Bug#635837: marked as done (CVE-2011-2524: SoupServer directory traversal)

Debian Bug Tracking System Thu, 22 Dec 2011 23:57:42 -0800

Your message dated Fri, 23 Dec 2011 07:55:15 +0000
with message-id <[email protected]>
and subject line Bug#635837: fixed in libsoup2.4 2.30.2-1+squeeze1
has caused the Debian Bug report #635837,
regarding CVE-2011-2524: SoupServer directory traversal
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
635837: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635837
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: libsoup2.4
Severity: grave
Tags: security

Please see the following references:
https://bugzilla.redhat.com/show_bug.cgi?id=720509
https://bugzilla.gnome.org/show_bug.cgi?id=653258
http://git.gnome.org/browse/libsoup/commit/?id=cbeeb7a0f7f0e8b16f2d382157496f9100218dea
http://git.gnome.org/browse/libsoup/commit/?h=gnome-3-0&id=51eb8798c3965b49f3010db82009d36429f28514

Cheers,
        Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: libsoup2.4
Source-Version: 2.30.2-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
libsoup2.4, which is due to be installed in the Debian FTP archive:

libsoup-gnome2.4-1_2.30.2-1+squeeze1_amd64.deb
  to main/libs/libsoup2.4/libsoup-gnome2.4-1_2.30.2-1+squeeze1_amd64.deb
libsoup-gnome2.4-dev_2.30.2-1+squeeze1_amd64.deb
  to main/libs/libsoup2.4/libsoup-gnome2.4-dev_2.30.2-1+squeeze1_amd64.deb
libsoup2.4-1_2.30.2-1+squeeze1_amd64.deb
  to main/libs/libsoup2.4/libsoup2.4-1_2.30.2-1+squeeze1_amd64.deb
libsoup2.4-dbg_2.30.2-1+squeeze1_amd64.deb
  to main/libs/libsoup2.4/libsoup2.4-dbg_2.30.2-1+squeeze1_amd64.deb
libsoup2.4-dev_2.30.2-1+squeeze1_amd64.deb
  to main/libs/libsoup2.4/libsoup2.4-dev_2.30.2-1+squeeze1_amd64.deb
libsoup2.4-doc_2.30.2-1+squeeze1_all.deb
  to main/libs/libsoup2.4/libsoup2.4-doc_2.30.2-1+squeeze1_all.deb
libsoup2.4_2.30.2-1+squeeze1.debian.tar.gz
  to main/libs/libsoup2.4/libsoup2.4_2.30.2-1+squeeze1.debian.tar.gz
libsoup2.4_2.30.2-1+squeeze1.dsc
  to main/libs/libsoup2.4/libsoup2.4_2.30.2-1+squeeze1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[email protected]> (supplier of updated libsoup2.4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 21 Dec 2011 19:36:22 +0000
Source: libsoup2.4
Binary: libsoup2.4-dev libsoup2.4-1 libsoup2.4-dbg libsoup-gnome2.4-1 
libsoup-gnome2.4-dev libsoup2.4-doc
Architecture: source all amd64
Version: 2.30.2-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian GNOME Maintainers 
<[email protected]>
Changed-By: Nico Golde <[email protected]>
Description: 
 libsoup-gnome2.4-1 - an HTTP library implementation in C -- GNOME support 
library
 libsoup-gnome2.4-dev - an HTTP library implementation in C -- GNOME support 
development
 libsoup2.4-1 - an HTTP library implementation in C -- Shared library
 libsoup2.4-dbg - an HTTP library implementation in C -- debugging symbols
 libsoup2.4-dev - an HTTP library implementation in C -- Development files
 libsoup2.4-doc - an HTTP library implementation in C -- API Reference
Closes: 635837
Changes: 
 libsoup2.4 (2.30.2-1+squeeze1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix directory traversal vulnerability through crafted HTTP requests
