Bug#641450: marked as done (backuppc: new upstream release fixes security issue)

Fri, 13 Jan 2012 09:51:43 -0800 

Your message dated Fri, 13 Jan 2012 17:47:09 +0000
with message-id <[email protected]>
and subject line Bug#641450: fixed in backuppc 3.1.0-9.1
has caused the Debian Bug report #641450,
regarding backuppc: new upstream release fixes security issue
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
641450: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641450
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: backuppc
Severity: serious
Tags: security patch

Hi,

BackupPC 3.2.1 was released back in April.
http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel

The release includes a security fix. Can you please ensure that this
release is uploaded to unstable as soon as possible, perhaps with
urgency=medium (or high)?

It seems that the issue also affects stable & oldstable. Are you in a
position to prepare updated packages for that release aswell? This should
be the required patch:
http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24

There's no CVE id assigned to this issue yet, but there's no need to hold
off on any action until there is.


thanks,
Thijs

--- End Message ---
--- Begin Message --- 
Source: backuppc
Source-Version: 3.1.0-9.1

We believe that the bug you reported is fixed in the latest version of
backuppc, which is due to be installed in the Debian FTP archive:

backuppc_3.1.0-9.1.diff.gz
  to main/b/backuppc/backuppc_3.1.0-9.1.diff.gz
backuppc_3.1.0-9.1.dsc
  to main/b/backuppc/backuppc_3.1.0-9.1.dsc
backuppc_3.1.0-9.1_all.deb
  to main/b/backuppc/backuppc_3.1.0-9.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <[email protected]> (supplier of updated backuppc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 11 Jan 2012 20:17:35 +0100
Source: backuppc
Binary: backuppc
Architecture: source all
Version: 3.1.0-9.1
Distribution: stable
Urgency: low
Maintainer: Ludovic Drolez <[email protected]>
Changed-By: Thijs Kinkhorst <[email protected]>
Description: 
 backuppc   - high-performance, enterprise-grade system for backing up PCs
Closes: 558431 641450 646865 654692
Changes: 
 backuppc (3.1.0-9.1) stable; urgency=low
 .
   * Non-maintainer upload.
   * Fix data corruption in tarballs due to logging to stdout
     (closes: #654692, #558431)
   * Fix XSS issue (CVE-2011-3361 CVE-2011-4923,
     closes: #641450, #646865)
Checksums-Sha1: 
 a4f475d9ab8a68eae5d40cc853c02380c98d0402 1305 backuppc_3.1.0-9.1.dsc
 7899842c29a6751a89a61da6dfe950a4210d2526 27277 backuppc_3.1.0-9.1.diff.gz
 a6931c097126ca0a91debdbffce729e42c486dfd 560748 backuppc_3.1.0-9.1_all.deb
Checksums-Sha256: 
 0f70359ef28d22ebfc2b993c7fb9ddcc9e3029b6050a65e8261f91f863c67014 1305 
backuppc_3.1.0-9.1.dsc
 2a6a986da590455a9e4a26220915212c57a002eb1016cfdbf6755d061802c571 27277 
backuppc_3.1.0-9.1.diff.gz
 1f212af45e4cfac5f056e56bd4ab032a6ba597fa78c8ad31b7a9de96c74f8eda 560748 
backuppc_3.1.0-9.1_all.deb
Files: 
 d128b5bb306412142e62306f697d76d5 1305 utils optional backuppc_3.1.0-9.1.dsc
 ec82497735d309aec4e5c4cfcf4aa3e0 27277 utils optional 
backuppc_3.1.0-9.1.diff.gz
 9858f9ae05af18d5244a3b6ca7796776 560748 utils optional 
backuppc_3.1.0-9.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJPDeC/AAoJEOxfUAG2iX57CikIANVNTpm9nmxivaYbgzaUFFD4
Rq2Z91CpFQlYTdrX9HQLW/pP3fjUdGBtKuLlDdEYlrw4z7t1c94D/jorDrv5dwJc
TbITLrpcImRfqjE/ilJ8wltdoOD1SuDauwOOMnzVJQP5u0Qpdl4FpSxjBM8LaXOg
/b/59wUa1vHf6V9lVbtBqJUIuFDDo3+v2Z52YXBDs2ezO9ZWBRaqqlCIzeBkcrFz
n5gac14n3g/Wz7N5zCQw1P5SVBQY/JM6wjWkasL5rdUoyreHSMJUkRTkbiFBFf3A
u95munTrpCKDWEZk3iTMQFotF4upPTQewlDt+kVad/eQcVkRC8dGVKNG6PhgltQ=
=8jzp
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to