Your message dated Wed, 22 Jan 2014 17:24:24 +1100
with message-id <201401221724.28486.stu...@debian.org>
and subject line Re: Bug#736154: cantata: Information disclosure (CVE-2013-7300
CVE-2013-7301)
has caused the Debian Bug report #736154,
regarding cantata: Information disclosure (CVE-2013-7300 CVE-2013-7301)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
736154: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736154
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: cantata
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following was reported on oss-security:
https://code.google.com/p/cantata/issues/detail?id=356
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
The Debian package (1.1.3) is not vulnerable -- the internal HTTP server is
not enabled by default in this version, and, when enabled, does not appear to
permit arbitrary files to be served as in later versions.
--
Stuart Prescott http://www.nanonanonano.net/ stu...@nanonanonano.net
Debian Developer http://www.debian.org/ stu...@debian.org
GPG fingerprint BE65 FD1E F4EA 08F3 23D4 3C6D 9FE8 B8CD 71C5 D1A8
GPG fingerprint 90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
