Your message dated Wed, 30 Aug 2006 23:02:03 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#328224: fixed in gforge 3.1-31sarge1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gforge
Version: 3.1-31
Severity: important
Tags: security
Hi Roland!
http://marc.theaimsgroup.com/?l=bugtraq&m=112259845904350&w=2
describes two vulns in GForge 4.5: Multiple cross-site scripting
(CAN-2005-2430) and mail bomb (CAN-2005-2431).
Can you please check whether 3.1 is also affected by these? I left the
severity at important since I did not check myself. Please raise as
appropriate.
Please also add the CAN numbers to the changelog if you fix this.
Thanks and have a nice day,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: gforge
Source-Version: 3.1-31sarge1
We believe that the bug you reported is fixed in the latest version of
gforge, which is due to be installed in the Debian FTP archive:
gforge-common_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-common_3.1-31sarge1_all.deb
gforge-cvs_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-cvs_3.1-31sarge1_all.deb
gforge-db-postgresql_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-db-postgresql_3.1-31sarge1_all.deb
gforge-dns-bind9_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-dns-bind9_3.1-31sarge1_all.deb
gforge-ftp-proftpd_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge1_all.deb
gforge-ldap-openldap_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-ldap-openldap_3.1-31sarge1_all.deb
gforge-lists-mailman_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-lists-mailman_3.1-31sarge1_all.deb
gforge-mta-exim4_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-mta-exim4_3.1-31sarge1_all.deb
gforge-mta-exim_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-mta-exim_3.1-31sarge1_all.deb
gforge-mta-postfix_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-mta-postfix_3.1-31sarge1_all.deb
gforge-shell-ldap_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-shell-ldap_3.1-31sarge1_all.deb
gforge-sourceforge-transition_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge1_all.deb
gforge-web-apache_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge-web-apache_3.1-31sarge1_all.deb
gforge_3.1-31sarge1.diff.gz
to pool/main/g/gforge/gforge_3.1-31sarge1.diff.gz
gforge_3.1-31sarge1.dsc
to pool/main/g/gforge/gforge_3.1-31sarge1.dsc
gforge_3.1-31sarge1_all.deb
to pool/main/g/gforge/gforge_3.1-31sarge1_all.deb
sourceforge_3.1-31sarge1_all.deb
to pool/main/g/gforge/sourceforge_3.1-31sarge1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Mas <[EMAIL PROTECTED]> (supplier of updated gforge package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 30 May 2006 20:50:53 +0200
Source: gforge
Binary: gforge-lists-mailman gforge-db-postgresql sourceforge
gforge-mta-postfix gforge-sourceforge-transition gforge-shell-ldap gforge
gforge-common gforge-web-apache gforge-mta-exim gforge-cvs gforge-ftp-proftpd
gforge-mta-exim4 gforge-dns-bind9 gforge-ldap-openldap
Architecture: source all
Version: 3.1-31sarge1
Distribution: stable-security
Urgency: high
Maintainer: Roland Mas <[EMAIL PROTECTED]>
Changed-By: Roland Mas <[EMAIL PROTECTED]>
Description:
gforge - Collaborative development tool - meta-package
gforge-common - Collaborative development tool - shared files
gforge-cvs - Collaborative development tool - CVS management
gforge-db-postgresql - Collaborative development tool - database (using
PostgreSQL)
gforge-dns-bind9 - Collaborative development tool - DNS management (using
Bind9)
gforge-ftp-proftpd - Collaborative development tool - FTP management (using
ProFTPd)
gforge-ldap-openldap - Collaborative development tool - LDAP directory (using
OpenLDAP)
gforge-lists-mailman - Collaborative development tool - mailing-lists (using
Mailman)
gforge-mta-exim - Collaborative development tool - mail tools (using Exim)
gforge-mta-exim4 - Collaborative development tool - mail tools (using Exim 4)
gforge-mta-postfix - Collaborative development tool - mail tools (using
Postfix)
gforge-shell-ldap - Collaborative development tool - shell accounts (using
LDAP)
gforge-sourceforge-transition - Sourceforge to Gforge data transition
gforge-web-apache - Collaborative development tool - web part (using Apache)
sourceforge - Empty package to help with Sourceforge to Gforge transition
Closes: 328224
Changes:
gforge (3.1-31sarge1) stable-security; urgency=high
.
* Backported XSS vulnerabilities (CVE-2005-2430) fix from the upstream
4.5 to 4.5.0.1 diff (Closes: #328224).
Files:
0452baf77a8669801e5c218405eb4c9e 868 devel optional gforge_3.1-31sarge1.dsc
c723b3a9efc016fd5449c4765d5de29c 1409879 devel optional gforge_3.1.orig.tar.gz
97f88bfe5581a40469e05ed66fc54568 288414 devel optional
gforge_3.1-31sarge1.diff.gz
318db8262b47625a9b356ff366743035 56332 devel optional
gforge_3.1-31sarge1_all.deb
ede5618a181e461a406de2dc50b6170a 92806 devel optional
gforge-common_3.1-31sarge1_all.deb
7a7901b7a5561c81fa46791cbab68cb3 1104456 devel optional
gforge-web-apache_3.1-31sarge1_all.deb
ae5600b12938d8bc47c947c48d408752 146398 devel optional
gforge-db-postgresql_3.1-31sarge1_all.deb
a9e7b482891a637d92eb73e44f5b9550 64966 devel optional
gforge-mta-exim4_3.1-31sarge1_all.deb
408e9f6f06dbfbcb766285a8dfc42d6c 64490 devel optional
gforge-mta-exim_3.1-31sarge1_all.deb
16a2613639daa916d669cc376085e78a 64580 devel optional
gforge-mta-postfix_3.1-31sarge1_all.deb
5f9bd90fa83c17088fe250c5cd82b251 60932 devel optional
gforge-shell-ldap_3.1-31sarge1_all.deb
927bada7cf4d87f0963b6a0d4dbfb683 98282 devel optional
gforge-cvs_3.1-31sarge1_all.deb
6e357bc18e5265c2f3ac302859a00892 59784 devel optional
gforge-ftp-proftpd_3.1-31sarge1_all.deb
973ded7bd24d7aaa1dfd9cdc0d931ad5 70378 devel optional
gforge-ldap-openldap_3.1-31sarge1_all.deb
7408e95a4db4353731eacd8bf274e8bc 72456 devel optional
gforge-dns-bind9_3.1-31sarge1_all.deb
1a6a3a1970ebc40751620f7eb9496143 58032 devel optional
gforge-lists-mailman_3.1-31sarge1_all.deb
1614549a1d31c8f6054858c94043efa6 59046 devel optional
gforge-sourceforge-transition_3.1-31sarge1_all.deb
7797f135a0456ee0366afe249ffdd4ce 55784 devel extra
sourceforge_3.1-31sarge1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEh0WzXm3vHE4uyloRAvtrAJ9M/RYMw7XYrPuGunjS9xooEqjxdwCfW++E
vBX1apoRjJ1rH95qcza08W4=
=LAJE
-----END PGP SIGNATURE-----
--- End Message ---
