Your message dated Sun, 17 Jan 2010 18:17:51 +0000
with message-id <[email protected]>
and subject line Bug#555237: fixed in poker-network 1.7.6-1
has caused the Debian Bug report #555237,
regarding python-poker-network: CVE-2007-2383 and CVE-2008-7720 prototypejs
vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
555237: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555237
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: python-poker-network
version: 1.0.30-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your package embeds the following prototype.js versions:
sid: 1.4.0
lenny: N/A
etch: 1.4.0
This is a mass-filing, and the only checking done so far is a version
comparison, so please determine whether or not your package is itself
affected or not. If it is not affected please close the bug with a
message indicating this along with what you did to check.
The version of your package specified above is the earliest version
with the affected embedded code. If this version is in one or both of
the stable releases and you are affected, please coordinate with the
release team to prepare a proposed-update for your package to
stable/oldstable.
There are patches available for CVE-2007-2383 [2] and a backport for
prototypejs 1.5 for CVE-2008-7720 [3].
If you correct the problem in unstable, please make sure to include the
CVE number in your changelog.
Thank you for your attention to this problem.
Mike
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
[2] http://dev.rubyonrails.org/ticket/7910
[3]
http://prototypejs.org/2008/1/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security
--- End Message ---
--- Begin Message ---
Source: poker-network
Source-Version: 1.7.6-1
We believe that the bug you reported is fixed in the latest version of
poker-network, which is due to be installed in the Debian FTP archive:
poker-network_1.7.6-1.diff.gz
to main/p/poker-network/poker-network_1.7.6-1.diff.gz
poker-network_1.7.6-1.dsc
to main/p/poker-network/poker-network_1.7.6-1.dsc
poker-network_1.7.6.orig.tar.gz
to main/p/poker-network/poker-network_1.7.6.orig.tar.gz
poker-web_1.7.6-1_all.deb
to main/p/poker-network/poker-web_1.7.6-1_all.deb
python-poker-network_1.7.6-1_all.deb
to main/p/poker-network/python-poker-network_1.7.6-1_all.deb
python-poker-prizes_1.7.6-1_all.deb
to main/p/poker-network/python-poker-prizes_1.7.6-1_all.deb
python-poker-stats_1.7.6-1_all.deb
to main/p/poker-network/python-poker-stats_1.7.6-1_all.deb
python-poker2d_1.7.6-1_i386.deb
to main/p/poker-network/python-poker2d_1.7.6-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Loic Dachary (OuoU) <[email protected]> (supplier of updated poker-network
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 17 Jan 2010 17:33:23 +0100
Source: poker-network
Binary: python-poker-network python-poker2d poker-web python-poker-stats
python-poker-prizes
Architecture: source all i386
Version: 1.7.6-1
Distribution: unstable
Urgency: low
Maintainer: Loic Dachary (OuoU) <[email protected]>
Changed-By: Loic Dachary (OuoU) <[email protected]>
Description:
poker-web - Web interface to a poker-network server
python-poker-network - multiplayer poker server and client library
python-poker-prizes - real prizes addon for poker-network
python-poker-stats - statistics poker-network client
python-poker2d - GTK poker client to play on a poker-network server
Closes: 475290 550285 555237 555238 557916
Changes:
poker-network (1.7.6-1) unstable; urgency=low
.
* new upstream version
* remove prototype.js (Closes: #555237) (Closes: #555238) (Closes: #475290)
* use *-packages instead of site-package (Closes: #557916)
* acknowledge NMU (Closes: #550285)
Checksums-Sha1:
fa1a0428351c48889659f39ba5d886133d3152d7 1526 poker-network_1.7.6-1.dsc
93b95b677091837c9fd5d2e4668669a79cc7960e 2732918
poker-network_1.7.6.orig.tar.gz
6b4579a05ef1b18d0146be1d4dfa61a927eeed80 41964 poker-network_1.7.6-1.diff.gz
cc8790d7469eec408acc230fd391e25e27947bd6 342156
python-poker-network_1.7.6-1_all.deb
fce85da32839eeed033cfb3a6c48b7373dcf66ef 263726 poker-web_1.7.6-1_all.deb
a504ab1cc5dce8a4a1f98abb4e811dfd5f76a11f 117572
python-poker-stats_1.7.6-1_all.deb
462d6c48460af310b91f223c4aaa473c96f8ec3b 114848
python-poker-prizes_1.7.6-1_all.deb
1b90a6748392575c585a6e367b6212b8753fab60 1614822
python-poker2d_1.7.6-1_i386.deb
Checksums-Sha256:
bfec8ac1b0b84feebd86d6f18c46bcf57295c9736788837b069d5f0228334acb 1526
poker-network_1.7.6-1.dsc
3cd1fb85f2bb926972d3fe48fec3bc618fb5d9525167736a103404707518cb11 2732918
poker-network_1.7.6.orig.tar.gz
0ffa770ca4f93daeeceb7ee325fa63ef26093658a244d0d5d9b7aea60d79ae02 41964
poker-network_1.7.6-1.diff.gz
89162f9e5b6debdcd373480993072bd2607ba2aa7fb4b6bfe75213a5c8412221 342156
python-poker-network_1.7.6-1_all.deb
e72f2e6e5969f7e03a25e7dbb53c11f0091527aa3003d333824d7e564d867a60 263726
poker-web_1.7.6-1_all.deb
8b81353b151a20da8f214b915e155e7bc4ef540a8870ea19c6070f0cc1ab009f 117572
python-poker-stats_1.7.6-1_all.deb
1fba804632248da3e1de825f04f7eff069d70af4eb0d4c13e07b8af2c0df2804 114848
python-poker-prizes_1.7.6-1_all.deb
0537754faee15202f4aea77ffe67342c2ad8eb0270042f9a7dbc02db529d3f70 1614822
python-poker2d_1.7.6-1_i386.deb
Files:
b794e423aa33f1d52f0781f2ae61582c 1526 python extra poker-network_1.7.6-1.dsc
848b84080610afa2c502ad95bde1496b 2732918 python extra
poker-network_1.7.6.orig.tar.gz
13a7dade20ce7223d14b1f94c18b835d 41964 python extra
poker-network_1.7.6-1.diff.gz
aadc7b461526034d4db1fc1dcdcf02b2 342156 python extra
python-poker-network_1.7.6-1_all.deb
86572738dc73f036be58c5037a825a7e 263726 web optional poker-web_1.7.6-1_all.deb
e78f91fad04df78e45233e9a24ac07ef 117572 python optional
python-poker-stats_1.7.6-1_all.deb
6539e9bfd04f33a4fd2f80b8b75a0907 114848 python optional
python-poker-prizes_1.7.6-1_all.deb
d1622a550e09a280c4715f7533462d31 1614822 games extra
python-poker2d_1.7.6-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktTTvgACgkQ8dLMyEl6F20V9wCfZiBhpXkMwQn5gv9Uur5+JoaW
sqUAn0SZ+iDguXv6b3NrBMVb7E0a5wmr
=1RGR
-----END PGP SIGNATURE-----
--- End Message ---
