Your message dated Wed, 13 Jan 2010 22:19:49 +0000
with message-id <[email protected]>
and subject line Bug#555229: fixed in knowledgeroot 0.9.9.5-1
has caused the Debian Bug report #555229,
regarding knowledgeroot: CVE-2007-2383 and CVE-2008-7720 prototypejs
vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
555229: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555229
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: knowledgeroot
version: 0.9.7.3-2
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your package embeds the following prototype.js versions:
sid: 1.5.0
lenny: 1.5.0
etch: 1.5.0_rc0
This is a mass-filing, and the only checking done so far is a version
comparison, so please determine whether or not your package is itself
affected or not. If it is not affected please close the bug with a
message indicating this along with what you did to check.
The version of your package specified above is the earliest version
with the affected embedded code. If this version is in one or both of
the stable releases and you are affected, please coordinate with the
release team to prepare a proposed-update for your package to
stable/oldstable.
There are patches available for CVE-2007-2383 [2] and a backport for
prototypejs 1.5 for CVE-2008-7720 [3].
If you correct the problem in unstable, please make sure to include the
CVE number in your changelog.
Thank you for your attention to this problem.
Mike
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
[2] http://dev.rubyonrails.org/ticket/7910
[3]
http://prototypejs.org/2008/1/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security
--- End Message ---
--- Begin Message ---
Source: knowledgeroot
Source-Version: 0.9.9.5-1
We believe that the bug you reported is fixed in the latest version of
knowledgeroot, which is due to be installed in the Debian FTP archive:
knowledgeroot_0.9.9.5-1.diff.gz
to main/k/knowledgeroot/knowledgeroot_0.9.9.5-1.diff.gz
knowledgeroot_0.9.9.5-1.dsc
to main/k/knowledgeroot/knowledgeroot_0.9.9.5-1.dsc
knowledgeroot_0.9.9.5-1_all.deb
to main/k/knowledgeroot/knowledgeroot_0.9.9.5-1_all.deb
knowledgeroot_0.9.9.5.orig.tar.gz
to main/k/knowledgeroot/knowledgeroot_0.9.9.5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frank Habermann <[email protected]> (supplier of updated knowledgeroot
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 06 Dec 2009 22:00:00 +0200
Source: knowledgeroot
Binary: knowledgeroot
Architecture: source all
Version: 0.9.9.5-1
Distribution: unstable
Urgency: low
Maintainer: Frank Habermann <[email protected]>
Changed-By: Frank Habermann <[email protected]>
Description:
knowledgeroot - web-based knowledgebase system
Closes: 555229 555230
Changes:
knowledgeroot (0.9.9.5-1) unstable; urgency=low
.
* new upstream version
* changed standars version to 3.8.3
* changed debhelper version
* added quillt support
* using minimalistic rules
* require prototype (Closes: #555230, #555229)
* require php-gettext
Checksums-Sha1:
7be51228b4c6d0d846639bb914f15c9b20ccfaf7 1039 knowledgeroot_0.9.9.5-1.dsc
7fcd4b8f7c470202dc9078371f68c65bac9a5d3b 2050769
knowledgeroot_0.9.9.5.orig.tar.gz
6457d74c16736bae7b9d4cf328f1fddcb5b84886 8355 knowledgeroot_0.9.9.5-1.diff.gz
cc1872b6aef0fb1cbc607f016180e5ef7bc5bbe7 358698 knowledgeroot_0.9.9.5-1_all.deb
Checksums-Sha256:
24ca00130e5732dd026a89ce5edaa51b48605122da57a77480ea71f693721c6c 1039
knowledgeroot_0.9.9.5-1.dsc
f740384a7b4a0f4939679e06ea8423ab7654e58dee91a593237e6997458709c1 2050769
knowledgeroot_0.9.9.5.orig.tar.gz
562b33273d4cf2395a750065eafa76252539720dcf076367c31c53efea37e540 8355
knowledgeroot_0.9.9.5-1.diff.gz
fba9ab507cf6a4d0909804084c718aaf3d44f0d5869b931addf473a39cc1ddbc 358698
knowledgeroot_0.9.9.5-1_all.deb
Files:
87162fffb8c547bbac2cf57d566876d7 1039 web optional knowledgeroot_0.9.9.5-1.dsc
5ba9d3d35c8d2446aa3b1530fadbf4bf 2050769 web optional
knowledgeroot_0.9.9.5.orig.tar.gz
a3ec8d1515f38864391a528d1b0e0fc2 8355 web optional
knowledgeroot_0.9.9.5-1.diff.gz
cde9e764aa8539b607d0eb559998c06e 358698 web optional
knowledgeroot_0.9.9.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktOPRsACgkQ+C5cwEsrK54xFgCeNKs+EjecHMllXZarct+hxoh8
PyoAoLEp90sdqOloC0/pp/imlkukuJTO
=EDq2
-----END PGP SIGNATURE-----
--- End Message ---
