Re: [Bug 151492] Re: [CVE-2007-5091] egroupware: new upstream version 1.4.002
Hi Mark, thanks :-) Ralf Mark Stosberg schrieb: > I'm going to try to make the requested 'debdiff' tonight. I've never > done that before, so I'll see how it goes... However, I already did a > manual install of eGroupware 1.4 on Ubuntu, and it went very smoothly. > > Mark > > ** Changed in: egroupware (Ubuntu) > Assignee: (unassigned) => Mark Stosberg (mark-summersault) > -- Ralf Becker eGroupWare Training & Support ==> http://www.egroupware-support.de Outdoor Unlimited Training GmbH [www.outdoor-training.de] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 (0)631 31657-0 -- [CVE-2007-5091] egroupware: new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 151492] Re: new upstream version 1.4.002
Hi Jamie, I will try to find someone to provide that debdiff, as I personally have no experience with the packaging of debian/ubuntu packages. What about the other issue: including the current eGroupWare relase 1.4.002 in the next Ubuntu release, even if Debian decided to let it sit in experimental? Kind regards Ralf eGroupWare admin Jamie Strandboge schrieb: > Ralf, as egroupware is a universe package, it is not officially > supported with security updates. I have made a link to the Debian > report with the patch, and adjusted the title of the bug. If you or a > community member provides a debdiff with the security patches for 6.06 - > 7.10, then I will be happy to get it uploaded for you. > > ** Also affects: egroupware (Debian) via >http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444351 >Importance: Unknown >Status: Unknown > > ** Summary changed: > > - new upstream version 1.4.002 > + [CVE-2007-5091] egroupware: new upstream version 1.4.002 > -- Ralf Becker eGroupWare Training & Support ==> http://www.egroupware-support.de Outdoor Unlimited Training GmbH [www.outdoor-training.de] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 (0)631 31657-0 -- [CVE-2007-5091] egroupware: new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 151492] Re: new upstream version 1.4.002
Hi Henrik & Jamie, thanks for responding :-) About 1.) I'm not familiar with debian/ubuntu package structure, the following link goes to the original debian bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444351 It contains a link to the patch extracted from our svn repository fixing the issue: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=CVE-2007-5091.patch;att=1;bug=444351 As there's this patch and updated debian packages egroupware/1.2.107-2.dfsg-2, do you still need that debdiff think? About 2.) I need to look into the requirements and see if we fulfill them and I have time to do the required report arguing to include eGW into main. That still leaves the original issue: how do we (eGroupWare project) get current packages into Ubuntu, as long Debian only has them in testing? I thought Ubuntu is not only repackaging Debian, but strives to be more innovative and current then Debian ;-) Ralf ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5091 -- new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 151492] Re: new upstream version 1.4.002
What do we (eGroupWare project) need to do, to get our current stable release into Ubuntu again? Ralf -- new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 151492] new upstream version 1.4.002
Public bug reported: Binary package hint: egroupware The new upstream package eGroupWare-1.4.002 contains beside many bugfixes also a fix for a XSS problem, which is unfixed in your existing eGroupWare 1.2 packages. The new version also fixes all of your reported bugs for eGW. Unfortunately the former version 1.4.001 was to late for Debian 4.0 and the 1.2 (you also include so far) does not play well with php5 or postgres8. Therefore it was decided to completely drop eGroupWare from Debian 4.0 and is now sitting forever in experimental :-( The debian changelog of 1.4.002 contains links to the eGW svn containing the patch for the XSS problem, which can also be applied to 1.2 versions. ** Affects: egroupware (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- new upstream version 1.4.002 https://bugs.launchpad.net/bugs/151492 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 61856] eGroupWare packages in Edgy are outdated
Public bug reported: Binary package hint: egroupware Hi, I'm one of the admins of the eGroupWare project (www.egroupware.org). The packages in Edgy are still the old 1.0.0.xxx version. Our 1.2 release is now half a year old and it is in debain testing. It's not a single package, but a bunch of packages all starting with "egroupware"! Not sure what needs to be done, to get the packages in Edgy updated. Ralf ** Affects: egroupware (Ubuntu) Importance: Untriaged Status: Unconfirmed -- eGroupWare packages in Edgy are outdated https://launchpad.net/bugs/61856 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
