Your message dated Sat, 22 Jul 2006 17:17:18 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#379060: fixed in hyperestraier 1.3.3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: hyperestraier
Version: 1.2.5-1
Severity: serious
Tags: security fixed-upstream
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2006-3671: "Cross-site request forgery (CSRF) vulnerability in the
communicate function in estmaster.c for Hyper Estraier before 1.3.3
allows remote attackers to perform unauthorized actions as other users
via unknown vectors."
This is fixed upstream in 1.3.3; see [1] for more details.
hyperestraier is not in sarge.
Please mention the CVE in your changelog.
Thanks,
Alec
[1] http://sourceforge.net/project/shownotes.php?release_id=432119
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEv/uJAud/2YgchcQRAi0jAJwK652ImkDgjr3Om/zwiKKqz2TwOACfcBGa
G5SJXE1REWz3/KU/enR91y4=
=5Qzf
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: hyperestraier
Source-Version: 1.3.3-1
We believe that the bug you reported is fixed in the latest version of
hyperestraier, which is due to be installed in the Debian FTP archive:
hyperestraier_1.3.3-1.diff.gz
to pool/main/h/hyperestraier/hyperestraier_1.3.3-1.diff.gz
hyperestraier_1.3.3-1.dsc
to pool/main/h/hyperestraier/hyperestraier_1.3.3-1.dsc
hyperestraier_1.3.3-1_i386.deb
to pool/main/h/hyperestraier/hyperestraier_1.3.3-1_i386.deb
hyperestraier_1.3.3.orig.tar.gz
to pool/main/h/hyperestraier/hyperestraier_1.3.3.orig.tar.gz
libestraier-dev_1.3.3-1_i386.deb
to pool/main/h/hyperestraier/libestraier-dev_1.3.3-1_i386.deb
libestraier-java_1.3.3-1_i386.deb
to pool/main/h/hyperestraier/libestraier-java_1.3.3-1_i386.deb
libestraier-ruby1.8_1.3.3-1_i386.deb
to pool/main/h/hyperestraier/libestraier-ruby1.8_1.3.3-1_i386.deb
libestraier8_1.3.3-1_i386.deb
to pool/main/h/hyperestraier/libestraier8_1.3.3-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fumitoshi UKAI <[EMAIL PROTECTED]> (supplier of updated hyperestraier package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 23 Jul 2006 08:27:40 +0900
Source: hyperestraier
Binary: hyperestraier libestraier-java libestraier8 libestraier-dev
libestraier-ruby1.8
Architecture: source i386
Version: 1.3.3-1
Distribution: unstable
Urgency: high
Maintainer: Fumitoshi UKAI <[EMAIL PROTECTED]>
Changed-By: Fumitoshi UKAI <[EMAIL PROTECTED]>
Description:
hyperestraier - a full-text search system for communities
libestraier-dev - a full-text search system Libraries [development]
libestraier-java - Hyper Estraier Node API Libraries for Java
libestraier-ruby1.8 - Hyper Estraier Node API Libraries for Ruby
libestraier8 - a full-text search system Libraries [runtime]
Closes: 367374 368906 376897 377743 379060
Changes:
hyperestraier (1.3.3-1) unstable; urgency=high
.
* New upstream release
fix CVE-2006-3671: cross-site request forgery
closes: Bug#379060
new bindaddr configuration parameter in _conf
closes: Bug#368906
* debian/hyperestraier.init: fix to exit successfully when NO_START=1
closes: Bug#367374, Bug#377743
* debia/control: remove pphtml from Recommends, since it is not available
any more.
closes: Bug#376897
Files:
bcf3035e63a7429658c83fb4be12a9b3 992 text optional hyperestraier_1.3.3-1.dsc
d2c544f48b8b92a62d7028c68736ce40 899649 text optional
hyperestraier_1.3.3.orig.tar.gz
8a4c8dbd95a9484b1a196031f23ff276 34147 text optional
hyperestraier_1.3.3-1.diff.gz
3ee16bf9976e904669eeec5d23467c96 389338 text optional
hyperestraier_1.3.3-1_i386.deb
2a946ab20b328ace68af322397a1f565 94934 text optional
libestraier8_1.3.3-1_i386.deb
373e1070b74f406f78f287e7421f9052 134166 text optional
libestraier-dev_1.3.3-1_i386.deb
fc667a3fa040c5908bfd09309966f4b3 78784 text optional
libestraier-ruby1.8_1.3.3-1_i386.deb
6f500b73437672b2d35b89c96f4b28e7 92980 libs optional
libestraier-java_1.3.3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEwrvj9D5yZjzIjAkRAi0bAJ9ssujUMTw7ZaTS17glgqGNQiOQ+wCgtpS6
sVqaCEHywSEXDtUF52iiyMg=
=arX5
-----END PGP SIGNATURE-----
--- End Message ---
