Your message dated Thu, 01 Sep 2005 09:02:11 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#323350: fixed in egroupware 1.0.0.009.dfsg-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Aug 2005 07:51:49 +0000
>From [EMAIL PROTECTED] Tue Aug 16 00:51:49 2005
Return-path: <[EMAIL PROTECTED]>
Received: from (vserver151.vserver151.serverflex.de) [193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E4wEf-0007H5-00; Tue, 16 Aug 2005 00:51:49 -0700
Received: from wlan-client-006.informatik.uni-bremen.de ([134.102.116.7]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1E4wEb-0003lt-Jc
for [EMAIL PROTECTED]; Tue, 16 Aug 2005 09:51:45 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
id 1E4wF0-0001ZG-PJ; Tue, 16 Aug 2005 09:52:10 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: egroupware: Another XMLRPC vulnerability
X-Mailer: reportbug 3.15
Date: Tue, 16 Aug 2005 09:52:10 +0200
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.116.7
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: egroupware
Severity: grave
Tags: security
Justification: user security hole
Hi,
another vulnerability has been found in the XMLRPC code. Please
see http://www.hardened-php.net/advisory_142005.66.html for
more information. egroupware was affected by July's vulnerability,
so it might now be affected as well (haven't verified that myself).
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 323350-close) by bugs.debian.org; 1 Sep 2005 16:08:20 +0000
>From [EMAIL PROTECTED] Thu Sep 01 09:08:20 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EArVz-00082g-00; Thu, 01 Sep 2005 09:02:11 -0700
From: Peter Eisentraut <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#323350: fixed in egroupware 1.0.0.009.dfsg-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 01 Sep 2005 09:02:11 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: egroupware
Source-Version: 1.0.0.009.dfsg-1
We believe that the bug you reported is fixed in the latest version of
egroupware, which is due to be installed in the Debian FTP archive:
egroupware-addressbook_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-addressbook_1.0.0.009.dfsg-1_all.deb
egroupware-bookmarks_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-bookmarks_1.0.0.009.dfsg-1_all.deb
egroupware-calendar_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-calendar_1.0.0.009.dfsg-1_all.deb
egroupware-comic_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-comic_1.0.0.009.dfsg-1_all.deb
egroupware-core_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-core_1.0.0.009.dfsg-1_all.deb
egroupware-developer-tools_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-developer-tools_1.0.0.009.dfsg-1_all.deb
egroupware-email_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-email_1.0.0.009.dfsg-1_all.deb
egroupware-emailadmin_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-emailadmin_1.0.0.009.dfsg-1_all.deb
egroupware-etemplate_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-etemplate_1.0.0.009.dfsg-1_all.deb
egroupware-felamimail_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-felamimail_1.0.0.009.dfsg-1_all.deb
egroupware-filemanager_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-filemanager_1.0.0.009.dfsg-1_all.deb
egroupware-forum_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-forum_1.0.0.009.dfsg-1_all.deb
egroupware-ftp_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-ftp_1.0.0.009.dfsg-1_all.deb
egroupware-fudforum_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-fudforum_1.0.0.009.dfsg-1_all.deb
egroupware-headlines_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-headlines_1.0.0.009.dfsg-1_all.deb
egroupware-infolog_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-infolog_1.0.0.009.dfsg-1_all.deb
egroupware-jinn_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-jinn_1.0.0.009.dfsg-1_all.deb
egroupware-ldap_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-ldap_1.0.0.009.dfsg-1_all.deb
egroupware-manual_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-manual_1.0.0.009.dfsg-1_all.deb
egroupware-messenger_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-messenger_1.0.0.009.dfsg-1_all.deb
egroupware-news-admin_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-news-admin_1.0.0.009.dfsg-1_all.deb
