Your message dated Wed, 18 May 2016 11:45:33 +0000 with message-id <e1b2zuv-0006jx...@franck.debian.org> and subject line Bug#824589: Removed package(s) from unstable has caused the Debian Bug report #815979, regarding dotclear: New minor releases with security fixes (CVE-2015-5651 CVE-2015-8831 CVE-2015-8832) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 815979: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815979 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: dotclear Version: 2.8.0+dfsg-1 Severity: serious Tags: security Justification: security Hi, I'm using Debian packages of dotclear (a php blogs engine) for a few years. For 6 months, the package do not change, and I did not get any anwser to my previous bug reports, including an important one (#797055) that probably prevent any one to use the Debian package as-is. I just see today that two minor releases have been published that fix security bugs. From upstream webpage: =========== News 2015 Oct 25 Dotclear 2.8.2 A new maintenance release which fixes one potential XSS vulnerability in comments's list and enforce media extension before upload[1] (thanks to Tim Coen, Curesec Gmbh, for reporting them) and two... 2015 Sep 23 Dotclear 2.8.1 A new maintenance release which fixes one potential XSS vulnerabilities (thanks to Yuji Tounai of NTT Com Security (Japan) KK, via Keiko Yashiki from JPCERT/CC) and two other bugfixes. Your dashboard... =========== I tagged this bug with a serious severity so that, if dotclear is not maintained anymore, it will be removed from testing (so admins tracking testing will be notified and can manually install the upstream versions). If dotclear is still maintained (I hope for that), then an update must be done. Note that I do not know if the security bugs also apply or not to the jessie version. Regards, Vincent -- System Information: Debian Release: stretch/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'squeeze-lts'), (500, 'oldstable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel Kernel: Linux 4.4.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages dotclear depends on: ii apache2 [httpd] 2.4.18-1 ii dbconfig-common 2.0.3 ii debconf [debconf-2.0] 1.5.58 pn libapache2-mod-php5 | php5 | php5-cgi <none> ii libjs-jquery 1.11.3+dfsg-4 ii libjs-jquery-cookie 10-2 ii libjs-jquery-ui 1.10.1+dfsg-1 pn php5-cli <none> pn php5-mysql | php5-pgsql | php5-sqlite <none> ii sqlite3 3.11.0-2 Versions of packages dotclear recommends: ii apache2 [httpd] 2.4.18-1 pn mysql-server | mariadb-server | postgresql <none> dotclear suggests no packages. -- debconf information excluded
--- End Message ---
--- Begin Message ---Version: 2.8.0+dfsg-1+rm Dear submitter, as the package dotclear has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/824589 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
