Bug#584517: marked as done (CVE-2010-0404: Multiple SQL injection vulnerabilities)

Debian Bug Tracking System Mon, 07 Jun 2010 02:39:28 -0700

Your message dated Mon, 07 Jun 2010 09:37:38 +0000
with message-id <e1olym2-0008a0...@ries.debian.org>
and subject line Bug#584517: fixed in phpgroupware 1:0.9.16.016+dfsg-1
has caused the Debian Bug report #584517,
regarding CVE-2010-0404: Multiple SQL injection vulnerabilities
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584517: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584517
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: phpgroupware
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for phpgroupware.

CVE-2010-0404[0]:
| Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before
| 0.9.16.016 allow remote attackers to execute arbitrary SQL commands
| via unspecified parameters to (1) class.sessions_db.inc.php, (2)
| class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in
| phpgwapi/inc/.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0404
    http://security-tracker.debian.org/tracker/CVE-2010-0404


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwIvrgACgkQNxpp46476aq41wCfQ0VPTXt9wJea3uxc8AyFqinN
iJEAn23Iev9NwpsKs0mobx63GDSVoOKs
=T2FI
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: phpgroupware
Source-Version: 1:0.9.16.016+dfsg-1

We believe that the bug you reported is fixed in the latest version of
phpgroupware, which is due to be installed in the Debian FTP archive:

phpgroupware-0.9.16-addressbook_0.9.16.016+dfsg-1_all.deb
  to 
main/p/phpgroupware/phpgroupware-0.9.16-addressbook_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-admin_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16-admin_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-calendar_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16-calendar_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-core-base_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16-core-base_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-core_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16-core_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-doc_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16-doc_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-email_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16-email_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-filemanager_0.9.16.016+dfsg-1_all.deb
  to 
main/p/phpgroupware/phpgroupware-0.9.16-filemanager_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-manual_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16-manual_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-news-admin_0.9.16.016+dfsg-1_all.deb
  to 
main/p/phpgroupware/phpgroupware-0.9.16-news-admin_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-notes_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16-notes_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-phpgwapi-doc_0.9.16.016+dfsg-1_all.deb
  to 
main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi-doc_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-phpgwapi_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-preferences_0.9.16.016+dfsg-1_all.deb
  to 
main/p/phpgroupware/phpgroupware-0.9.16-preferences_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-setup_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16-setup_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16-todo_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16-todo_0.9.16.016+dfsg-1_all.deb
phpgroupware-0.9.16_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware-0.9.16_0.9.16.016+dfsg-1_all.deb
phpgroupware_0.9.16.016+dfsg-1.diff.gz
  to main/p/phpgroupware/phpgroupware_0.9.16.016+dfsg-1.diff.gz
phpgroupware_0.9.16.016+dfsg-1.dsc
  to main/p/phpgroupware/phpgroupware_0.9.16.016+dfsg-1.dsc
phpgroupware_0.9.16.016+dfsg-1_all.deb
  to main/p/phpgroupware/phpgroupware_0.9.16.016+dfsg-1_all.deb
phpgroupware_0.9.16.016+dfsg.orig.tar.gz
  to main/p/phpgroupware/phpgroupware_0.9.16.016+dfsg.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 584...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Olivier Berger <olivier.ber...@it-sudparis.eu> (supplier of updated 
phpgroupware package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 06 Jun 2010 17:43:42 +0200
Source: phpgroupware
Binary: phpgroupware phpgroupware-0.9.16 phpgroupware-0.9.16-doc 
phpgroupware-0.9.16-core phpgroupware-0.9.16-core-base 
phpgroupware-0.9.16-addressbook phpgroupware-0.9.16-admin 
phpgroupware-0.9.16-calendar phpgroupware-0.9.16-email 
phpgroupware-0.9.16-manual phpgroupware-0.9.16-news-admin 
phpgroupware-0.9.16-notes phpgroupware-0.9.16-phpgwapi 
phpgroupware-0.9.16-phpgwapi-doc phpgroupware-0.9.16-preferences 
phpgroupware-0.9.16-setup phpgroupware-0.9.16-todo 
phpgroupware-0.9.16-filemanager
Architecture: source all
Version: 1:0.9.16.016+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Olivier Berger <olivier.ber...@it-sudparis.eu>
Changed-By: Olivier Berger <olivier.ber...@it-sudparis.eu>
Description: 
 phpgroupware - Web based groupware system written in PHP
 phpgroupware-0.9.16 - Web based groupware system written in PHP
 phpgroupware-0.9.16-addressbook - phpGroupWare addressbook management module
 phpgroupware-0.9.16-admin - phpGroupWare administration module
 phpgroupware-0.9.16-calendar - phpGroupWare calendar management module
 phpgroupware-0.9.16-core - Core groupware applications of phpGroupware
 phpgroupware-0.9.16-core-base - Base components of the phpGroupware 
"application server"
 phpgroupware-0.9.16-doc - Documentation of phpGroupware 0.9.16
 phpgroupware-0.9.16-email - phpGroupWare E-Mail client module
 phpgroupware-0.9.16-filemanager - phpGroupWare filemanager module