egroupware-phpbrain_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-phpbrain_1.0.0.009.dfsg-1_all.deb
egroupware-phpldapadmin_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-phpldapadmin_1.0.0.009.dfsg-1_all.deb
egroupware-phpsysinfo_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-phpsysinfo_1.0.0.009.dfsg-1_all.deb
egroupware-polls_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-polls_1.0.0.009.dfsg-1_all.deb
egroupware-projects_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-projects_1.0.0.009.dfsg-1_all.deb
egroupware-registration_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-registration_1.0.0.009.dfsg-1_all.deb
egroupware-sitemgr_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-sitemgr_1.0.0.009.dfsg-1_all.deb
egroupware-stocks_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-stocks_1.0.0.009.dfsg-1_all.deb
egroupware-tts_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-tts_1.0.0.009.dfsg-1_all.deb
egroupware-wiki_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware-wiki_1.0.0.009.dfsg-1_all.deb
egroupware_1.0.0.009.dfsg-1.diff.gz
to pool/main/e/egroupware/egroupware_1.0.0.009.dfsg-1.diff.gz
egroupware_1.0.0.009.dfsg-1.dsc
to pool/main/e/egroupware/egroupware_1.0.0.009.dfsg-1.dsc
egroupware_1.0.0.009.dfsg-1_all.deb
to pool/main/e/egroupware/egroupware_1.0.0.009.dfsg-1_all.deb
egroupware_1.0.0.009.dfsg.orig.tar.gz
to pool/main/e/egroupware/egroupware_1.0.0.009.dfsg.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Eisentraut <[EMAIL PROTECTED]> (supplier of updated egroupware package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 1 Sep 2005 11:11:11 +0200
Source: egroupware
Binary: egroupware-news-admin egroupware-felamimail egroupware-projects
egroupware-polls egroupware-jinn egroupware-calendar egroupware-messenger
egroupware egroupware-bookmarks egroupware-wiki egroupware-filemanager
egroupware-ldap egroupware-addressbook egroupware-headlines egroupware-tts
egroupware-etemplate egroupware-registration egroupware-comic
egroupware-emailadmin egroupware-ftp egroupware-developer-tools
egroupware-phpldapadmin egroupware-phpsysinfo egroupware-stocks
egroupware-manual egroupware-infolog egroupware-core egroupware-email
egroupware-fudforum egroupware-sitemgr egroupware-phpbrain egroupware-forum
Architecture: source all
Version: 1.0.0.009.dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Peter Eisentraut <[EMAIL PROTECTED]>
Changed-By: Peter Eisentraut <[EMAIL PROTECTED]>
Description:
egroupware - web-based groupware suite
egroupware-addressbook - eGroupWare addressbook management application
egroupware-bookmarks - eGroupWare bookmark management application
egroupware-calendar - eGroupWare calendar management application
egroupware-comic - eGroupWare comic strip application
egroupware-core - eGroupWare core modules
egroupware-developer-tools - eGroupWare developer tools
egroupware-email - eGroupWare E-mail client application
egroupware-emailadmin - eGroupWare E-mail user administration application
egroupware-etemplate - widget-based template system for eGroupWare
egroupware-felamimail - eGroupWare FeLaMiMail application
egroupware-filemanager - eGroupWare file manager application
egroupware-forum - eGroupWare forum application
egroupware-ftp - eGroupWare FTP application
egroupware-fudforum - eGroupWare FUDforum application
egroupware-headlines - eGroupWare headlines catcher application
egroupware-infolog - eGroupWare infolog application
egroupware-jinn - content management system for eGroupWare
egroupware-ldap - eGroupware LDAP support files
egroupware-manual - eGroupWare manual
egroupware-messenger - eGroupWare messenger application
egroupware-news-admin - eGroupWare news administration interface
egroupware-phpbrain - eGroupWare phpbrain application
egroupware-phpldapadmin - eGroupWare phpLDAPadmin application
egroupware-phpsysinfo - eGroupWare phpSysInfo application
egroupware-polls - eGroupWare polling application
egroupware-projects - eGroupWare projects management application
egroupware-registration - eGroupWare registration application
egroupware-sitemgr - eGroupWare site manager application
egroupware-stocks - eGroupWare stock management application
egroupware-tts - eGroupWare trouble ticket system application
egroupware-wiki - eGroupWare wiki application
Closes: 323350
Changes:
egroupware (1.0.0.009.dfsg-1) unstable; urgency=high
.
