Recordes si en tens algun repartit pel món ? El dv 02 de 09 del 2005 a les 13:05 +0200, en/na Martin Schulze va escriure: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - -------------------------------------------------------------------------- > Debian Security Advisory DSA 798-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > September 2nd, 2005 http://www.debian.org/security/faq > - -------------------------------------------------------------------------- > > Package : phpgroupware > Vulnerability : several > Problem-Type : remote > Debian-specific: no > CVE ID : CAN-2005-2498 CAN-2005-2600 CAN-2005-2761 > > Several vulnerabilities have been discovered in phpgroupware, a web > based groupware system written in PHP. The Common Vulnerabilities and > Exposures project identifies the following problems: > > CAN-2005-2498 > > Stefan Esser discovered another vulnerability in the XML-RPC > libraries that allows injection of arbitrary PHP code into eval() > statements. The XMLRPC component has been disabled. > > CAN-2005-2600 > > Alexander Heidenreich discovered a cross-site scriptiong problem > in the tree view of FUD Forum Bulletin Board Software, which is > also present in phpgroupware. > > CAN-2005-2761 > > A global cross-site scripting fix has also been included that > protects against potential malicious scripts embedded in CSS and > xmlns in various parts of the application and modules. > > This update also contains a postinst bugfix that has been approved for > the next update to the stable release. > > For the old stable distribution (woody) these problems don't apply. > > For the stable distribution (sarge) these problems have been fixed in > version 0.9.16.005-3.sarge2. > > For the unstable distribution (sid) these problems have been fixed in > version 0.9.16.008. > > We recommend that you upgrade your phpgroupware packages. > > > Upgrade Instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 3.1 alias sarge > - -------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2.dsc > Size/MD5 checksum: 1665 e10b74698fb0ccd70d9960c4e9745224 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2.diff.gz > Size/MD5 checksum: 36212 ce2653530ea7790676d68687ac9ab89a > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz > Size/MD5 checksum: 19442629 5edd5518e8f77174c12844f9cfad6ac4 > > Architecture independent components: > > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 176408 e62845031a7af8182d876d93ce3a653d > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 186202 70608b587089d644a3c2ff787f6ef3a0 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 100830 97695db70fdda862347531f7b22b40cd > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 323858 db8259d262257e59a620113a97dc5a75 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 23068 57ecbc9bed7823851eef44102e59e36d > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 434086 f8c1e175ab1b1dc0b337ca47f3670f30 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 6388 690fb88e32c50d3d00f440362c27dc78 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 33196 dab4c5133ea41f23a8752d93e8bd9786 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 42654 9db6fec8e4687d8fe6099a467a8246db > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 50302 f4aeb63d1aeaa72c2bbfa6a5c0f8f247 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 1117628 e467218f15060c0edbabaa85cc6d561e > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 1329298 95e88686c6212b6b1fcbfe404aef76ea > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 180022 5930fda4d00b9814600dd3164243e678 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 91478 d2bd73cc22569c599fcadbedcfe1abb6 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 166208 3b310fc7dedb0c055e1bbb451b61edd8 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 45422 37e0f53559aa145decf9ee82906f6225 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 36296 e196baee2c1c89fc3872ea91b4046845 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 1355378 5453aa07a4c4372f247a994d7122170d > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 63786 533a084f5b12d9471fd0bf8e7eb471a1 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 18712 feaa03f55c431cb7265c98dd5ea3ccbb > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 8472 4595ab292c8139cbe4596754403a471a > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 136256 9f5270506681b88bc7b55c459e7c6ab6 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 90472 8a82ed20e8bb22e098610bf988338966 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 25864 fe33aebc1fe6887b3a36624139216092 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 41170 971b81d589f9ec41661260c666d7b0ac > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 46804 749dcf3257343b66b0d866fdfee0a933 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 34828 4135f525d65dafde78ab72da65e84ab7 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 20566 cca6d535bd572adb89be5337c2ea4081 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpbrain_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 40058 e4fd11ffcc187d218e8e761443210de2 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpgwapi_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 9677508 a2e03ccffbc07f28b7e40610a223173b > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 116316 ea045a4a3bc0b30fefa3105d781f1e6b > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 31390 42add8aa672fcbad2bc45bcc86de345f > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 59496 907318b665a238d7d272125377e786ff > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 120176 6d4c7741a3706276da2e67f76ccda644 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-qmailldap_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 23352 8d9360711e849414a9e331b820a06e7e > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 29810 c1414f1646c86cc9548cd21091b9402d > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 267152 dc7418b235702e20c9c746116a41cd0b > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-sitemgr_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 902332 d18c60e4a310be6a8079659d9edb1ef3 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 19062 5c21d71782cb4790f0037ae7358c6366 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 23888 001d27f63b54f9a60788b0512f3b0315 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 21842 20bdf757aa0ba7d6e7ddd64454af89c5 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 50120 825d4e389401fe8d3ed3cc4f5bad71ed > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 55662 7594f3210ebd11e91f483aac7cc9c20b > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wiki_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 70170 01379389b829ca8fc81f820df5ba0f76 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 62818 303dbc331b9bdab5e476a6dacfe08a87 > > http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2_all.deb > Size/MD5 checksum: 156040 b02eea4ffa8eac66bab0e673df7a5afa > > > These files will probably be moved into the stable distribution on > its next update. > > - > --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security > dists/stable/updates/main > Mailing list: [email protected] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFDGDHkW5ql+IAeqTIRAgjKAJ0ZQXrESKCx66FOz2YV+Rkz0503aQCeLPqe > Jol2uYCvFJbwPaWvi2tinCg= > =lz87 > -----END PGP SIGNATURE----- > >
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
