Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
On 06/06/2010 06:16 PM, Olivier Berger wrote: Thanks for caring. I've tried and fix the most obvious problems reported by lintian and update the changelog, and have re-uploaded an updated package to mentors. If you can upload it for me, many thanks in advance. Best regards, I've added a comma in the changelog and uploaded your package. * New upstream release (includes fix for CVE-2010-0403, CVE-2010-0404, -Closes: #584518 #584517). +Closes: #584518, #584517). * Remove upstream-security-20090722.diff patch (SA35519 / DSA-1978-1 / btw, there are some minor lintian info/warning/pedantic, consider to fix them, they are easy to fix (lintian -iIvE --pedantic *.changes) Cheers, Giuseppe. signature.asc Description: OpenPGP digital signature
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
Hi. Le vendredi 04 juin 2010 à 12:48 +0200, Giuseppe Iuculano a écrit : On 06/04/2010 12:44 PM, Olivier Berger wrote: Here : http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=phpgroupware Please add the Closes entries for the security bugs and add the source format (W: phpgroupware source: missing-debian-source-format). Thanks for caring. I've tried and fix the most obvious problems reported by lintian and update the changelog, and have re-uploaded an updated package to mentors. If you can upload it for me, many thanks in advance. Best regards, Message transféré De: mentors.debian.net supp...@mentors.debian.net À: olivier.ber...@it-sudparis.eu Sujet: 'phpgroupware' uploaded to mentors.debian.net Date: Sun, 6 Jun 2010 18:10:52 +0200 (CEST) Your upload of the package 'phpgroupware' to mentors.debian.net was successful. Sponsors can now download it. The URL of your package is: http://mentors.debian.net/debian/pool/main/p/phpgroupware The respective dsc file can be found at: http://mentors.debian.net/debian/pool/main/p/phpgroupware/phpgroupware_0.9.16.016+dfsg-1.dsc - Processing your upload took 30.2 seconds. - -- Olivier BERGER olivier.ber...@it-sudparis.eu http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) signature.asc Description: Ceci est une partie de message numériquement signée
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
Package: phpgroupware Severity: grave Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities Exposures) id was published for phpgroupware. CVE-2010-0404[0]: | Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before | 0.9.16.016 allow remote attackers to execute arbitrary SQL commands | via unspecified parameters to (1) class.sessions_db.inc.php, (2) | class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in | phpgwapi/inc/. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0404 http://security-tracker.debian.org/tracker/CVE-2010-0404 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkwIvrgACgkQNxpp46476aq41wCfQ0VPTXt9wJea3uxc8AyFqinN iJEAn23Iev9NwpsKs0mobx63GDSVoOKs =T2FI -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
As you can see in the changelog, these bugs are fixed in : -the stable version : 1:0.9.16.012+dfsg-8+lenny2 -the unstable version : 1:0.9.16.016+dfsg-1 that is uploaded on mentors. These version does not work correctly on unstable and squeeze due to non conformance to php5.3. Upstream does not want to provide a tarball for php5.3, only keep the stable version alive, and wait for a proper version to work with php 5.3. C.Bac On Fri, 2010-06-04 at 10:52 +0200, Giuseppe Iuculano wrote: Package: phpgroupware Severity: grave Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities Exposures) id was published for phpgroupware. CVE-2010-0404[0]: | Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before | 0.9.16.016 allow remote attackers to execute arbitrary SQL commands | via unspecified parameters to (1) class.sessions_db.inc.php, (2) | class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in | phpgwapi/inc/. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0404 http://security-tracker.debian.org/tracker/CVE-2010-0404 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkwIvrgACgkQNxpp46476aq41wCfQ0VPTXt9wJea3uxc8AyFqinN iJEAn23Iev9NwpsKs0mobx63GDSVoOKs =T2FI -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
Hi Christian, On 06/04/2010 11:24 AM, christian bac wrote: -the unstable version : 1:0.9.16.016+dfsg-1 that is uploaded on mentors. do you need a sponsor ? Cheers, Giuseppe signature.asc Description: OpenPGP digital signature
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
On Fri, 2010-06-04 at 11:29 +0200, Giuseppe Iuculano wrote: Hi Christian, On 06/04/2010 11:24 AM, christian bac wrote: -the unstable version : 1:0.9.16.016+dfsg-1 that is uploaded on mentors. do you need a sponsor ? Cheers, Giuseppe A last upload that close these bugs may be interesting. C.Bac -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
Hi. Le vendredi 04 juin 2010 à 11:29 +0200, Giuseppe Iuculano a écrit : Hi Christian, On 06/04/2010 11:24 AM, christian bac wrote: -the unstable version : 1:0.9.16.016+dfsg-1 that is uploaded on mentors. Here : http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=phpgroupware do you need a sponsor ? Yes. Thanks in advance if you can upload this for us. Best regards, -- Olivier BERGER olivier.ber...@it-sudparis.eu http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) signature.asc Description: Ceci est une partie de message numériquement signée
Bug#584517: CVE-2010-0404: Multiple SQL injection vulnerabilities
On 06/04/2010 12:44 PM, Olivier Berger wrote: Here : http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=phpgroupware Please add the Closes entries for the security bugs and add the source format (W: phpgroupware source: missing-debian-source-format). Cheers. Giuseppe. signature.asc Description: OpenPGP digital signature