* New upstream release
- Includes fix for (another) XML-RPC remote execution security problem
(CAN-2005-2498) (closes: #323350)
Files:
ba90aad27bde538f05b0a0eef271741c 1269 web optional
egroupware_1.0.0.009.dfsg-1.dsc
b03b60f40d768d7798b65d2d2cb165b9 12704499 web optional
egroupware_1.0.0.009.dfsg.orig.tar.gz
d7bee93fee94af2f81df6d815ec6104a 33014 web optional
egroupware_1.0.0.009.dfsg-1.diff.gz
f7659fcc4c9ad6d78b0bad16bfdc6626 4474 web optional
egroupware_1.0.0.009.dfsg-1_all.deb
bca92a864787083eab5ff95cb9a0bbd8 3777366 web optional
egroupware-core_1.0.0.009.dfsg-1_all.deb
890d665990a050ab679444a74f961fc4 7212 web optional
egroupware-ldap_1.0.0.009.dfsg-1_all.deb
4497b423d80640873da1cb3291a17c38 149058 web optional
egroupware-addressbook_1.0.0.009.dfsg-1_all.deb
714101d8a65c0269b3034e2bbfbc82eb 125170 web optional
egroupware-bookmarks_1.0.0.009.dfsg-1_all.deb
573238c953798dd52bdbe4b0885d7d39 382722 web optional
egroupware-calendar_1.0.0.009.dfsg-1_all.deb
af69678ea8971f321867682a680ef726 256112 web optional
egroupware-comic_1.0.0.009.dfsg-1_all.deb
bd8494a2d53eec1688c9b9ed442f5829 53498 web optional
egroupware-developer-tools_1.0.0.009.dfsg-1_all.deb
176bcd4c974d2a8bf04a296bdb85b892 1243980 web optional
egroupware-email_1.0.0.009.dfsg-1_all.deb
d240698b03f5b723fd0316fbf2f22963 38174 web optional
egroupware-emailadmin_1.0.0.009.dfsg-1_all.deb
63049594a92994afc6344b629b278a2b 1363302 web optional
egroupware-etemplate_1.0.0.009.dfsg-1_all.deb
e8a7b98c1e5f1b5d744b9aa905c79cf9 275460 web optional
egroupware-felamimail_1.0.0.009.dfsg-1_all.deb
1e88537311f71c451804578a6dbb299f 172890 web optional
egroupware-filemanager_1.0.0.009.dfsg-1_all.deb
66565de0c0dd1ad25ed650f4f8c15b6d 51398 web optional
egroupware-forum_1.0.0.009.dfsg-1_all.deb
ada18874052233a122d014c5b3c6b5ab 38098 web optional
egroupware-ftp_1.0.0.009.dfsg-1_all.deb
cc7efe4b17567b2478a39dc702dd4606 1486540 web optional
egroupware-fudforum_1.0.0.009.dfsg-1_all.deb
5727c23181d88985e46d34c7b4afa7e5 74974 web optional
egroupware-headlines_1.0.0.009.dfsg-1_all.deb
babe359fdb81d717e81ef015ea631457 202354 web optional
egroupware-infolog_1.0.0.009.dfsg-1_all.deb
5c29933a09bd9191fae0897111a46fe1 205066 web optional
egroupware-jinn_1.0.0.009.dfsg-1_all.deb
df67282b44045f0ccd4e94efac8301ca 17364 web optional
egroupware-manual_1.0.0.009.dfsg-1_all.deb
8fc951211de76b301678631f5150c75e 32212 web optional
egroupware-messenger_1.0.0.009.dfsg-1_all.deb
b49c12c195c31923873d1417f637d38e 50780 web optional
egroupware-news-admin_1.0.0.009.dfsg-1_all.deb
69fc4022e58f03983f13fca7afac52a1 119342 web optional
egroupware-phpbrain_1.0.0.009.dfsg-1_all.deb
26c11dc4e6316f919687cf9c71c2b54b 139632 web optional
egroupware-phpldapadmin_1.0.0.009.dfsg-1_all.deb
121829c7b8643e3b19457d9dac707628 116020 web optional
egroupware-phpsysinfo_1.0.0.009.dfsg-1_all.deb
4508f086048a118684991c439e7da6a8 36138 web optional
egroupware-polls_1.0.0.009.dfsg-1_all.deb
dbfa84cb7a0bafa0a8b13f213dafe130 302572 web optional
egroupware-projects_1.0.0.009.dfsg-1_all.deb
e3f2fdba8ebcc02cfa64c1ebf60dc16d 99894 web optional
egroupware-registration_1.0.0.009.dfsg-1_all.deb
699bfff6fd1eefe95935c1b4ca77316c 486570 web optional
egroupware-sitemgr_1.0.0.009.dfsg-1_all.deb
ebd2f10ad0ca564aad7610c9a64cf2b8 26580 web optional
egroupware-stocks_1.0.0.009.dfsg-1_all.deb
43489f82121818a4b1d092317a08073e 93792 web optional
egroupware-tts_1.0.0.009.dfsg-1_all.deb
ddf502a593176f0c9ecf0388c65d0230 92672 web optional
egroupware-wiki_1.0.0.009.dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDFxNWTTx8oVVPtMYRAryCAKC19YkHFUIv59+sF1aFDBU8k1FdugCgvBPD
OBNTZxXu33Gb89oqYVaclXU=
=95Cq
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