 phpgroupware-0.9.16-manual - phpGroupWare on-line manual module
 phpgroupware-0.9.16-news-admin - phpGroupWare news administration interface
 phpgroupware-0.9.16-notes - phpGroupWare notes management module
 phpgroupware-0.9.16-phpgwapi - library of common phpGroupWare functions
 phpgroupware-0.9.16-phpgwapi-doc - Documentation of phpGroupware 0.9.16 
phpgwapi
 phpgroupware-0.9.16-preferences - phpGroupWare preferences management module
 phpgroupware-0.9.16-setup - phpGroupWare setup III module
 phpgroupware-0.9.16-todo - phpGroupWare todo list management module
Closes: 584517 584518
Changes: 
 phpgroupware (1:0.9.16.016+dfsg-1) unstable; urgency=low
 .
   * New upstream release (includes fix for CVE-2010-0403, CVE-2010-0404,
     Closes: #584518, #584517).
   * Remove upstream-security-20090722.diff patch (SA35519 / DSA-1978-1 /
     CVE-2009-4414, CVE-2009-4415, CVE-2009-4416) included in upstream
     0.9.16.015.
   * Remove 472679.diff integrated upstream in 0.9.16.015.
   * Add watch file and get-orig-source rule plus README.sources.
   * Change dependency on PHP5 to strictly less than 5.3 as phpgroupware is
     incompatible with PHP 5.3.
   * Remove upstream-23386-sessions.diff integrated upstream in 0.9.16.016.
Checksums-Sha1: 
 65671953838fc36326612e7e1e045edb5f40985f 1634 
phpgroupware_0.9.16.016+dfsg-1.dsc
 72ce4ed6e289bae918f36a80b5cb788037b277e7 19039199 
phpgroupware_0.9.16.016+dfsg.orig.tar.gz
 e1854ba3fa54d8f3734e04e7d7457ae92ed8e2b2 98567 
phpgroupware_0.9.16.016+dfsg-1.diff.gz
 85df7b901a787cc4ec0b76dd546b3708c3084a78 6152 
phpgroupware_0.9.16.016+dfsg-1_all.deb
 f8597d8aa5fbd869f4c63947fb0f4265c0825757 21086 
phpgroupware-0.9.16_0.9.16.016+dfsg-1_all.deb
 695c110f4e690887f6295414382d4dfd191ad1c4 130642 
phpgroupware-0.9.16-doc_0.9.16.016+dfsg-1_all.deb
 ba97c25d83dbf873a418244cf018e4afc3f9cc38 5110 
phpgroupware-0.9.16-core_0.9.16.016+dfsg-1_all.deb
 8878388beeefcca695619df0b2d2e44528204add 57452 
phpgroupware-0.9.16-core-base_0.9.16.016+dfsg-1_all.deb
 8d7949cb501647ac9907b2468d7b1d254d585981 176598 
phpgroupware-0.9.16-addressbook_0.9.16.016+dfsg-1_all.deb
 466f539fecfc65adbdd4e92b107ceda1e373f971 187796 
phpgroupware-0.9.16-admin_0.9.16.016+dfsg-1_all.deb
 f019a6c1e0741208d27c92c255ee4f2d8b68d4bf 269198 
phpgroupware-0.9.16-calendar_0.9.16.016+dfsg-1_all.deb
 5c11db881bd92c288a30877477d18fc1409ccb57 1168966 
phpgroupware-0.9.16-email_0.9.16.016+dfsg-1_all.deb
 172e780a91192e93675c0ed1e0d541d31f912a06 93890 
phpgroupware-0.9.16-manual_0.9.16.016+dfsg-1_all.deb
 37a169e2e2cc1972d4f55eb2f1df70658b966136 41568 
phpgroupware-0.9.16-news-admin_0.9.16.016+dfsg-1_all.deb
 6d6e0684e7b15b36a97e9f00cdbbca758aa1271c 33206 
phpgroupware-0.9.16-notes_0.9.16.016+dfsg-1_all.deb
 09ac79a56d31d201dc57132340f4984ec74b1891 1528096 
phpgroupware-0.9.16-phpgwapi_0.9.16.016+dfsg-1_all.deb
 82e9e78841dee9bab5d2306a1da9284d7d1e265b 7986158 
phpgroupware-0.9.16-phpgwapi-doc_0.9.16.016+dfsg-1_all.deb
 6fe984bd73e244dc803f0d0d582ad4bb87703ef2 60192 
phpgroupware-0.9.16-preferences_0.9.16.016+dfsg-1_all.deb
 b6135d5cbb6d9d2a8d295f448383eb69b7b30e5f 281478 
phpgroupware-0.9.16-setup_0.9.16.016+dfsg-1_all.deb
 4a6da3cd85e6fd312491a9edc82ef821a2951bf4 50584 
phpgroupware-0.9.16-todo_0.9.16.016+dfsg-1_all.deb
 ff9c41937c241579004b7053ebf96dd461761add 91584 
phpgroupware-0.9.16-filemanager_0.9.16.016+dfsg-1_all.deb
Checksums-Sha256: 
 06f4d169a42398b05bd2c3262a4f92c9f1ca0bc0fef7779e71e62be442f46152 1634 
phpgroupware_0.9.16.016+dfsg-1.dsc
 e4bfdc6b4aebe9747a874c05b831382022ed0639efd095432590a84910974e69 19039199 
phpgroupware_0.9.16.016+dfsg.orig.tar.gz
 0f0e89b7864f69e8051deafba8ce1bb8972aa3dc3b14481cf95bf68ef7524057 98567 
phpgroupware_0.9.16.016+dfsg-1.diff.gz
 27878f66a7232b1e43f3e24705c2a12f3afe634728847b818be74503f7ce52fa 6152 
phpgroupware_0.9.16.016+dfsg-1_all.deb
 024ea2265f08c86a591d8fb596e9048ca32114e7495dd3de534b38ffda596912 21086 
phpgroupware-0.9.16_0.9.16.016+dfsg-1_all.deb
 074b5ba1e0b1888e267af079cbcf87fe9e4d221c7445a6bc19af9efd24144692 130642 
phpgroupware-0.9.16-doc_0.9.16.016+dfsg-1_all.deb
 8a496bd5881c55b0a8f2af6240401db3112f85d472e878da1a49708db357e348 5110 
phpgroupware-0.9.16-core_0.9.16.016+dfsg-1_all.deb
 7c5aaab89bf0a2e3c446dcd0194963758f87b32512e414aea5c0fe6c0ea760d4 57452 
