Your message dated Tue, 13 May 2014 10:37:39 +0000 with message-id <[email protected]> and subject line Bug#745979: fixed in lazygal 0.8.4-1 has caused the Debian Bug report #745979, regarding lazygal: Incorrect escaping of characters when forming URLs breaks albums to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 745979: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745979 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: lazygal Version: 0.8.3-1 Severity: normal Hi, I noticed today that my albums were impossible to access from Chromium (with no visible error), while they worked from Iceweasel. After a lot of head-scratching, I noticed that something was wrong in the HTML code generated: <div class="sub_gallery_image"> <a href="2011-2013:%20Irlanda/index.html"> <img src="2011-2013:%20Irlanda/index.png" alt="2011-2013: Irlanda album picture" /> As you can see, the colon is not escaped, and therefore, those URIs are invalid. Chrome is actually doing the right thing, as there is no protocol/method named '2011-2013'. I don't know what lazygal is using to escape URIs, but smells very bad. This can be in fact a serious bug, if lazygal were taking untrusted content, as one could create a file called 'javascript:alert("foo")' for example, and have deployed into a web server. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (50, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lazygal depends on: ii gir1.2-gexiv2-0.10 0.10.0-1 ii python 2.7.5-5 ii python-genshi 0.7-3 ii python-gi 3.10.2-2+b1 ii python-imaging 2.3.0-2 lazygal recommends no packages. Versions of packages lazygal suggests: ii gstreamer0.10-plugins-base 0.10.36-1.1 pn python-gst0.10 <none> -- no debconf information
--- End Message ---
--- Begin Message ---Source: lazygal Source-Version: 0.8.4-1 We believe that the bug you reported is fixed in the latest version of lazygal, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michal Čihař <[email protected]> (supplier of updated lazygal package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 13 May 2014 12:11:03 +0200 Source: lazygal Binary: lazygal Architecture: source all Version: 0.8.4-1 Distribution: unstable Urgency: medium Maintainer: Michal Čihař <[email protected]> Changed-By: Michal Čihař <[email protected]> Description: lazygal - static web gallery generator Closes: 745976 745979 Changes: lazygal (0.8.4-1) unstable; urgency=medium . * New upstream release. - Fix semicolon not escaped in urls (Closes: #745979). * Depend on gir1.2-gexiv2-0.10 0.10.1 or newer to avoid breakage with 0.10.0 (Closes: #745976). Checksums-Sha1: 2d9276acfe1460aa9da185240a6186aa21124b9b 2029 lazygal_0.8.4-1.dsc 27392ebc9090c6b100ed558f917f3aeaaa6ea289 468013 lazygal_0.8.4.orig.tar.gz 48a6c1cf5fee940ad37aeb60a04afb3c014dd429 3876 lazygal_0.8.4-1.debian.tar.xz 7e2c10851fd5a5375215e7b6e634f3ded67919ea 186558 lazygal_0.8.4-1_all.deb Checksums-Sha256: 215c07af71dea43ae858df5e0ae9e9d27e0f745e933144e6a23cdf31f5623b4e 2029 lazygal_0.8.4-1.dsc 740bd5bc77a857e23a0d22811d5af80a70121c6f65d6b499fa867d6c3ab25984 468013 lazygal_0.8.4.orig.tar.gz 3954415c791d330d90006874210f87112a42d31e486ff5cb3e4d5fa784701726 3876 lazygal_0.8.4-1.debian.tar.xz 1c59cf765392bba0c1b52d70f62a35d0bb5a235f72a07ee008d53a92813b7333 186558 lazygal_0.8.4-1_all.deb Files: b69c7a9095a232818c23610b37eadb19 186558 graphics optional lazygal_0.8.4-1_all.deb 8fc9362506ba781bccb67040ea7a114e 2029 graphics optional lazygal_0.8.4-1.dsc 9fef19d1771730c91d4114a054958ed9 468013 graphics optional lazygal_0.8.4.orig.tar.gz 9c37f5c0b4ac0d22f6a3d8ffd6d88c3c 3876 graphics optional lazygal_0.8.4-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJTcfA5AAoJEGo39bHX+xdNQPkP/jz7tnG5JIrqDl/0JBVtMkPX FQUJkEI7jzurQYBc42Donr8x0+p7Q7Ld2DHF5x1v8ZNoC5uSlBe/jGXPP28V7DZj wOMemGzouwk370kAnJUsFRrOqYUy879kKp0f406DZP2cKY6DwLJssdprQeLfeG7S bAI9kn0T9zIFF0V1k9eeWNFk8mVXOr3Y6wVunTusu8CMB68wjreh0x2dz3FkUemq PnV5B62j+2ebCVnwD4waGpZnAvkqzCRVKN0hkw9+OQ5RTuYcLFnWd2Drp/sHCzJ0 KM0WsHb/ZV8B2b87YOcD2oO6HAgvTqHfo1HKj4JUFOsJ1+wipbJEAW6EfPyMApCa eX1eXltTT92YdctD/2lNYMpQHX8N+Y+pm7bjnqXYauuEXvRDv2lwjYMrs/KVDuk4 akRkXroarD4k5KCIGWs3OEDsm2zQLunTA5NFwKRsAylWybcxzSZkobpsQzqdujx3 noJ2rwlqB6G6LebXHo0OBJdt4kKfcthftGCOQGamxzpd1Bzw1020BA5zbMzr+BPD bdA30mhFNlAdAHzY9+sla7tBOJxe5+lhJcAnfeE0JJf8qXtiAT2qJKWMs5hgl5kv Sa6JHDfo3xHChaQvSb8u/IeUjuaZxal/tiiLFOX3NK7PnI+QWW+4uEw0U8LIdOjN W1SMzcWXGFz5pBPLJ0H2 =iTte -----END PGP SIGNATURE-----
--- End Message ---
