Your message dated Thu, 06 Nov 2008 22:32:09 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#504681: fixed in pgfouine 1.0-1.1 has caused the Debian Bug report #504681, regarding SA32559: GeSHi Unspecified Code Execution Vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 504681: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504681 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: pgfouine Severity: grave Version: 0.7-1 Tags: security Hi, The following SA (Secunia Advisory) id was published for GeSHi, which affects the embedded copy in pgfouine[0]. SA32559[1]: > A vulnerability has been reported in GeSHI, which can potentially be > exploited by malicious people to compromise a vulnerable system. > > The vulnerability is caused due to an unspecified error, which may allow > execution of arbitrary code on an affected system. > > The vulnerability is reported in versions prior to 1.0.8.1. It would be great if pgfouine just depended on php-geshi (also available in etch) and the include/require calls changed to use the copy provided by that package, to avoid shipping yet another embedded code copy. If you fix the vulnerability please also make sure to include the SA id in the changelog entry. [0]usr/share/pgfouine/include/reporting/geshi/geshi.php [1]http://secunia.com/Advisories/32559/ Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.netsignature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---Source: pgfouine Source-Version: 1.0-1.1 We believe that the bug you reported is fixed in the latest version of pgfouine, which is due to be installed in the Debian FTP archive: pgfouine_1.0-1.1.diff.gz to pool/main/p/pgfouine/pgfouine_1.0-1.1.diff.gz pgfouine_1.0-1.1.dsc to pool/main/p/pgfouine/pgfouine_1.0-1.1.dsc pgfouine_1.0-1.1_all.deb to pool/main/p/pgfouine/pgfouine_1.0-1.1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Barry deFreese <[EMAIL PROTECTED]> (supplier of updated pgfouine package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 06 Nov 2008 16:50:59 -0500 Source: pgfouine Binary: pgfouine Architecture: source all Version: 1.0-1.1 Distribution: unstable Urgency: low Maintainer: Clément Stenac <[EMAIL PROTECTED]> Changed-By: Barry deFreese <[EMAIL PROTECTED]> Description: pgfouine - PostgreSQL log analyzer Closes: 504681 Changes: pgfouine (1.0-1.1) unstable; urgency=low . * Non-maintainer upload. * 30-use-php-gesi. Use php-gesi. (Closes: #504681). + Thanks to Marcos Marado for the patch. * Remove .pc dir on clean. * Remove binary-arch commands as package is binary-indep. * Remove unnecessary linda override file. * Bump Standards Version to 3.8.0. (No changes needed). Checksums-Sha1: 5f892358ef438c7f735875486efedfc1e5b3f893 953 pgfouine_1.0-1.1.dsc 1fe3a4afbc50a511e45a493b9e718a4333bd69bf 5403 pgfouine_1.0-1.1.diff.gz 6e662ee100e8df9f876310039e743a6e66804e77 181164 pgfouine_1.0-1.1_all.deb Checksums-Sha256: cb023501e19b73a3d7b6cb2f6cf6ea7839c1376c9ce897f694fc8b7ba827a7bd 953 pgfouine_1.0-1.1.dsc 01c22c9304a10e89ae7f4c1846dd53d5190804a21f8a674c573e75a8fe43d80a 5403 pgfouine_1.0-1.1.diff.gz 7ecc89d5a1e17d58ceee62754727c80712daac2103be8d6df7e8a752e9bf4e2c 181164 pgfouine_1.0-1.1_all.deb Files: d592f43cf7fb3415a9a03fd4c30c34ee 953 misc optional pgfouine_1.0-1.1.dsc 0e162647ba055a35faedb50876591ad4 5403 misc optional pgfouine_1.0-1.1.diff.gz 0aab02db3d7c19586683334af1d49afd 181164 misc optional pgfouine_1.0-1.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkTbgQACgkQ5ItltUs5T35tnwCgxpUlI7kJb35ntqplb9yvnRNQ vgYAoIVmcXzVOw3H6Si3P2k0t8jP4McD =ZlBv -----END PGP SIGNATURE-----
--- End Message ---