Your message dated Thu, 27 Aug 2009 10:02:35 +0000
with message-id <[email protected]>
and subject line Bug#543822: fixed in buildbot 0.7.11p3-1
has caused the Debian Bug report #543822,
regarding CVE-2009-2959: Cross-site scripting (XSS) vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
543822: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543822
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: buildbot
Version: 0.7.10p1-1,0.7.8-1
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for buildbot.
CVE-2009-2959[0]:
| Cross-site scripting (XSS) vulnerability in the waterfall web status
| view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1
| allows remote attackers to inject arbitrary web script or HTML via
| unspecified vectors.
According to the vendor 0.7.4-3 in etch isn't affected
Please coordinate with the security team ([email protected]) to
prepare packages for the stable releases.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2959
http://security-tracker.debian.net/tracker/CVE-2009-2959
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqWNXcACgkQNxpp46476aqgOACfTvbYZPNmp/4FfVSVVvW1wFbh
U+0AmgKJ4ZvcKwV3bovr0nEy1MLInFLi
=JaSm
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: buildbot
Source-Version: 0.7.11p3-1
We believe that the bug you reported is fixed in the latest version of
buildbot, which is due to be installed in the Debian FTP archive:
buildbot_0.7.11p3-1.diff.gz
to pool/main/b/buildbot/buildbot_0.7.11p3-1.diff.gz
buildbot_0.7.11p3-1.dsc
to pool/main/b/buildbot/buildbot_0.7.11p3-1.dsc
buildbot_0.7.11p3-1_all.deb
to pool/main/b/buildbot/buildbot_0.7.11p3-1_all.deb
buildbot_0.7.11p3.orig.tar.gz
to pool/main/b/buildbot/buildbot_0.7.11p3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <[email protected]> (supplier of updated buildbot package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 27 Aug 2009 08:23:06 +0200
Source: buildbot
Binary: buildbot
Architecture: source all
Version: 0.7.11p3-1
Distribution: unstable
Urgency: low
Maintainer: Matthias Klose <[email protected]>
Changed-By: Matthias Klose <[email protected]>
Description:
buildbot - a system to automate the compile/test cycle
Closes: 503288 512770 517267 543822
Changes:
buildbot (0.7.11p3-1) unstable; urgency=low
.
* New upstream version.
- Fix CVE-2009-2959[0], cross-site scripting (XSS) vulnerability.
Closes: #543822.
- Fix buildbot serving CSS as text/plain, breaking styling in Firefox.
Closes: #517267.
* Fixed in 0.7.10: test output flooded in waterfall display.
Closes: #512770.
* Fix /etc/init.d/buildbot reload crashing buildslaves (Petr Rockai).
Closes: #503288.
* Fix some lintian warnings.
Checksums-Sha1:
87b550fce1ab4d7b0c69e2b620c5761cb85cb095 1118 buildbot_0.7.11p3-1.dsc
3c0fc8bbdb2db92450d7294da11fc40979e94e63 1019706 buildbot_0.7.11p3.orig.tar.gz
0066ca3f315183b74f438c94d0a5c464e33e5266 5344 buildbot_0.7.11p3-1.diff.gz
53249441895e413e57ab585d37f34c56b1933800 1010894 buildbot_0.7.11p3-1_all.deb
Checksums-Sha256:
a0680717e89bb4b5e83dbe440feea4b1a0a404d6261143eb76c13b40f5ada863 1118
buildbot_0.7.11p3-1.dsc
5bc20a29e761c3eb191c8d7b36ef10929f7c371c50dfeeec426ce3589c8ce740 1019706
buildbot_0.7.11p3.orig.tar.gz
04e43a17b5bcc9b28b67f650e050e03c678c0c09eed7912bf90655827e040431 5344
buildbot_0.7.11p3-1.diff.gz
b49c478eee6abbc0abfafcb0ee530b83fa04131a654ea67a4b1d0c426b1083d2 1010894
buildbot_0.7.11p3-1_all.deb
Files:
826a50ef3fa437323f18df9db802c4c8 1118 devel optional buildbot_0.7.11p3-1.dsc
6e4ef001d11caf270e2ed7d1d7d43318 1019706 devel optional
buildbot_0.7.11p3.orig.tar.gz
056f5ba20befa772600e98708b680125 5344 devel optional
buildbot_0.7.11p3-1.diff.gz
6e60ee6c93b1997b4f87165c01345b9e 1010894 devel optional
buildbot_0.7.11p3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqWS9sACgkQStlRaw+TLJw12ACfU5E60D9K977eZKM2/BvDNIH2
XikAoLhoLUk0DaaeDjBnbgx4igotHwDN
=FWNH
-----END PGP SIGNATURE-----
--- End Message ---
