Your message dated Wed, 11 Nov 2009 15:01:46 +0100 with message-id <20091111140146.ga5...@jwilk.net> and subject line Re: Bug#555239: webhelpers: CVE-2007-2383 and CVE-2008-7720 prototypejs vulnerabilities has caused the Debian Bug report #555239, regarding webhelpers: CVE-2007-2383 and CVE-2008-7720 prototypejs vulnerabilities to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 555239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555239 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---package: webhelpers version: 0.6-1 severity: serious tags: security Hi, Your package contains an embedded version of prototype.js that is vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1) [0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both. Your package embeds the following prototype.js versions: sid: 1.5.1.1 lenny: 1.5.1.1 etch: N/A This is a mass-filing, and the only checking done so far is a version comparison, so please determine whether or not your package is itself affected or not. If it is not affected please close the bug with a message indicating this along with what you did to check. The version of your package specified above is the earliest version with the affected embedded code. If this version is in one or both of the stable releases and you are affected, please coordinate with the release team to prepare a proposed-update for your package to stable/oldstable. There are patches available for CVE-2007-2383 [2] and a backport for prototypejs 1.5 for CVE-2008-7720 [3]. If you correct the problem in unstable, please make sure to include the CVE number in your changelog. Thank you for your attention to this problem. Mike [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220 [2] http://dev.rubyonrails.org/ticket/7910 [3] http://prototypejs.org/2008/1/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security
--- End Message ---
--- Begin Message ---Version: 0.3.4-2Your package contains an embedded version of prototype.js that is vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1) [0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.See bug #475291. -- Jakub Wilksignature.asc
Description: Digital signature
--- End Message ---