Your message dated Sat, 12 Apr 2008 17:54:56 + with message-id [EMAIL PROTECTED] and subject line Bug#466449: fixed in sword 1.5.7-7sarge1 has caused the Debian Bug report #466449, regarding diatheke: Diatheke allows arbitrary command execution using the range parameter to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 466449: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: diatheke Severity: critical Tags: security Justification: root security hole The Diatheke CGI allows arbitrary command execution in the context of the webserver, e.g. www-data by simply abusing the range parameter. For example, range=`yes` will consume tons of resources on the affected webserver. Escalation of privleges and command shells are left as an exercise to the reader. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh Versions of packages diatheke depends on: ii libc6 2.7-8 GNU C Library: Shared libraries ii libcomerr21.40.6-1 common error description library ii libgcc1 1:4.3-20080202-1 GCC support library ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.7-5OpenLDAP libraries ii libstdc++64.3-20080202-1 The GNU Standard C++ Library v3 ii libsword6 1.5.9-7.1 API/library for bible software ii zlib1g1:1.2.3.3.dfsg-11 compression library - runtime Versions of packages diatheke recommends: ii apache2 2.2.8-1Next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.2.8-1Traditional model for Apache HTTPD ---End Message--- ---BeginMessage--- Source: sword Source-Version: 1.5.7-7sarge1 We believe that the bug you reported is fixed in the latest version of sword, which is due to be installed in the Debian FTP archive: diatheke_1.5.7-7sarge1_i386.deb to pool/main/s/sword/diatheke_1.5.7-7sarge1_i386.deb libsword-dev_1.5.7-7sarge1_i386.deb to pool/main/s/sword/libsword-dev_1.5.7-7sarge1_i386.deb libsword4_1.5.7-7sarge1_i386.deb to pool/main/s/sword/libsword4_1.5.7-7sarge1_i386.deb sword_1.5.7-7sarge1.diff.gz to pool/main/s/sword/sword_1.5.7-7sarge1.diff.gz sword_1.5.7-7sarge1.dsc to pool/main/s/sword/sword_1.5.7-7sarge1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst [EMAIL PROTECTED] (supplier of updated sword package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 21 Feb 2008 23:45:32 +0100 Source: sword Binary: libsword4 libsword-dev diatheke Architecture: source i386 Version: 1.5.7-7sarge1 Distribution: oldstable-security Urgency: high Maintainer: Daniel Glassey [EMAIL PROTECTED] Changed-By: Thijs Kinkhorst [EMAIL PROTECTED] Description: diatheke - CGI script for making bible website libsword-dev - Development files for libsword libsword4 - API/library for bible software Closes: 466449 Changes: sword (1.5.7-7sarge1) oldstable-security; urgency=high . * Non-maintainer upload by the security team. * Fix remote command execution in diatheke.pl (Closes: #466449) with maintainer-supplied patch. Files: 4f7872250c457ac36f0b20b4be235647 938 libs optional sword_1.5.7-7sarge1.dsc 369f09068839c646aeab691c63a40d67 1482711 libs optional sword_1.5.7.orig.tar.gz f8993cddacdac25ca55b7e99ced8ff49 277640 libs optional sword_1.5.7-7sarge1.diff.gz 4dabb05ea1d6b72ba61e8877cbad1544 388072 libs optional libsword4_1.5.7-7sarge1_i386.deb f04d2f9bc41e5703967630adf4e12754 556994 libdevel optional libsword-dev_1.5.7-7sarge1_i386.deb 665ce388ee9a74a0d850007beae3051a 58108 web optional diatheke_1.5.7-7sarge1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR74IYWz0hbPcukPfAQJSPwf9FGg4WMaBQurWVna+xkNHblnqh49TNoww 0J2Zk7rWLIyUudLfTh/x6IB4OtsExY3gBZwi/Dxlh7OTUU0rVwJKAbfkEwcFgltS
Bug#466449: marked as done (diatheke: Diatheke allows arbitrary command execution using the range parameter)
Your message dated Wed, 02 Apr 2008 19:52:19 + with message-id [EMAIL PROTECTED] and subject line Bug#466449: fixed in sword 1.5.9-2etch1 has caused the Debian Bug report #466449, regarding diatheke: Diatheke allows arbitrary command execution using the range parameter to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 466449: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: diatheke Severity: critical Tags: security Justification: root security hole The Diatheke CGI allows arbitrary command execution in the context of the webserver, e.g. www-data by simply abusing the range parameter. For example, range=`yes` will consume tons of resources on the affected webserver. Escalation of privleges and command shells are left as an exercise to the reader. