Your message dated Sun, 01 Feb 2009 17:17:06 +0000
with message-id <e1ltfwq-0004rz...@ries.debian.org>
and subject line Bug#513611: fixed in glpi 0.71.5-1
has caused the Debian Bug report #513611,
regarding glpi: 'ID' Parameter Multiple SQL Injection Vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
513611: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513611
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: glpi
Version: 0.71.2-2
Severity: grave
Tags: security
Justification: user security hole
Hi!
glpi versions prior to 0.71.4 are affected by a SQL injection vulnerability.
See the upstream announce [1] and SecurityFocus [2].
[1] http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en
[2] http://www.securityfocus.com/bid/33477
Thank you very much!
Best regards,
Nelson
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.28.2-naoliv1 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: glpi
Source-Version: 0.71.5-1
We believe that the bug you reported is fixed in the latest version of
glpi, which is due to be installed in the Debian FTP archive:
glpi_0.71.5-1.diff.gz
to pool/main/g/glpi/glpi_0.71.5-1.diff.gz
glpi_0.71.5-1.dsc
to pool/main/g/glpi/glpi_0.71.5-1.dsc
glpi_0.71.5-1_all.deb
to pool/main/g/glpi/glpi_0.71.5-1_all.deb
glpi_0.71.5.orig.tar.gz
to pool/main/g/glpi/glpi_0.71.5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 513...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Chifflier <pol...@debian.org> (supplier of updated glpi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 01 Feb 2009 18:00:16 +0100
Source: glpi
Binary: glpi
Architecture: source all
Version: 0.71.5-1
Distribution: unstable
Urgency: high
Maintainer: Pierre Chifflier <pol...@debian.org>
Changed-By: Pierre Chifflier <pol...@debian.org>
Description:
glpi - IT and Asset management software
Closes: 513611
Changes:
glpi (0.71.5-1) unstable; urgency=high
.
* New upstream release
* Security: fix SQL injection in ID field (Closes: #513611)
* Urgency high due to security fix.
Checksums-Sha1:
284ad973d6a9b75dc777a5a8218a2e28e29046a1 925 glpi_0.71.5-1.dsc
005ec355bb1f2057382ecd44a9a67b8915956163 2022076 glpi_0.71.5.orig.tar.gz
1098b8c18634788aae66ffd18349ce43915e4b97 10308 glpi_0.71.5-1.diff.gz
7460e680e5d612f9b43466f136dbf0d45ebfabe2 2011512 glpi_0.71.5-1_all.deb
Checksums-Sha256:
3bfac565893268de828522dbabc7fcfb079d44bad476f45b3ba079da829a3363 925
glpi_0.71.5-1.dsc
bbf21d2456389dc1758df667a002c9bd789a379561285bd506183c51290e18ef 2022076
glpi_0.71.5.orig.tar.gz
1daec693d2a59eeab555502d2db8296c7de0b96f08183dc5b9069a36e4994ff1 10308
glpi_0.71.5-1.diff.gz
483c14b522454c5df93bc2f4e778731d1dff4c5b3c03363c8ab6d6b137605c42 2011512
glpi_0.71.5-1_all.deb
Files:
a5f2965e91fa43789e0cf5aefcbbdf9d 925 web optional glpi_0.71.5-1.dsc
033c223432e5eb77919a668e1807f2f7 2022076 web optional glpi_0.71.5.orig.tar.gz
d2df3c104e5e3a907d19abc6a30f1006 10308 web optional glpi_0.71.5-1.diff.gz
d2eb4c00ec2cf86c9933551bee42da1f 2011512 web optional glpi_0.71.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJhdcStwVrWo1fQMsRAjerAKDY8Xyn8kPsW0EbnH38fu/ueXeJYACgxijQ
06NsTG1c8+9etu2zoE2rGss=
=baes
-----END PGP SIGNATURE-----
--- End Message ---
