Your message dated Tue, 27 Dec 2011 01:57:33 +0000
with message-id <[email protected]>
and subject line Bug#635837: fixed in libsoup2.4 2.4.1-2+lenny1
has caused the Debian Bug report #635837,
regarding CVE-2011-2524: SoupServer directory traversal
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
635837: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635837
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libsoup2.4
Severity: grave
Tags: security
Please see the following references:
https://bugzilla.redhat.com/show_bug.cgi?id=720509
https://bugzilla.gnome.org/show_bug.cgi?id=653258
http://git.gnome.org/browse/libsoup/commit/?id=cbeeb7a0f7f0e8b16f2d382157496f9100218dea
http://git.gnome.org/browse/libsoup/commit/?h=gnome-3-0&id=51eb8798c3965b49f3010db82009d36429f28514
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: libsoup2.4
Source-Version: 2.4.1-2+lenny1
We believe that the bug you reported is fixed in the latest version of
libsoup2.4, which is due to be installed in the Debian FTP archive:
libsoup2.4-1_2.4.1-2+lenny1_amd64.deb
to main/libs/libsoup2.4/libsoup2.4-1_2.4.1-2+lenny1_amd64.deb
libsoup2.4-dev_2.4.1-2+lenny1_amd64.deb
to main/libs/libsoup2.4/libsoup2.4-dev_2.4.1-2+lenny1_amd64.deb
libsoup2.4-doc_2.4.1-2+lenny1_all.deb
to main/libs/libsoup2.4/libsoup2.4-doc_2.4.1-2+lenny1_all.deb
libsoup2.4_2.4.1-2+lenny1.diff.gz
to main/libs/libsoup2.4/libsoup2.4_2.4.1-2+lenny1.diff.gz
libsoup2.4_2.4.1-2+lenny1.dsc
to main/libs/libsoup2.4/libsoup2.4_2.4.1-2+lenny1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[email protected]> (supplier of updated libsoup2.4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 21 Dec 2011 19:36:22 +0000
Source: libsoup2.4
Binary: libsoup2.4-dev libsoup2.4-1 libsoup2.4-doc
Architecture: source all amd64
Version: 2.4.1-2+lenny1
Distribution: oldstable-security
Urgency: high
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Nico Golde <[email protected]>
Description:
libsoup2.4-1 - an HTTP library implementation in C -- Shared library
libsoup2.4-dev - an HTTP library implementation in C -- Development files
libsoup2.4-doc - an HTTP library implementation in C -- API Reference
Closes: 635837
Changes:
libsoup2.4 (2.4.1-2+lenny1) oldstable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix directory traversal vulnerability through crafted HTTP requests
(CVE-2011-2524; Closes: #635837)
Checksums-Sha1:
72c937355acb01e10103822f0f138316b5e010c6 1304 libsoup2.4_2.4.1-2+lenny1.dsc
907c424c7e9d130752909d622355b94643bf753b 866079 libsoup2.4_2.4.1.orig.tar.gz
825ec55e3fd627348be44dfecf1d2ae7700077e8 7581 libsoup2.4_2.4.1-2+lenny1.diff.gz
608d2595c24b6a88d2e829880f29f29c2e2aebf5 210312
libsoup2.4-doc_2.4.1-2+lenny1_all.deb
e38feea3245fc4b80ea5424150be064df42a484e 225102
libsoup2.4-dev_2.4.1-2+lenny1_amd64.deb
c6889e56276196b777ee74525bfec6f774f733e2 183576
libsoup2.4-1_2.4.1-2+lenny1_amd64.deb
Checksums-Sha256:
1e5d63c0a4c16c67368eb72840c1d0bec4f3fa817a3e29b4c3db340eae2200f0 1304
libsoup2.4_2.4.1-2+lenny1.dsc
bbc6d24a3a788783e196a6ac4f744328e4c0a7b8ba5cd563360bb32580e79006 866079
libsoup2.4_2.4.1.orig.tar.gz
068ce7282024d78ca1e9af80dedc80c05dc6aab82c9283d0eb947b702daf72b8 7581
libsoup2.4_2.4.1-2+lenny1.diff.gz
d3a4e0855b9285f8b667e3f4b9455ca68c5d7a5d4f22f5a24d2b45b604dce8a3 210312
libsoup2.4-doc_2.4.1-2+lenny1_all.deb
8e1e0c1617bfbd670f86a5d2dd3da02fcd55462fa4b5c25fb30ce7c9bbaabf85 225102
libsoup2.4-dev_2.4.1-2+lenny1_amd64.deb
6c05138f95cb8452cb734c8ed28cb748a26ced35039ffc9a5ff8e37ecad996e0 183576
libsoup2.4-1_2.4.1-2+lenny1_amd64.deb
Files:
d8af893a40d61c9c367a0fbc15b0829f 1304 devel optional
libsoup2.4_2.4.1-2+lenny1.dsc
d8deba0b01b7d97e4dc6c435ff427138 866079 devel optional
libsoup2.4_2.4.1.orig.tar.gz
a7dcb5ecb3149be3b29c95007eba311e 7581 devel optional
libsoup2.4_2.4.1-2+lenny1.diff.gz
3728991c3a6148f1d2ca5ccca8e87f3b 210312 doc optional
libsoup2.4-doc_2.4.1-2+lenny1_all.deb
bd08a42e614f9d47b6c93c4719c200ea 225102 libdevel optional
libsoup2.4-dev_2.4.1-2+lenny1_amd64.deb
702dd12c8e7305d40b062a49a21daea7 183576 libs optional
libsoup2.4-1_2.4.1-2+lenny1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7yOIYACgkQHYflSXNkfP/YjgCeIgBzVd1JmpWp4KDosXlNYvGg
Z58AoKRrSu8d0tZQ6RKPE+hQFrtC6MEi
=CXd9
-----END PGP SIGNATURE-----
--- End Message ---