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh Versions of packages diatheke depends on: ii libc6 2.7-8 GNU C Library: Shared libraries ii libcomerr21.40.6-1 common error description library ii libgcc1 1:4.3-20080202-1 GCC support library ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.7-5OpenLDAP libraries ii libstdc++64.3-20080202-1 The GNU Standard C++ Library v3 ii libsword6 1.5.9-7.1 API/library for bible software ii zlib1g1:1.2.3.3.dfsg-11 compression library - runtime Versions of packages diatheke recommends: ii apache2 2.2.8-1Next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.2.8-1Traditional model for Apache HTTPD ---End Message--- ---BeginMessage--- Source: sword Source-Version: 1.5.9-2etch1 We believe that the bug you reported is fixed in the latest version of sword, which is due to be installed in the Debian FTP archive: diatheke_1.5.9-2etch1_i386.deb to pool/main/s/sword/diatheke_1.5.9-2etch1_i386.deb libsword-dev_1.5.9-2etch1_i386.deb to pool/main/s/sword/libsword-dev_1.5.9-2etch1_i386.deb libsword6_1.5.9-2etch1_i386.deb to pool/main/s/sword/libsword6_1.5.9-2etch1_i386.deb sword_1.5.9-2etch1.diff.gz to pool/main/s/sword/sword_1.5.9-2etch1.diff.gz sword_1.5.9-2etch1.dsc to pool/main/s/sword/sword_1.5.9-2etch1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst [EMAIL PROTECTED] (supplier of updated sword package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 21 Feb 2008 23:35:10 +0100 Source: sword Binary: libsword-dev libsword6 diatheke Architecture: source i386 Version: 1.5.9-2etch1 Distribution: stable-security Urgency: high Maintainer: Daniel Glassey [EMAIL PROTECTED] Changed-By: Thijs Kinkhorst [EMAIL PROTECTED] Description: diatheke - CGI script for making bible website libsword-dev - Development files for libsword libsword6 - API/library for bible software Closes: 466449 Changes: sword (1.5.9-2etch1) stable-security; urgency=high . * Non-maintainer upload by the security team. * Fix remote command execution in diatheke.pl (Closes: #466449) with maintainer-supplied patch. Files: d93f49c3798272c9de84ec6ae5d1cbed 1026 libs optional sword_1.5.9-2etch1.dsc 346539f31b41015161d8dd0d2f035243 1806178 libs optional sword_1.5.9.orig.tar.gz c39c316e9c81e54136eb02f68292c09d 82071 libs optional sword_1.5.9-2etch1.diff.gz 95b5aaff3ccec4dcd1f77e95f6bf2da0 526314 libs optional libsword6_1.5.9-2etch1_i386.deb e3c8ec3d6dcfcfae0cddbb618353db36 701078 libdevel optional libsword-dev_1.5.9-2etch1_i386.deb 0a384fecde3e4492fda105eb9d82ce35 62206 web optional diatheke_1.5.9-2etch1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR74B9mz0hbPcukPfAQK1vQgAslglZdmw1KrpxLpOGJFk9mPJDzX6lTDa xL0r/4/IxFapDxUoxD0Yk/wOsVltChGM8e8Ro4955sWKabR/s0vw1mJg08l9cGy4
Bug#466449: marked as done (diatheke: Diatheke allows arbitrary command execution using the range parameter)
Your message dated Thu, 28 Feb 2008 07:52:17 + with message-id [EMAIL PROTECTED] and subject line Bug#466449: fixed in sword 1.5.7-7sarge1 has caused the Debian Bug report #466449, regarding diatheke: Diatheke allows arbitrary command execution using the range parameter to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 466449: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: diatheke Severity: critical Tags: security Justification: root security hole The Diatheke CGI allows arbitrary command execution in the context of the webserver, e.g. www-data by simply abusing the range parameter. For example, range=`yes` will consume tons of resources on the affected webserver. Escalation of privleges and command shells are left as an exercise to the reader. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh Versions of packages diatheke depends on: ii libc6 2.7-8 GNU C Library: Shared libraries ii libcomerr21.40.6-1 common error description library ii libgcc1 1:4.3-20080202-1 GCC support library ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.7-5OpenLDAP libraries ii libstdc++64.3-20080202-1 The GNU Standard C++ Library v3 ii libsword6 1.5.9-7.1 API/library for bible software ii zlib1g1:1.2.3.3.dfsg-11 compression library - runtime Versions of packages diatheke recommends: ii apache2 2.2.8-1Next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.2.8-1Traditional model for Apache HTTPD ---End Message--- ---BeginMessage--- Source: sword Source-Version: 1.5.7-7sarge1 We believe that the bug you reported is fixed in the latest version of sword, which is due to be installed in the Debian FTP archive: diatheke_1.5.7-7sarge1_i386.deb to pool/main/s/sword/diatheke_1.5.7-7sarge1_i386.deb libsword-dev_1.5.7-7sarge1_i386.deb to pool/main/s/sword/libsword-dev_1.5.7-7sarge1_i386.deb libsword4_1.5.7-7sarge1_i386.deb to pool/main/s/sword/libsword4_1.5.7-7sarge1_i386.deb sword_1.5.7-7sarge1.diff.gz to pool/main/s/sword/sword_1.5.7-7sarge1.diff.gz sword_1.5.7-7sarge1.dsc to pool/main/s/sword/sword_1.5.7-7sarge1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst [EMAIL PROTECTED] (supplier of updated sword package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 