Your message dated Sat, 03 Jun 2006 11:26:29 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#365371: fixed in beagle 0.2.6-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: beagle
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-1865
Beagle before 0.2.5 can produce certain insecure command lines to
launch external helper applications while indexing, which allows
attackers to execute arbitrary commands. NOTE: it is not immediately
clear whether this issue involves argument injection, shell
metacharacters, or other issues.
See:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189282
--- End Message ---
--- Begin Message ---
Source: beagle
Source-Version: 0.2.6-2
We believe that the bug you reported is fixed in the latest version of
beagle, which is due to be installed in the Debian FTP archive:
beagle-backend-evolution_0.2.6-2_all.deb
to pool/main/b/beagle/beagle-backend-evolution_0.2.6-2_all.deb
beagle-dev_0.2.6-2_i386.deb
to pool/main/b/beagle/beagle-dev_0.2.6-2_i386.deb
beagle_0.2.6-2.diff.gz
to pool/main/b/beagle/beagle_0.2.6-2.diff.gz
beagle_0.2.6-2.dsc
to pool/main/b/beagle/beagle_0.2.6-2.dsc
beagle_0.2.6-2_i386.deb
to pool/main/b/beagle/beagle_0.2.6-2_i386.deb
libbeagle0_0.2.6-2_i386.deb
to pool/main/b/beagle/libbeagle0_0.2.6-2_i386.deb
python2.4-beagle_0.2.6-2_i386.deb
to pool/main/b/beagle/python2.4-beagle_0.2.6-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jose Carlos Garcia Sogo <[EMAIL PROTECTED]> (supplier of updated beagle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 20 May 2006 15:50:03 +0200
Source: beagle
Binary: python2.4-beagle beagle beagle-dev beagle-backend-evolution libbeagle0
Architecture: source i386 all
Version: 0.2.6-2
Distribution: unstable
Urgency: low
Maintainer: Jose Carlos Garcia Sogo <[EMAIL PROTECTED]>
Changed-By: Jose Carlos Garcia Sogo <[EMAIL PROTECTED]>
Description:
beagle - indexing and search tool for your personal data
beagle-backend-evolution - evolution data backend for beagle
beagle-dev - library for accessing beagle (development files)
libbeagle0 - library for accessing beagle (development files)
python2.4-beagle - python bindings for beagle
Closes: 365371 366229 366288 366693 367309 367948
Changes:
beagle (0.2.6-2) unstable; urgency=low
.
* Version 0.2.6 fixes CVE-2006-1865. (Closes: #365371)
* debian/control: build depend on missing libmono-sqlite1.0-cil.
(Closes: #366229)
* beagle.postinst: change order of arguments to be compatible with
older adduser packages. (Closes: #366288)
* Move beagle-dev to devel section, as well as libbeagle0 and python-beagle
to libs section. (Closes: #367309)
* Change wrong postinst and postrm check for smokeping user. (Closes:
#367948)
* Force dependency on python2.4, by renaming python-beagle to
python2.4-beagle, and thus following Debian's Python Policy (Closes:
#366693)
Files:
e281eed9802935f73863e1c9c338bb0d 1094 gnome optional beagle_0.2.6-2.dsc
32f455b5b81ad5447f6c696fd15077af 35776 gnome optional beagle_0.2.6-2.diff.gz
d07e5a713e558bf210f2984a16c0925d 60190 gnome optional
beagle-backend-evolution_0.2.6-2_all.deb
40134f6e02fb033bf4c9fa0df9c8465a 1372866 gnome optional beagle_0.2.6-2_i386.deb
07ae0d99b578e9e46752fab9b024b6df 58210 libs optional
libbeagle0_0.2.6-2_i386.deb
857ab14efce9498fa9eec23d2c032d65 72048 devel optional
beagle-dev_0.2.6-2_i386.deb
c0b0ba837de2dd1d352712a9a58f46eb 43978 libs optional
python2.4-beagle_0.2.6-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEbyyKS+BYJZB4jhERAr8/AJ42MlAl+/XAFf4BxxMGxOTAX3Gq2wCgtEul
+vrErCFeMs+r37i4w3xEHvw=
=bqwc
-----END PGP SIGNATURE-----
--- End Message ---
