Your message dated Sun, 07 Sep 2014 06:48:58 +0000
with message-id <[email protected]>
and subject line Bug#760372: fixed in loganalyzer 3.6.6+dfsg-1
has caused the Debian Bug report #760372,
regarding loganalyzer: CVE-2014-6070
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
760372: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760372
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: loganalyzer
Version: 3.6.5+dfsg-7
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for loganalyzer. But I was
not yet able to verify the vulnerability, but it is said to be fixed
in 3.6.6 upstream.
CVE-2014-6070[0]:
Syslog LogAnalyzer persistent XSS injection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-6070
[1] http://seclists.org/fulldisclosure/2014/Sep/17
[2] http://loganalyzer.adiscon.com/downloads/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: loganalyzer
Source-Version: 3.6.6+dfsg-1
We believe that the bug you reported is fixed in the latest version of
loganalyzer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Pocock <[email protected]> (supplier of updated loganalyzer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 07 Sep 2014 08:32:12 +0200
Source: loganalyzer
Binary: loganalyzer
Architecture: source all
Version: 3.6.6+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian Monitoring Maintainers
<[email protected]>
Changed-By: Daniel Pocock <[email protected]>
Description:
loganalyzer - web interface to syslog and event data
Closes: 760372
Changes:
loganalyzer (3.6.6+dfsg-1) unstable; urgency=high
.
* New upstream release.
* Fix cross-site-scripting CVE-2014-6070 (Closes: #760372)
Checksums-Sha1:
6da8b946b700abce880a7403eb69c999e77b84c2 2023 loganalyzer_3.6.6+dfsg-1.dsc
06231cb473ebc7ee31eb7b4a9360649358bd86a7 1037669
loganalyzer_3.6.6+dfsg.orig.tar.gz
3510686af81d0a8ed35406c515ba91189654c9fc 12656
loganalyzer_3.6.6+dfsg-1.debian.tar.xz
d8d23ebd7988647abc8ee06c415cc257ca5f42d1 485098
loganalyzer_3.6.6+dfsg-1_all.deb
Checksums-Sha256:
df21a1007a8e8f47984653f0fa1acd38b4816afba9bdba5da50ecd4c5060d9a5 2023
loganalyzer_3.6.6+dfsg-1.dsc
ecaecea000799ccac51405ce7cf17ec2eba7073a11952521a3b4da30cbab3926 1037669
loganalyzer_3.6.6+dfsg.orig.tar.gz
5b22a0de00eb6994a6530b82bb3701f6a463747a5114aa576245100945b45431 12656
loganalyzer_3.6.6+dfsg-1.debian.tar.xz
dd1e9d7fd8660d0dd9120b898813e99426723261f2bf234f8229f904f71570ad 485098
loganalyzer_3.6.6+dfsg-1_all.deb
Files:
dbd1daa3c13404d3b024966e5442a57f 485098 net optional
loganalyzer_3.6.6+dfsg-1_all.deb
0d65ade482c2a2f289b0737ab4e1e0e5 2023 net optional loganalyzer_3.6.6+dfsg-1.dsc
9dc3fb3faa4454a3e807ce202345da35 1037669 net optional
loganalyzer_3.6.6+dfsg.orig.tar.gz
d2894be56767a1ba0cb4fb8daeb0d5d8 12656 net optional
loganalyzer_3.6.6+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJUC/6aAAoJEGxlgOd711bEs6kQAMFq/gkh2aF58QM5V9GDFtcN
CsLxGXaJm+Y7HlSuqY42r267ZEaiXy35FhPk9pTbj1b5dDGVw3tVnDSYzoTMLg5X
m/ZW4v0JS9xRHrUXn7FUSoYs7E14bqxFtIrs61So4A/AIB/RxeB1rcVMINvJai6e
bPQSVN8zaZMFRnQfejfYgOhOWsdoaDef0gUI7ouQPVOsNF2VGgqKYuf+9i2PndQk
b/9XwBe1Ve41MbeDei0d/7mliBqGocXhWbbjAns53Re9X4WoaFofPVyKye2W8hYi
95w4UPMu0vqRbxiz/hedrbT5f7iD8BHch+IHtWBpj4SmQKhnr7ElhV0+BJAoA2rf
EHPXE4vexYszo5tDNpEmt/UjVwtizJsNm5TYI1mdJ7MekUDhitATP1UzDmeFZcdM
P9frs7MFOoPyzQoNPYMtAXNvi29n5NgEFLWTX9Xnyk9QayOecaWdy3i5Hz6DOJVs
m3E3H3AL7O2p1B3GiSvD9hyPTEK1Hc5j9jWJWAY63FMhnGGUaWPufxooUTGjcAc+
FiG5kxe5qSccdPELdxonHuKLcPjZKWjkBPOjMvWm3Eh/DszZ1furiizosxRPAD8O
LNq+eTB/r2djAWFIiguBnR2/fONH9Gc24y3/yqB7JlBtTk8WYGPyRT/tQcis9St3
5uCruyarc7vh+pGj+1KJ
=gWNK
-----END PGP SIGNATURE-----
--- End Message ---
