Bug#659899: marked as done (CVE-2012-0790: XSS)

Thu, 21 Mar 2013 15:06:24 -0700 

Your message dated Thu, 21 Mar 2013 22:02:04 +0000
with message-id <[email protected]>
and subject line Bug#659899: fixed in smokeping 2.3.6-5+squeeze1
has caused the Debian Bug report #659899,
regarding CVE-2012-0790: XSS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
659899: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659899
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: smokeping
Severity: grave
Tags: security

This has been assigned CVE-2011-0790:
http://holisticinfosec.org/content/view/188/45/

Patch:
https://bugzilla.redhat.com/attachment.cgi?id=556619&action=diff&context=patch&collapsed=&headers=1&format=raw

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: smokeping
Source-Version: 2.3.6-5+squeeze1

We believe that the bug you reported is fixed in the latest version of
smokeping, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated smokeping package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Mar 2013 22:46:57 +0100
Source: smokeping
Binary: smokeping
Architecture: source all
Version: 2.3.6-5+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Jose Carlos Garcia Sogo <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description: 
 smokeping  - latency logging and graphing system
Closes: 659899
Changes: 
 smokeping (2.3.6-5+squeeze1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2012-0790: Fix cross-site scripting vulnerability allowing a
     remote attacker to inject arbitrary web script or html via the
     displaymode parameter. Initial patch prepared by Antoine Beaupré.
     Add an adjustment to the patterns to exclude more special
     characters. (Closes: #659899)
Checksums-Sha1: 
 6b8cc752817e35f41b191909851639b502392fbf 1956 smokeping_2.3.6-5+squeeze1.dsc
 35a9072404d874898e6cd0c89ef438be21bc5279 580785 smokeping_2.3.6.orig.tar.gz
 8b8f8d9603208821f8cb4c3aaff1ff975de916e3 24485 
smokeping_2.3.6-5+squeeze1.diff.gz
 de663f0f9853fe36335934b04576aa94dbc24f7b 617190 
smokeping_2.3.6-5+squeeze1_all.deb
Checksums-Sha256: 
 74d2ce63ce6fcb8d95ed9ab3365ac43c208fb29a174276e28c5f05a901119ac4 1956 
smokeping_2.3.6-5+squeeze1.dsc
 20e75da551b9a1f8b2957e8c4ff7f273fcf765eb39fbccafd6e74a7c6cb556b5 580785 
smokeping_2.3.6.orig.tar.gz
 04ac97f05a7973f2f9cc75171e380f749f345f2963475e6fec65547c546f28e2 24485 
smokeping_2.3.6-5+squeeze1.diff.gz
 674514befcc1edc608d67d38242310f4ba288b028546dcdbd83c94f2a70962fa 617190 
smokeping_2.3.6-5+squeeze1_all.deb
Files: 
 2a39e17519bb45e920b8d2ecce09fb5a 1956 net extra smokeping_2.3.6-5+squeeze1.dsc
 06d5ed4ed693a17960dfa3361443bf72 580785 net extra smokeping_2.3.6.orig.tar.gz
 d772531a7522237e9ac260872d2d132f 24485 net extra 
smokeping_2.3.6-5+squeeze1.diff.gz
 fd4d8cc29127154d0cb8990c142febb6 617190 net extra 
smokeping_2.3.6-5+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRQ6/8AAoJEHidbwV/2GP+NokQAIdPmZb/cgsPYPTUtgz0ip38
hspyFEygIYT7cyvwt9J0Gu9VLjh+vb89+t6KYGgBDCk3/65MUB9RL5LTsYR6eVGO
NNJca7P9Xy8Fk+eKEw2HCzXh7ok8KN1LlHOpmb1sV0x+bEo0p7QfZDoowa4mbd78
/Dr6R93qQdnoutpwY625siqAxwkZJ2SUFwmOKtIf7tA4kvAi755PO1IBJYI9TDkw
rwyC21wczxrAD3n6VaRBQam0aPgXiyROi0UxDW81RoJjpCjpvdwuNSwvpRpxqCxN
g0d/n1XTOkQkr3WlrRHEmElq9dKhVqnERyxkI0TQKxQq/A0BA8isxk4QLwA/Y2Yh
+oLF88D+u4mVJkmRnmFQKS4jHfCFBjGNp2AELwe4o0wbS80PUoT48d1uc5FOS1DT
RbY3CU2hvIQDF4azReCSBXi4YAJhtWJMfVQJVNva2p1dcr3ed6W9fGFuEtiA2rOM
k2xpa+Papn3JVIjiP0WVWEreRYzSNilzKXuDvTigoibBMOd+nUuebDysMDtZc0My
M6e8hmIeXPbsRzKeZogrPaLPahoRlEXNoO79AsdZ0yxis+llSbbnjFR0n2spoB9K
+2bHEGT0XBdlZEM3oSSwLEK5jxB2r2wnv6E2uxI02HEkIYSuaPHrddm+n7nRvF1M
WhpO66xVznyHy0BbmFn3
=jX82
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to