Your message dated Mon, 23 Jun 2014 07:34:09 +0000
with message-id <[email protected]>
and subject line Bug#742859: fixed in biomaj-watcher 1.2.2-1
has caused the Debian Bug report #742859,
regarding XSS vulnerability in open-flash-chart.swf (CVE-2013-1636)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
742859: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742859
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: biomaj-watcher
Severity: important
Tags: security
Hi,
the following vulnerability was published for biomaj-watcher.
CVE-2013-1636[0]:
| Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in
| Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link
| Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component
| 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through
| 4.3.3, allows remote attackers to inject arbitrary web script or HTML
| via the get-data parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1636
https://security-tracker.debian.org/tracker/CVE-2013-1636
Please adjust the affected versions in the BTS as needed.
Cheers,
Thijs
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: biomaj-watcher
Source-Version: 1.2.2-1
We believe that the bug you reported is fixed in the latest version of
biomaj-watcher, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Olivier Sallou <[email protected]> (supplier of updated biomaj-watcher package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 22 Jun 2014 09:19:40 +0200
Source: biomaj-watcher
Binary: biomaj-watcher
Architecture: source all
Version: 1.2.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Olivier Sallou <[email protected]>
Description:
biomaj-watcher - biological data-bank updater - web interface
Closes: 742859 752223
Changes:
biomaj-watcher (1.2.2-1) unstable; urgency=medium
.
* New usptream release:
- remove generated GWT files from source (Closes: #752223), not used
by application, those files are regenerated by build process.
- remove unused Open Chart files with related secutiry issue CVE-2013-1636
Previous releases are not impacted by security issue as file was
not used (Closes: #742859).
* d/control: use Standards 3.9.5
Checksums-Sha1:
3026b6784ad1f809b2be5dcf393193a364749ec4 2294 biomaj-watcher_1.2.2-1.dsc
5470cdb94ec202930bd76a6aade16a669d035771 95073453
biomaj-watcher_1.2.2.orig.tar.gz
af40b423d83961910077568a81c94aaca2fe92f6 34552
biomaj-watcher_1.2.2-1.debian.tar.xz
c83eef379f6176139eee06a92eb5456d100cf515 17924136
biomaj-watcher_1.2.2-1_all.deb
Checksums-Sha256:
1d9c0f823f02e90f04785dcadcf919b43cece3c616015adb2921c5011c8759be 2294
biomaj-watcher_1.2.2-1.dsc
9936e817f0699ac9081d28f3d9ca383a0c93f55bb3aab70405eb4378c61ca624 95073453
biomaj-watcher_1.2.2.orig.tar.gz
d3e3ada876c68f1eb1da859a0e5b2b3a44529291df7c95d2bc2d9f4e67cba728 34552
biomaj-watcher_1.2.2-1.debian.tar.xz
bb32a1d54dbe455b933d96370ed48aeea09e60b6653e8749eccd8334f6189de6 17924136
biomaj-watcher_1.2.2-1_all.deb
Files:
4543a36032507380499ee41a37266328 17924136 contrib/science optional
biomaj-watcher_1.2.2-1_all.deb
cb03dc9e85cc303b4d5a884ed95c459b 2294 contrib/science optional
biomaj-watcher_1.2.2-1.dsc
de9f439ea0169d4980ba69352617558d 95073453 contrib/science optional
biomaj-watcher_1.2.2.orig.tar.gz
d9e4ed19b682a577bfd708a671dcdee2 34552 contrib/science optional
biomaj-watcher_1.2.2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTp9VOAAoJEHjcaNsybYQ4C2wQAJ3ugd6IG36VzW/i5ld2uIVA
VUAD/dR1ed7VVTsX19KoVj7mSWOSOAZ2+WdjJoSdYoEK1cm6TKU8nNZoQiTihlLA
YvWJzCUN6sFAUnQTwp9qZNnq6/VvzQTlh9unZUTn0c/qB0eizdGOcA6BXBzWCnsj
suL0Re5AsepEuczaXEkhEq9BFIl94fqX0vhqmi2F42XV1gqXSlu99viFdMw2u1FF
MAFfOzwLpR1c4uC4yyaOElekNgT+jOcyWztQefyzL+ClLRzxORVsQ5bLTptZxqEz
2w/EK8t4LLipjVV7LAqn5hGTGJXTkuFQIG+kfBHfiY+QWSvPFFzuMSdmYsmm5UPH
9QzNSwc/jlPLNI5avn6/d4WZFEiGr9Zl10L5p6eyHp3F2qStRDwjsFfWJPXQZjdg
E+g0goThmeHkGjKqV5mgPBwPVMDUz8VyhARK8dQvzSNdFN2WlfvGn7ns7TnGlPfb
LFbaZowqQSnwahxCBD0xzleq9SHnB4+bUuxskEEiMxVdLt7DrVluWdu3PRA3lL+n
wm/ln7unBu/WKnobwQiM9vwMx3M/jiEntUvTafmE2zMqTogto0rP6GIgK1tbC8hD
p40QOFZSh1t+N+jkGYj8ucgIDzmi/dqrUfXIq4al4IbAhsl4KkB5OW2oUSrsSsff
7bd1fhBgP5ExK5mGeCSK
=QHAK
-----END PGP SIGNATURE-----
--- End Message ---
