Your message dated Thu, 16 Jun 2022 17:06:48 +0000 with message-id <e1o1sxe-00029k...@fasolo.debian.org> and subject line Bug#1011636: fixed in guzzle 7.4.4-1 has caused the Debian Bug report #1011636, regarding guzzle: [CVE-2022-29248] Cross-domain cookie leakage to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1011636: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: php-guzzlehttp-guzzle Version: 7.4.1-1 Severity: serious Tags: upstream security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Guzzle 7.5.0 (and 7.4.3) has just been released fixing a cross-domain cookie leakage. More information: https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3 Regards David P.-S. Please, consider maintaining this package within the Debian PHP PEAR (and Composer) Maintainers <pkg-php-p...@lists.alioth.debian.org> team. FYI, I just started documenting our usual workflom. https://wiki.debian.org/Teams/DebianPHPGroup/Composer
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: guzzle Source-Version: 7.4.4-1 Done: Katharina Drexel <katharina.dre...@bfh.ch> We believe that the bug you reported is fixed in the latest version of guzzle, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1011...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Katharina Drexel <katharina.dre...@bfh.ch> (supplier of updated guzzle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 16 Jun 2022 18:22:39 +0200 Source: guzzle Architecture: source Version: 7.4.4-1 Distribution: sid Urgency: medium Maintainer: Katharina Drexel <katharina.dre...@bfh.ch> Changed-By: Katharina Drexel <katharina.dre...@bfh.ch> Closes: 1011636 Changes: guzzle (7.4.4-1) sid; urgency=medium . * Upgrading to 7.4.4 because of cookie injection leak (Closes: #1011636) [CVE-2022-31042, CVE-2022-31043] * Adding test folder to debian. * Adopting debian/rules to the salsa standard. * Optimizing watchfile. * Adding some more files which have to be cleaned. * Adding gbp config file. * Adding upstream/metadata and signing key. * Adding newer standards version. * debian/control: Correcting Vcs* paths. * debian/control: Break should also be valid for Debian-replace. Checksums-Sha1: 265ea1e07cd3cd6883be9d59c5285827d89d9c75 1974 guzzle_7.4.4-1.dsc 4f86ade754a2662ffc786786a06015ccbc6b5c1f 442168 guzzle_7.4.4.orig.tar.xz a696912feb69845ede4aad02506cc58b0b64e776 3904 guzzle_7.4.4-1.debian.tar.xz ef8405bf0dd26a364064043abbceb0857c3b45c6 6610 guzzle_7.4.4-1_amd64.buildinfo Checksums-Sha256: 3c1252264c615bdb1a5041169824167829b1ff73357b9967bb43004db2b277a2 1974 guzzle_7.4.4-1.dsc 4fadb0a717e5a93beb340df52c6a4ec7767550ebee5cc15871396956d106398c 442168 guzzle_7.4.4.orig.tar.xz 3e7f0fd7324e71304f34f014ab21b69cf6a8188f0aceb5c6c4eb4a6f6117c888 3904 guzzle_7.4.4-1.debian.tar.xz 8825ad217c1a6bf66c24a6ad7ba3c117f07cccbcaa96ea1fab60f7f1caedda59 6610 guzzle_7.4.4-1_amd64.buildinfo Files: 8bcde26fa9ea06d12ae7093d89eeb66a 1974 php optional guzzle_7.4.4-1.dsc 6440e249aa0738aa80d9b3c4c131180b 442168 php optional guzzle_7.4.4.orig.tar.xz df5c9dfec9e2e6fc6da9eb8cf04b3cb9 3904 php optional guzzle_7.4.4-1.debian.tar.xz 31ae8ff8c4616bebd02f525a4c16038e 6610 php optional guzzle_7.4.4-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgTbtJcfWfpLHSkKSVc8b+YaruccFAmKrXtMACgkQVc8b+Yar ucfbhQ/+M7g7nWR71JfHMTOVmy9q/P/XckKGF7ZdV9VY9u/SSeEpCglLSxRBYMTB vTkvupYq0L22FoOQIwVvVQvBE81K7ipr0C4N6sXHi0fqYe/2g0uY/EUvDX+6xB4J /yGkTD317Qg37AQclND8D0O4b5sseHIB2OgPRD0x/Z+1c9CgQYvmu6V91ztRwPW3 VaZf+gxyOB++CTHnNKHspSRJeHluT2b7U4tSbfpR1boXu3EzBSOuj33rDxuhvktW Fm9POP0YuP6SOUQfgp9kg1ys20439/5hehy7mBY2+5aLWo2RBBnZDyFiUT7N33t0 5ZMQvbYRSYnRCojHux+r/aNTi6lNcsUASSrBoBBWtaucEufHlV4Ix+hIBRJEeS9L rFlgNA5kKpTE+qhcNhHTkMfvY7PDTahXIlbg215/uHgyUOn59SiOXS9j53HoQmq1 jVTIo5RbJKlTMXMf6jnLYGatTH7B4ABaU2JP1eCuywzhPG8eYjAEkn5SMANPFf+Z KVz3ctt7YJVnXO5s3G23IzmZhy8lvetlTR2iB60herndGarZV1XJZFKr5rEmP9UP MPRAcULT+u+4inUKYIzry3iAl+eayhoZqelQ/eZWEK5rC2tsZl5QgcVmgqSwDI/W 3DJcnjgikHOMEZeYgscwF+SLnqwm1j9ui6J3UmETIuBHWu608wY= =NEEK -----END PGP SIGNATURE-----
--- End Message ---