phpgroupware-0.9.16-core-base_0.9.16.016+dfsg-1_all.deb
 29f87f0d89ae0eac7a936c927229ed53ce1360381233a6eb1e004407919b4419 176598 
phpgroupware-0.9.16-addressbook_0.9.16.016+dfsg-1_all.deb
 e3402b003e8f8b3475af2ea76568a7d2f52cdf9d471e3d384ab325fd64e483c9 187796 
phpgroupware-0.9.16-admin_0.9.16.016+dfsg-1_all.deb
 e5cf684ea0b7a9548e15ba78cd7b9c7a8e7e0955685393785cc39509a500578c 269198 
phpgroupware-0.9.16-calendar_0.9.16.016+dfsg-1_all.deb
 4b532a59b9ebdb7e89289c9adc61106af57c0516a0bfed067a3f9dcdd71e3874 1168966 
phpgroupware-0.9.16-email_0.9.16.016+dfsg-1_all.deb
 7b073015039a765ce7e30dcb1f7d6e57673dd4150f853d5b0418ca97f2a14952 93890 
phpgroupware-0.9.16-manual_0.9.16.016+dfsg-1_all.deb
 0924e94a585ac0174e149a673f132907179ff175ea9ef117db55107adb21c339 41568 
phpgroupware-0.9.16-news-admin_0.9.16.016+dfsg-1_all.deb
 132e20b90ed98571e7a416e4b66f9295982a52815339ff1714b85367547eacea 33206 
phpgroupware-0.9.16-notes_0.9.16.016+dfsg-1_all.deb
 cb607e44b29ca5a537cb70ecd849db33bfb5cb1c096e4bccefc4f1e885a76e13 1528096 
phpgroupware-0.9.16-phpgwapi_0.9.16.016+dfsg-1_all.deb
 4bbf067c2e126724156f1c8e604bb1d1071956614333d39ecdc8da2682187bc5 7986158 
phpgroupware-0.9.16-phpgwapi-doc_0.9.16.016+dfsg-1_all.deb
 84f1c536835833d181ce80d90df6fe8db3d8563191a75c76ce3d01a3dd447343 60192 
phpgroupware-0.9.16-preferences_0.9.16.016+dfsg-1_all.deb
 6827cadfa46b436a7385132c1961073f596571d0a9a189ccb10f756aa2c069be 281478 
phpgroupware-0.9.16-setup_0.9.16.016+dfsg-1_all.deb
 eaabcb32d3af975fde74ee629b1445803f3ba0bb4861950c55f43897d0b16420 50584 
phpgroupware-0.9.16-todo_0.9.16.016+dfsg-1_all.deb
 c42678b02e74e3355386922fa679a80f0f1ae620260e8d77d925676aeed50dd2 91584 
phpgroupware-0.9.16-filemanager_0.9.16.016+dfsg-1_all.deb
Files: 
 e57a673c9de92ccf8df7235a8ecc4a80 1634 web optional 
phpgroupware_0.9.16.016+dfsg-1.dsc
 1d0baf732e2732fe05bc8ebf00b8bf3d 19039199 web optional 
phpgroupware_0.9.16.016+dfsg.orig.tar.gz
 c32657ddd3015321bdbc1fa536f7260e 98567 web optional 
phpgroupware_0.9.16.016+dfsg-1.diff.gz
 bf0f7fc640b99c1c1af4578312a4775f 6152 web optional 
phpgroupware_0.9.16.016+dfsg-1_all.deb
 7dd503d548a5e3df4a598ad2b58a5a64 21086 web optional 
phpgroupware-0.9.16_0.9.16.016+dfsg-1_all.deb
 b92041f976e98af6c19eac00f8c99bd5 130642 doc optional 
phpgroupware-0.9.16-doc_0.9.16.016+dfsg-1_all.deb
 9f1d890aaae3314a401f06e34378d1ee 5110 web optional 
phpgroupware-0.9.16-core_0.9.16.016+dfsg-1_all.deb
 7e58e92cdad728dcc44552a37da2c5ae 57452 web optional 
phpgroupware-0.9.16-core-base_0.9.16.016+dfsg-1_all.deb
 eb717e734ee153901cc65ee1718ddf09 176598 web optional 
phpgroupware-0.9.16-addressbook_0.9.16.016+dfsg-1_all.deb
 c92a010dafcbc52057fdd14e277a6fd1 187796 web optional 
phpgroupware-0.9.16-admin_0.9.16.016+dfsg-1_all.deb
 41d3599699203cf422558d275ada4bf4 269198 web optional 
phpgroupware-0.9.16-calendar_0.9.16.016+dfsg-1_all.deb
 aa7a26f292c1f47a6bd67c5acc938bfc 1168966 web optional 
phpgroupware-0.9.16-email_0.9.16.016+dfsg-1_all.deb
 56bcfba69bc968378ef4c122c2ea66f9 93890 web optional 
phpgroupware-0.9.16-manual_0.9.16.016+dfsg-1_all.deb
 bcfd7006fa8ece1b121e9c8d6ae9826c 41568 web optional 
phpgroupware-0.9.16-news-admin_0.9.16.016+dfsg-1_all.deb
 c9157b3e490f152032f6d8f1b79e451f 33206 web optional 
phpgroupware-0.9.16-notes_0.9.16.016+dfsg-1_all.deb
 abebd57ab500a79d6693a8c841cb762f 1528096 web optional 
phpgroupware-0.9.16-phpgwapi_0.9.16.016+dfsg-1_all.deb
 dfa3a762619fb249662ffe5563147400 7986158 doc optional 
phpgroupware-0.9.16-phpgwapi-doc_0.9.16.016+dfsg-1_all.deb
 b0e4ce8b2b6764dc73d912f3d9449974 60192 web optional 
phpgroupware-0.9.16-preferences_0.9.16.016+dfsg-1_all.deb
 d012f1baaa8ea0e20a416ec76c3e8fd0 281478 web optional 
phpgroupware-0.9.16-setup_0.9.16.016+dfsg-1_all.deb
 dbe0159cd128b12e2d7cc9da92149b92 50584 web optional 
phpgroupware-0.9.16-todo_0.9.16.016+dfsg-1_all.deb
 d0e98bf3a041d9f4ab7078ca9fc9ebbb 91584 web optional 
phpgroupware-0.9.16-filemanager_0.9.16.016+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwMrccACgkQNxpp46476aoJjwCfatSlu3FanXv3ATeQlouFkjBw
kWEAoIbKIwMYOoNhK3Y1VLRIxmIgb2I5
=iwYA
-----END PGP SIGNATURE-----

--- End Message ---

Bug#584517: marked as done (CVE-2010-0404: Multiple SQL injection vulnerabilities)

Reply via email to