Bug#596112: marked as done (weborf: directory traversal discovered)

Wed, 08 Sep 2010 16:24:19 -0700 

Your message dated Wed, 08 Sep 2010 23:22:00 +0000
with message-id <[email protected]>
and subject line Bug#596112: fixed in weborf 0.12.3-1
has caused the Debian Bug report #596112,
regarding weborf: directory traversal discovered
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
596112: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596112
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: weborf
Version: 0.12.2-1
Severity: grave
Tags: security
Justification: user security hole

Directory traversal was discovered.
(i will publish the exploit later on)


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'experimental'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34.6-era (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages weborf depends on:
ii  libc6                         2.11.2-5   Embedded GNU C Library: Shared lib

weborf recommends no packages.

Versions of packages weborf suggests:
ii  php5-cgi                      5.3.2-2    server-side, HTML-embedded scripti

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: weborf
Source-Version: 0.12.3-1

We believe that the bug you reported is fixed in the latest version of
weborf, which is due to be installed in the Debian FTP archive:

weborf-daemon_0.12.3-1_all.deb
  to main/w/weborf/weborf-daemon_0.12.3-1_all.deb
weborf_0.12.3-1.debian.tar.gz
  to main/w/weborf/weborf_0.12.3-1.debian.tar.gz
weborf_0.12.3-1.dsc
  to main/w/weborf/weborf_0.12.3-1.dsc
weborf_0.12.3-1_i386.deb
  to main/w/weborf/weborf_0.12.3-1_i386.deb
weborf_0.12.3.orig.tar.gz
  to main/w/weborf/weborf_0.12.3.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvo 'LtWorf' Tomaselli <[email protected]> (supplier of updated weborf 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 08 Sep 2010 22:24:21 +0200
Source: weborf
Binary: weborf weborf-daemon
Architecture: source i386 all
Version: 0.12.3-1
Distribution: unstable
Urgency: low
Maintainer: Salvo 'LtWorf' Tomaselli <[email protected]>
Changed-By: Salvo 'LtWorf' Tomaselli <[email protected]>
Description: 
 weborf     - Fast and small webserver meant to be run without root privileges
 weborf-daemon - init script for weborf
Closes: 596112
Changes: 
 weborf (0.12.3-1) unstable; urgency=low
 .
   * New upstream release
   * Fixes directory traversal (Closes: #596112)
Checksums-Sha1: 
 0b75666c2c1c3f879a5080dc6694ccfec8801331 1049 weborf_0.12.3-1.dsc
 db0fdf017b1af00bb7529582542a07d94d7578ef 58184 weborf_0.12.3.orig.tar.gz
 035d1dccb758394effafd3a7788fae78a74f3d6a 3060 weborf_0.12.3-1.debian.tar.gz
 6cbc7c7806af81827be0b030636e09236917ec6c 28002 weborf_0.12.3-1_i386.deb
 7c08a1b809a5032136ca6ced7f31a5c83eb1409e 10156 weborf-daemon_0.12.3-1_all.deb
Checksums-Sha256: 
 08eebaf59344d681f85e39cb0282e1aaab0b47b0d97afa58b7b25467b023261e 1049 
weborf_0.12.3-1.dsc
 190b3f6b8a465da2dcca1a0a535c05528145dc3866525e06f3fe0ed5e696e91b 58184 
weborf_0.12.3.orig.tar.gz
 61ad502b094bf973479f7003caadf0417f0b56a9f24a7820312ebfe73b83ed2f 3060 
weborf_0.12.3-1.debian.tar.gz
 5c83662baac84f9f284238b0cecb8d5a7da79a5fbf756d0e340c6b4cd36e7b72 28002 
weborf_0.12.3-1_i386.deb
 e0daa3b84c53e2807afb24a067651dfde935242fdba27dbda6d774afcd779382 10156 
weborf-daemon_0.12.3-1_all.deb
Files: 
 5e9420da8b590bf5eeb48481dcef817a 1049 httpd optional weborf_0.12.3-1.dsc
 52105021b5d547603a5e4dfbe49ecf6b 58184 httpd optional weborf_0.12.3.orig.tar.gz
 b61aeb05e36425b26ce3e7c09fda1fb2 3060 httpd optional 
weborf_0.12.3-1.debian.tar.gz
 7cafbfb54ebfcafdfcb3651b6551d5cd 28002 httpd optional weborf_0.12.3-1_i386.deb
 dd1457f423448912bb7c4d6002fd91b0 10156 httpd optional 
weborf-daemon_0.12.3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyIFlAACgkQ5qqQFxOSsXR/vQCeOtdhvmHTpoKTN2YhiKOThMlY
2B4An3Hc6MCE/TjYiC3ekQ8K2wuZ8diL
=S1EL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to