Your message dated Sun, 02 Nov 2008 11:47:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504178: fixed in ktorrent2.2 2.2.8.dfsg.1-1
has caused the Debian Bug report #504178,
regarding KTorrent Web Interface Torrent Upload and PHP Code Injection
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
504178: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: ktorrent
Version: 3.1.1+dfsg.1-1
Severity: important
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- From Secunia:

Some vulnerabilities have been discovered in KTorrent, which can be
exploited by malicious users to compromise a vulnerable system and
malicious people to bypass certain security restrictions.

1) The web interface plugin does not properly restrict access to the
torrent upload functionality. This can be exploited to upload
arbitrary torrent files by sending specially crafted HTTP POST
request to the affected application.

2) The web interface plugin does not properly sanitise request
parameters before passing them to the PHP interpreter. This can be
exploited to inject and execute arbitrary PHP code by passing
specially crafted parameters to the PHP scripts of the web
interface.

Successful exploitation of the vulnerabilities requires that the web
interface plugin is enabled (not the default setting).

The vulnerabilities are confirmed in version 3.1.3. Prior versions
may also be affected.

SOLUTION:
Update to version 3.1.4.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://ktorrent.org/?q=node/23



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkG3kkACgkQNxpp46476apjzwCcCVWwk16L3A1BJYossCFexxC3
KiMAnRx7vWlkbYZ8IT2B6We7YgASOSQ1
=wju5
-----END PGP SIGNATURE-----



--- End Message ---
--- Begin Message ---
Source: ktorrent2.2
Source-Version: 2.2.8.dfsg.1-1

We believe that the bug you reported is fixed in the latest version of
ktorrent2.2, which is due to be installed in the Debian FTP archive:

ktorrent2.2-dbg_2.2.8.dfsg.1-1_amd64.deb
  to pool/main/k/ktorrent2.2/ktorrent2.2-dbg_2.2.8.dfsg.1-1_amd64.deb
ktorrent2.2_2.2.8.dfsg.1-1.diff.gz
  to pool/main/k/ktorrent2.2/ktorrent2.2_2.2.8.dfsg.1-1.diff.gz
ktorrent2.2_2.2.8.dfsg.1-1.dsc
  to pool/main/k/ktorrent2.2/ktorrent2.2_2.2.8.dfsg.1-1.dsc
ktorrent2.2_2.2.8.dfsg.1-1_amd64.deb
  to pool/main/k/ktorrent2.2/ktorrent2.2_2.2.8.dfsg.1-1_amd64.deb
ktorrent2.2_2.2.8.dfsg.1.orig.tar.gz
  to pool/main/k/ktorrent2.2/ktorrent2.2_2.2.8.dfsg.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Modestas Vainius <[EMAIL PROTECTED]> (supplier of updated ktorrent2.2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 02 Nov 2008 12:59:04 +0200
Source: ktorrent2.2
Binary: ktorrent2.2 ktorrent2.2-dbg
Architecture: source amd64
Version: 2.2.8.dfsg.1-1
Distribution: unstable
Urgency: low
Maintainer: Modestas Vainius <[EMAIL PROTECTED]>
Changed-By: Modestas Vainius <[EMAIL PROTECTED]>
Description: 
 ktorrent2.2 - KTorrent v2.2.x - BitTorrent client for KDE3
 ktorrent2.2-dbg - KTorrent v2.2.x debugging symbols
Closes: 504178
Changes: 
 ktorrent2.2 (2.2.8.dfsg.1-1) unstable; urgency=low
 .
   * New upstream release:
     - WebInterface security fixes only (Closes: #504178).
Checksums-Sha1: 
 ab63129be7b5aa41b43ebcd9ed6dd7d9e24573d6 1319 ktorrent2.2_2.2.8.dfsg.1-1.dsc
 b5ceeb7916c87e7047de4d6ae724decad5c63fb9 3269672 
ktorrent2.2_2.2.8.dfsg.1.orig.tar.gz
 e3641f04d33d2918c82e830081520c4fc6ac7b6b 531934 
ktorrent2.2_2.2.8.dfsg.1-1.diff.gz
 48cb40e6f58db8d12ecf0a237c23be259a7c5646 2820872 
ktorrent2.2_2.2.8.dfsg.1-1_amd64.deb
 894002da4ce55bb0514c1a9d02287994e4bfd17d 4805390 
ktorrent2.2-dbg_2.2.8.dfsg.1-1_amd64.deb
Checksums-Sha256: 
 cec0cd9e2c8a2985904e38c75e3cf91c9ef2db71e7f79db0e2ad27785bc943b9 1319 
ktorrent2.2_2.2.8.dfsg.1-1.dsc
 33b7fcb50ba9f4d6ce2f21d1a2f75192332afd1bbc710a556005a30fae29a45e 3269672 
ktorrent2.2_2.2.8.dfsg.1.orig.tar.gz
 d1d091da9931d26e4ddc70957cef7a76f7b3c397dbe6b9ff61ac11b8657504ec 531934 
ktorrent2.2_2.2.8.dfsg.1-1.diff.gz
 94b178c3076fce9ea24d5f9cf21f157e96d3d2f3892b5de03f215ab92262e6f0 2820872 
ktorrent2.2_2.2.8.dfsg.1-1_amd64.deb
 06f7ea0ab7ac4637c13956a9b4b2d9ffe13fa979f74a19f412cc2ba07854b222 4805390 
ktorrent2.2-dbg_2.2.8.dfsg.1-1_amd64.deb
Files: 
 e056ad4dffdb5cb42c890ce961b6f18a 1319 kde optional 
ktorrent2.2_2.2.8.dfsg.1-1.dsc
 f0ecded7bd02a309c13a5046ef2cf11b 3269672 kde optional 
ktorrent2.2_2.2.8.dfsg.1.orig.tar.gz
 aeb2349e99005fa5b0db74d84ef96efb 531934 kde optional 
ktorrent2.2_2.2.8.dfsg.1-1.diff.gz
 cdbf2fa95e149f4c0efe5153d4e27e6b 2820872 kde optional 
ktorrent2.2_2.2.8.dfsg.1-1_amd64.deb
 1b13ebb081acdfd60fc6acb0f06e05c9 4805390 kde extra 
ktorrent2.2-dbg_2.2.8.dfsg.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkNjp8ACgkQHO9JRnPq4hTlFACePuKxfz3X8VdvIn6/dLAiGa+a
qccAoPqbfQo47fMD36QgJBLERHQo1Sa2
=LkIb
-----END PGP SIGNATURE-----



--- End Message ---
_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-kde-extras

Reply via email to