Your message dated Sat, 2 Dec 2006 13:20:17 +0100
with message-id <[EMAIL PROTECTED]>
and subject line fvwm: CRLF injection in fvwm-menu-directory (CVE-2006-5969)
also in stable
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: fvwm
Version: 2.5.12-5
Severity: grave
Tags: stable, security
Hi,
the CRLF injection in fvwm-menu-directory (CVE-2006-5969) as
documented at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5969
http://www.gentoo-portage.com/x11-wm/fvwm/ChangeLog
http://thread.gmane.org/gmane.comp.window-managers.fvwm.devel/2419/focus=2419
which has been fixed in Sid with the upload of 1:2.5.18-2 on 10th of
November 2006 also exist in Sarge's version of fvwm and should be
fixed there, too.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.33.2-1-dphys-k8-smp-64gb
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages fvwm depends on:
ii gdk-imlib1 1.9.14-16.2 imaging library for use with gtk (
ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii libfontconfig1 2.3.1-2 generic font configuration library
ii libfreetype6 2.1.7-6 FreeType 2 font engine, shared lib
ii libfribidi0 0.10.4-6 Free Implementation of the Unicode
ii libglib1.2 1.2.10-9 The GLib library of C routines
ii libgtk1.2 1.2.10-17 The GIMP Toolkit set of widgets fo
ii libice6 4.3.0.dfsg.1-14sarge2 Inter-Client Exchange library
ii libncurses5 5.4-4 Shared libraries for terminal hand
ii libpng12-0 1.2.8rel-1 PNG library - runtime
ii libreadline4 4.3-11 GNU readline and history libraries
ii librplay3 3.3.2-8 Shared libraries for the rplay net
ii libsm6 4.3.0.dfsg.1-14sarge2 X Window System Session Management
ii libstroke0 0.5.1-4 support for mouse strokes like tho
ii libx11-6 4.3.0.dfsg.1-14sarge2 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-14sarge2 X Window System miscellaneous exte
ii libxft2 2.1.7-1 FreeType-based font drawing librar
ii libxi6 4.3.0.dfsg.1-14sarge2 X Window System Input extension li
ii libxpm4 4.3.0.dfsg.1-14sarge2 X pixmap library
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii xlibs 4.3.0.dfsg.1-14sarge2 X Keyboard Extension (XKB) configu
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- debconf information:
fvwm/upgrade/pre_2.5.8: false
--- End Message ---
--- Begin Message ---
Version: 1:2.5.18-2
* Axel Beckert ([EMAIL PROTECTED]) [061124 20:25]:
> which has been fixed in Sid with the upload of 1:2.5.18-2 on 10th of
> November 2006 also exist in Sarge's version of fvwm and should be
> fixed there, too.
just making sure our testing scripts are not confused by it.
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
--- End Message ---
