Your message dated Fri, 16 Dec 2005 21:37:18 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#318284: fixed in phppgadmin 3.5.2-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Jul 2005 14:14:28 +0000
>From [EMAIL PROTECTED] Thu Jul 14 07:14:28 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Dt4Ts-000795-00; Thu, 14 Jul 2005 07:14:28 -0700
Received: from dragon.kitenet.net (kitenet.net [127.0.0.1])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 2516E17DD1
for <[EMAIL PROTECTED]>; Thu, 14 Jul 2005 14:14:28 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 166BD6E134; Thu, 14 Jul 2005 17:15:10 +0300 (EEST)
Date: Thu, 14 Jul 2005 17:15:10 +0300
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2005-2256 directory traveral vulnerability
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1"
Content-Disposition: inline
X-Reportbug-Version: 3.15
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: phppgadmin
Severity: serious
Tags: security
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allo=
ws
remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot d=
ot)
sequences in the formLanguage parameter.
-- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-2256
--=20
see shy jo
--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC1nNud8HHehbQuO8RAs3pAKCyY2uXbfbJJJqdm58FRqYRCR734QCcDs6q
oqsceF0tJs3aXF2gYOFs9io=
=7j9M
-----END PGP SIGNATURE-----
--RnlQjJ0d97Da+TV1--
---------------------------------------
Received: (at 318284-close) by bugs.debian.org; 17 Dec 2005 05:41:07 +0000
>From [EMAIL PROTECTED] Fri Dec 16 21:41:07 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EnUkw-0000vf-1a; Fri, 16 Dec 2005 21:37:18 -0800
From: Isaac Clerencia <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.17 $
Subject: Bug#318284: fixed in phppgadmin 3.5.2-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 16 Dec 2005 21:37:18 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: phppgadmin
Source-Version: 3.5.2-5
We believe that the bug you reported is fixed in the latest version of
phppgadmin, which is due to be installed in the Debian FTP archive:
phppgadmin_3.5.2-5.diff.gz
to pool/main/p/phppgadmin/phppgadmin_3.5.2-5.diff.gz
phppgadmin_3.5.2-5.dsc
to pool/main/p/phppgadmin/phppgadmin_3.5.2-5.dsc
phppgadmin_3.5.2-5_all.deb
to pool/main/p/phppgadmin/phppgadmin_3.5.2-5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Isaac Clerencia <[EMAIL PROTECTED]> (supplier of updated phppgadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 18 Jul 2005 11:07:20 +0200
Source: phppgadmin
Binary: phppgadmin
Architecture: source all
Version: 3.5.2-5
Distribution: stable-security
Urgency: high
Maintainer: Isaac Clerencia <[EMAIL PROTECTED]>
Changed-By: Isaac Clerencia <[EMAIL PROTECTED]>
Description:
phppgadmin - Set of PHP scripts to administrate PostgreSQL over the WWW
Closes: 318284
Changes:
phppgadmin (3.5.2-5) stable-security; urgency=high
.
* Fix security bug CAN-2005-2256, closes: #318284
Files:
46f4509ee768781e441286d125afe0f5 584 web extra phppgadmin_3.5.2-5.dsc
8f1d0323ae84979c21a409334c6e70db 10063 web extra phppgadmin_3.5.2-5.diff.gz
9978c0a723a9e4572f2264478c0ba193 612995 web extra phppgadmin_3.5.2.orig.tar.gz
b9e4117adf7ef565e6884fbde4daaf9f 601022 web extra phppgadmin_3.5.2-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC24DIW5ql+IAeqTIRAj2PAJsEEVSZpF5ctRYVyNL+uAlxfXIyRwCeJfQc
HNi2oiUG0+SlAV4k6s04jGQ=
=cJkA
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
