Your message dated Sun, 15 Nov 2009 01:17:15 +0000
with message-id <e1n9tjv-0007oy...@ries.debian.org>
and subject line Bug#555234: fixed in op-panel 0.30~dfsg-1
has caused the Debian Bug report #555234,
regarding op-panel: CVE-2007-2383 and CVE-2008-7720 prototypejs vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
555234: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555234
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: op-panel
version: 0.27.dfsg-2
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your package embeds the following prototype.js versions:
sid: 1.5.0_rc0
lenny: N/A
etch: N/A
This is a mass-filing, and the only checking done so far is a version
comparison, so please determine whether or not your package is itself
affected or not. If it is not affected please close the bug with a
message indicating this along with what you did to check.
The version of your package specified above is the earliest version
with the affected embedded code. If this version is in one or both of
the stable releases and you are affected, please coordinate with the
release team to prepare a proposed-update for your package to
stable/oldstable.
There are patches available for CVE-2007-2383 [2] and a backport for
prototypejs 1.5 for CVE-2008-7720 [3].
If you correct the problem in unstable, please make sure to include the
CVE number in your changelog.
Thank you for your attention to this problem.
Mike
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
[2] http://dev.rubyonrails.org/ticket/7910
[3]
http://prototypejs.org/2008/1/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security
--- End Message ---
--- Begin Message ---
Source: op-panel
Source-Version: 0.30~dfsg-1
We believe that the bug you reported is fixed in the latest version of
op-panel, which is due to be installed in the Debian FTP archive:
op-panel_0.30~dfsg-1.diff.gz
to main/o/op-panel/op-panel_0.30~dfsg-1.diff.gz
op-panel_0.30~dfsg-1.dsc
to main/o/op-panel/op-panel_0.30~dfsg-1.dsc
op-panel_0.30~dfsg-1_all.deb
to main/o/op-panel/op-panel_0.30~dfsg-1_all.deb
op-panel_0.30~dfsg.orig.tar.gz
to main/o/op-panel/op-panel_0.30~dfsg.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 555...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alejandro Rios P. <aler...@debian.org> (supplier of updated op-panel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 14 Nov 2009 17:49:31 -0500
Source: op-panel
Binary: op-panel
Architecture: source all
Version: 0.30~dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Alejandro Rios P. <aler...@debian.org>
Description:
op-panel - switchboard type application for the Asterisk PBX
Closes: 453727 472658 475294 482175 553551 555234
Changes:
op-panel (0.30~dfsg-1) unstable; urgency=high
.
* New upstream release.
.
[ Tzafrir Cohen ]
* New upstream release (Closes: #472658)
* Add myself to uploaders.
* Fix bashism in postinst script (Victor Seva) (Closes: #453727).
* Documented patches we use.
* Use binary-indep rules rather than binary-arch.
* Bump standards version to 3.8.0 (no change needed).
* wget -N conflicts with -O (Closes: #482175).
* Fix get-orig-source for ~dfsg.
.
[ Patrick Matthäi ]
* Do not ignore errors in postrm script.
Thanks lintian.
.
[ Alejandro Rios P. ]
* Remove prototype.js and symlink to libjs-prototype (Closes: #475294).
* Remove scriptaculous.js and symlink to libjs-scriptaculous
to make lintian happy.
* Don't install files under /var/www (Closes: #553551).
* Depend on libjs-prototype >= 1.6.0.2 to fix CVE-2007-2383 and
CVE-2008-7720, urgency=high (Closes: #555234).
* Bump standards version to 3.8.3:
* Create /var/run/op-panel on init script.
* Added debian/README.source to describe dpatch usage.
Checksums-Sha1:
c43728fb7de33134536431d1f31ed23d9bd3974f 1394 op-panel_0.30~dfsg-1.dsc
e1875e28533d5a6956e05e8b8b73f8bf93c3a4d6 265461 op-panel_0.30~dfsg.orig.tar.gz
33b1c37279ead7b9cbaf93bf10fcb8458de69c29 9548 op-panel_0.30~dfsg-1.diff.gz
98c9e6ca60779f19ea87599585ca836511607220 274440 op-panel_0.30~dfsg-1_all.deb
Checksums-Sha256:
73c1c6be9a33aa180b17ba8a62b16a30dfe2c25bbcf7a75c1583f21c8720d4c7 1394
op-panel_0.30~dfsg-1.dsc
34707803ef83370c11895551627e3e2b6d983c7bb3fc3f6817876e378f2237cd 265461
op-panel_0.30~dfsg.orig.tar.gz
9d5baf7942b376d11f275f686664c91accf310ad9d8c9ea86324541c043d6201 9548
op-panel_0.30~dfsg-1.diff.gz
0282d94c3ae384ac9ba2455542e573038d5854ebe75a63571b89e7fe0e1ee85c 274440
op-panel_0.30~dfsg-1_all.deb
Files:
6e7021873d22f65c61d83d1a8dd68f7e 1394 comm optional op-panel_0.30~dfsg-1.dsc
cc5e2a4ced5b5252049f08726e482aa2 265461 comm optional
op-panel_0.30~dfsg.orig.tar.gz
4803b541048ec18c2a321a5b552ece86 9548 comm optional
op-panel_0.30~dfsg-1.diff.gz
e5ab12468b7532054acdd00a19a0c7e8 274440 comm optional
op-panel_0.30~dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkr/VbcACgkQoby7LzBs3/Nt1ACg1LlNWuRDDxJLgxqYBYv+c/Yl
uaAAn1LyBUgBzSLIsW1GEfIqTCTPgj5C
=xayv
-----END PGP SIGNATURE-----
--- End Message ---