     (CVE-2011-2524; Closes: #635837)
Checksums-Sha1: 
 ad2ed5a765d9ce58d887195af2fa9dae5487ef48 1729 libsoup2.4_2.30.2-1+squeeze1.dsc
 35197cd3e2cf650a06c5bc5a5294dd4cfc9ba27e 874026 libsoup2.4_2.30.2.orig.tar.gz
 ebee6da006f3666a57476a1403328a941f39e156 15817 
libsoup2.4_2.30.2-1+squeeze1.debian.tar.gz
 cbda41ed02e9129858a4d77164ec434bcb9dcaac 226354 
libsoup2.4-doc_2.30.2-1+squeeze1_all.deb
 b15eff6e4563eb73349f44384ff41e0248d7066d 236318 
libsoup2.4-dev_2.30.2-1+squeeze1_amd64.deb
 9b9e31a3232f45603761c4cdd298ed3625efb5e3 175966 
libsoup2.4-1_2.30.2-1+squeeze1_amd64.deb
 3bac3f3b809c27f24dfa031aa7ac0f7d6171ead4 316748 
libsoup2.4-dbg_2.30.2-1+squeeze1_amd64.deb
 e86b2c486ea8892ce97e9c4a7c5eb02fc35af84c 41088 
libsoup-gnome2.4-1_2.30.2-1+squeeze1_amd64.deb
 f49d99b942791f8b3b2e05b6f9aad651781db4b3 41642 
libsoup-gnome2.4-dev_2.30.2-1+squeeze1_amd64.deb
Checksums-Sha256: 
 41a8ede672e61dc9b2196faf6c086daf6d44e89a51bf7f2693755c3b5c90720c 1729 
libsoup2.4_2.30.2-1+squeeze1.dsc
 2671132c247329cdcc26884ad9ee77def8701ffeaaaa6fbf723406abd22ffc58 874026 
libsoup2.4_2.30.2.orig.tar.gz
 7edeb62a7b217bcd8ebada3e7896fa2c8b75c27bd75cd07ea141f168d55f964e 15817 
libsoup2.4_2.30.2-1+squeeze1.debian.tar.gz
 bca98a5fcc12e3d5b46a35f76009a99e93f6e725290b35171fa160f1baedf9a5 226354 
libsoup2.4-doc_2.30.2-1+squeeze1_all.deb
 0898adce5e4d6677408bf80ceea935e330ba1704e7ecfc9413d9c705d110c690 236318 
libsoup2.4-dev_2.30.2-1+squeeze1_amd64.deb
 92e87160c8c2113f7e1ac1ff57414cb6c034f6c66c9cdf7fb1cc1e26eb9edd23 175966 
libsoup2.4-1_2.30.2-1+squeeze1_amd64.deb
 f41d07a84976b736db304b3abccb9c6aa6ab906ad4ae9da157c12fd534c0c271 316748 
libsoup2.4-dbg_2.30.2-1+squeeze1_amd64.deb
 8c921dda764d4b30fc58c8326cfb2783b4f070c9481266914ea43ef298fe183c 41088 
libsoup-gnome2.4-1_2.30.2-1+squeeze1_amd64.deb
 38cb981417e6bc74354ece5120ac71c932b18bdde069d9d3ab77387ed50c5588 41642 
libsoup-gnome2.4-dev_2.30.2-1+squeeze1_amd64.deb
Files: 
 877b559fb4f932480e914e88da1bf482 1729 devel optional 
libsoup2.4_2.30.2-1+squeeze1.dsc
 3f131ab86834bb2b5e0190177910c25d 874026 devel optional 
libsoup2.4_2.30.2.orig.tar.gz
 b2a7a95e97929bf3647ae9e30503175a 15817 devel optional 
libsoup2.4_2.30.2-1+squeeze1.debian.tar.gz
 c04bef0d565e20d7c843115f745e0a8a 226354 doc optional 
libsoup2.4-doc_2.30.2-1+squeeze1_all.deb
 8a341fcb342b5ee741a106128c008e1a 236318 libdevel optional 
libsoup2.4-dev_2.30.2-1+squeeze1_amd64.deb
 42479c8f5a54974efc608f46a5f11d2c 175966 libs optional 
libsoup2.4-1_2.30.2-1+squeeze1_amd64.deb
 32ff1499faf4ce2e74795971162375e2 316748 debug extra 
libsoup2.4-dbg_2.30.2-1+squeeze1_amd64.deb
 22d9f1fb511433190373f59690e6119a 41088 libs optional 
libsoup-gnome2.4-1_2.30.2-1+squeeze1_amd64.deb
 31f8ee3cae8879805d4c82eb9217a865 41642 libdevel optional 
libsoup-gnome2.4-dev_2.30.2-1+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk7yOeYACgkQHYflSXNkfP/GhACaApViv+bhNBKvFDMgcP3wY7dm
0u4AmwY9pxW09/vAyATtSzzEws2xsHLe
=Hopf
-----END PGP SIGNATURE-----

--- End Message ---

Bug#635837: marked as done (CVE-2011-2524: SoupServer directory traversal)

Reply via email to