Your message dated Sat, 25 Apr 2020 10:47:08 +0000 with message-id <e1jsiky-0006xy...@fasolo.debian.org> and subject line Bug#956650: fixed in awl 0.60-1+deb10u1 has caused the Debian Bug report #956650, regarding awl: CVE-2020-11728 CVE-2020-11729 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 956650: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: awl Version: 0.60-1 Severity: important Tags: security upstream Two security vulnerabilities were found in the awl package: CVE-2020-11728 Session::__construct() allows use of the current time as a session key https://gitlab.com/davical-project/awl/-/issues/19 CVE-2020-11729 LSIDLogin() is insecure and can allow user impersonation https://gitlab.com/davical-project/awl/-/issues/18 All supported Debian releases are affected.
--- End Message ---
--- Begin Message ---Source: awl Source-Version: 0.60-1+deb10u1 Done: Florian Schlichting <f...@debian.org> We believe that the bug you reported is fixed in the latest version of awl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 956...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Florian Schlichting <f...@debian.org> (supplier of updated awl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 14 Apr 2020 12:26:29 +0200 Source: awl Binary: awl-doc libawl-php Architecture: source all Version: 0.60-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Davical Development Team <davical-de...@lists.sourceforge.net> Changed-By: Florian Schlichting <f...@debian.org> Description: awl-doc - Andrew's Web Libraries - API documentation libawl-php - Andrew's Web Libraries - PHP Utility Libraries Closes: 956650 Changes: awl (0.60-1+deb10u1) buster-security; urgency=high . * Fix two security vulnerablilites (closes: #956650) + CVE-2020-11728 "Session::__construct() allows use of the current time as a session key" + CVE-2020-11729 "LSIDLogin() is insecure and can allow user impersonation" Checksums-Sha1: 8ba00df6284e3c50874d5cfd35c7bc84bdffb2e4 1974 awl_0.60-1+deb10u1.dsc 8f44f07b26608abeaaf1f299665d1b0343bf1927 124772 awl_0.60.orig.tar.xz 6ff9ea57f7b0a6bbdc6218a49e093d7fbfaf7e19 9688 awl_0.60-1+deb10u1.debian.tar.xz f1fbc3237d55a0e5d0030fdc51d650cffba0b1b6 311696 awl-doc_0.60-1+deb10u1_all.deb 6e3bc7977fffc904152a7289bc70f7ae3d477b78 7522 awl_0.60-1+deb10u1_amd64.buildinfo b10fb1312bb328098afb6b8378f181588097aa8f 97892 libawl-php_0.60-1+deb10u1_all.deb Checksums-Sha256: cda3e6e95bd70b60dfca805da54f22a9f53b1617eec876c33d3eb227fa1ceb32 1974 awl_0.60-1+deb10u1.dsc 18fd4c47d45422ae8f4b84d194a28fb70fa1d4b0c9fc59dc800cf60130a745e3 124772 awl_0.60.orig.tar.xz aae77bdc712ce20decf97a96f863c5c51e1cbd660d7a7cb4b17b01e46047b719 9688 awl_0.60-1+deb10u1.debian.tar.xz 18b415eaee0969b2364660c5c3c0f902b6091f938012541941c8136244cdbb2a 311696 awl-doc_0.60-1+deb10u1_all.deb 50f480907d1907fd29e3b441d22cd730ef578d3c1ba51a28d1473b52aec66abf 7522 awl_0.60-1+deb10u1_amd64.buildinfo e37979d4a74833507fa8d26fc68a316a099f05e06724ce07ae47ab38e4690c33 97892 libawl-php_0.60-1+deb10u1_all.deb Files: 0dfe355ec642f50ada054e30e0b625e4 1974 php optional awl_0.60-1+deb10u1.dsc 4fd2eaf25a7570f167f8f4eb970b496d 124772 php optional awl_0.60.orig.tar.xz 19f247eaeb55d4ec310cd1956ef25e3b 9688 php optional awl_0.60-1+deb10u1.debian.tar.xz 32a343f97295004719d810a4b62eccb7 311696 doc optional awl-doc_0.60-1+deb10u1_all.deb 6e463a5cb53ff00f2d8e5836d4319ce3 7522 php optional awl_0.60-1+deb10u1_amd64.buildinfo e1568fa25ea11c030b7f8e803a9b46ab 97892 php optional libawl-php_0.60-1+deb10u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEMLI8i05qOwnqprZSEpc7bnLcB7UFAl6dQJ8ACgkQEpc7bnLc B7UwZg//QD0nIslnlMFwez8Jp1cECr2X471eNiLzic3KvQVK+AF2OQi2xvbnP8xW /c/7nml6AostcSWf72bREhiHISBF2BiruciYbk5J3HQ8CKNfPHfl+Dn/r+XoD2Ic XkxgSyg/TLvJU7tSJf8uJUGwO/ZVEvQs8N5RByoZl1Mkjm5N7NVvpe7KBQHfQfsM ZXh9f+V/K/kckgyiWSHzHP0gALuz0EYFxVuL0Aea3aHSgtFORV/6scVD1/5hbwQK qE+F18R6Yk8h1SkND4AjwLJNmy+0VWtLtek/dj1hof1P8Zn7fTkXXQ0oCktn9rxK E7560BDIfII/algU2pldA9uhMnI0S58iLYOxyjnaahR6Og7qeM4oHEWoEUgd7YBZ vk+wCYbbftY4C8NWPMS0WGoQ7dQbcvAnZrI01ruWoQdL1D6UQbUejfgGzwZWJ8xd lRYapHmMs/US6TwsVX0T2E6u7CX8fk4vRc/1uONKu+7zCiAZ48NzvtJlfkDL1fDF BrYo4tVRGQ/PMT9QUJAqpaSKo5rI1/cn8kVFydiPyuksBR485N273uAzgsd4I1Pq KnEhjxAMicrjqJtheVfudqCbeSZia3PabKFkuO10JZsxmr2modv0StLpnoEi5quQ RgR2fWprOWblR0sx4M9MctR4us1d/pROaCSonL1FvMcUaLcxkxs= =vbPI -----END PGP SIGNATURE-----
--- End Message ---