21 Feb 2008 23:45:32 +0100 Source: sword Binary: libsword4 libsword-dev diatheke Architecture: source i386 Version: 1.5.7-7sarge1 Distribution: oldstable-security Urgency: high Maintainer: Daniel Glassey [EMAIL PROTECTED] Changed-By: Thijs Kinkhorst [EMAIL PROTECTED] Description: diatheke - CGI script for making bible website libsword-dev - Development files for libsword libsword4 - API/library for bible software Closes: 466449 Changes: sword (1.5.7-7sarge1) oldstable-security; urgency=high . * Non-maintainer upload by the security team. * Fix remote command execution in diatheke.pl (Closes: #466449) with maintainer-supplied patch. Files: 4f7872250c457ac36f0b20b4be235647 938 libs optional sword_1.5.7-7sarge1.dsc 369f09068839c646aeab691c63a40d67 1482711 libs optional sword_1.5.7.orig.tar.gz f8993cddacdac25ca55b7e99ced8ff49 277640 libs optional sword_1.5.7-7sarge1.diff.gz 4dabb05ea1d6b72ba61e8877cbad1544 388072 libs optional libsword4_1.5.7-7sarge1_i386.deb f04d2f9bc41e5703967630adf4e12754 556994 libdevel optional libsword-dev_1.5.7-7sarge1_i386.deb 665ce388ee9a74a0d850007beae3051a 58108 web optional diatheke_1.5.7-7sarge1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR74IYWz0hbPcukPfAQJSPwf9FGg4WMaBQurWVna+xkNHblnqh49TNoww 0J2Zk7rWLIyUudLfTh/x6IB4OtsExY3gBZwi/Dxlh7OTUU0rVwJKAbfkEwcFgltS
Bug#466449: marked as done (diatheke: Diatheke allows arbitrary command execution using the range parameter)
Your message dated Tue, 19 Feb 2008 00:02:11 + with message-id [EMAIL PROTECTED] and subject line Bug#466449: fixed in sword 1.5.9-8 has caused the Debian Bug report #466449, regarding diatheke: Diatheke allows arbitrary command execution using the range parameter to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 466449: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: diatheke Severity: critical Tags: security Justification: root security hole The Diatheke CGI allows arbitrary command execution in the context of the webserver, e.g. www-data by simply abusing the range parameter. For example, range=`yes` will consume tons of resources on the affected webserver. Escalation of privleges and command shells are left as an exercise to the reader. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh Versions of packages diatheke depends on: ii libc6 2.7-8 GNU C Library: Shared libraries ii libcomerr21.40.6-1 common error description library ii libgcc1 1:4.3-20080202-1 GCC support library ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.7-5OpenLDAP libraries ii libstdc++64.3-20080202-1 The GNU Standard C++ Library v3 ii libsword6 1.5.9-7.1 API/library for bible software ii zlib1g1:1.2.3.3.dfsg-11 compression library - runtime Versions of packages diatheke recommends: ii apache2 2.2.8-1Next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.2.8-1Traditional model for Apache HTTPD ---End Message--- ---BeginMessage--- Source: sword Source-Version: 1.5.9-8 We believe that the bug you reported is fixed in the latest version of sword, which is due to be installed in the Debian FTP archive: diatheke_1.5.9-8_i386.deb to pool/main/s/sword/diatheke_1.5.9-8_i386.deb libsword-dev_1.5.9-8_i386.deb to pool/main/s/sword/libsword-dev_1.5.9-8_i386.deb libsword6_1.5.9-8_i386.deb to pool/main/s/sword/libsword6_1.5.9-8_i386.deb sword_1.5.9-8.diff.gz to pool/main/s/sword/sword_1.5.9-8.diff.gz sword_1.5.9-8.dsc to pool/main/s/sword/sword_1.5.9-8.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Glassey [EMAIL PROTECTED] (supplier of updated sword package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Mon, 18 Feb 2008 22:57:25 + Source: sword Binary: libsword6 libsword-dev diatheke Architecture: source i386 Version: 1.5.9-8 Distribution: unstable Urgency: high Maintainer: Daniel Glassey [EMAIL PROTECTED] Changed-By: Daniel Glassey [EMAIL PROTECTED] Description: diatheke - CGI script for making bible website libsword-dev - Development files for libsword libsword6 - API/library for bible software Closes: 466449 Changes: sword (1.5.9-8) unstable; urgency=high . * diatheke failed to use shell_escape for the range parameter properly, Closes: #466449 Files: d213fb9ac2386e698fea2b02b6978851 709 libs optional sword_1.5.9-8.dsc d2a89c7f46b5b39d51034ea607be58b5 100567 libs optional sword_1.5.9-8.diff.gz 1f0c6259a54dfe5fb5edf522eb7eec9f 529646 libs optional libsword6_1.5.9-8_i386.deb 307a45596ca46eaaa9d1ad864fa7ff80 678664 libdevel optional libsword-dev_1.5.9-8_i386.deb 8bf1c18a75a0738c0a1226d1743d545c 60998 web optional diatheke_1.5.9-8_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHuhlP/offrSwPzRoRAuS9AKC9pAaiNSE530tcVDCFabSZVyOcpQCg7jx2 oER4VELqtW8FIrsrWWpIvVM= =69iZ -END PGP SIGNATURE- ---End Message---