Your message dated Mon, 08 Oct 2007 09:47:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#427156: fixed in gnatsweb 4.00-1.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gnatsweb
Severity: important
Tags: security
A cross-site scripting vulnerability has been disclosed in gnatsweb:
<http://pridels-team.blogspot.com/2007/05/blog-post.html>
Please mention the name CVE-2007-2808 in the changelog when fixing
this bug.
--- End Message ---
--- Begin Message ---
Source: gnatsweb
Source-Version: 4.00-1.1
We believe that the bug you reported is fixed in the latest version of
gnatsweb, which is due to be installed in the Debian FTP archive:
gnatsweb_4.00-1.1.diff.gz
to pool/main/g/gnatsweb/gnatsweb_4.00-1.1.diff.gz
gnatsweb_4.00-1.1.dsc
to pool/main/g/gnatsweb/gnatsweb_4.00-1.1.dsc
gnatsweb_4.00-1.1_all.deb
to pool/main/g/gnatsweb/gnatsweb_4.00-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated gnatsweb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 06 Oct 2007 15:03:47 +0200
Source: gnatsweb
Binary: gnatsweb
Architecture: source all
Version: 4.00-1.1
Distribution: unstable
Urgency: high
Maintainer: Chad Walstrom <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
gnatsweb - Web interface to GNU GNATS
Closes: 427156
Changes:
gnatsweb (4.00-1.1) unstable; urgency=high
.
* Non-maintainer upload by testing security team.
* Fixed missing escaping of the database parameter which leads
to a cross-site scripting vulnerability (XSS) via this
parameter (CVE-2007-2808) (Closes: # 427156).
Files:
63358364e415f98c5367add70a6af1bf 560 devel extra gnatsweb_4.00-1.1.dsc
dd21e624e50358a98df96640e8c34d91 2417 devel extra gnatsweb_4.00-1.1.diff.gz
d9baa962037c5869b55e5610d8c6b2de 55626 devel extra gnatsweb_4.00-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHCfqgHYflSXNkfP8RAi6jAKCE8YwiOXvz2Uxn/6W8e1qyx5fECACghu0Z
3F1Tkz4ni2vy6n2YUXURcas=
=7JR5
-----END PGP SIGNATURE-----
--- End Message ---