Bug#778669: marked as done (mediatomb allows anyone to browse and export the whole filesystem)
Your message dated Thu, 30 Jul 2015 21:18:39 + with message-id e1zkvdr-0003ym...@franck.debian.org and subject line Bug#778669: fixed in mediatomb 0.12.1-4+deb7u1 has caused the Debian Bug report #778669, regarding mediatomb allows anyone to browse and export the whole filesystem to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 778669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778669 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: mediatomb-daemon Version: 0.12.1-4 Severity: grave Tag: security This is a regression of the bug that was fixed in #580120, but somehow the patch applied got revert. Anyone can list and download all the file accessible to the mediatomb user via the daemon web interface, which is binded to 0.0.0.0 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580120 -- Olivier Lê Thanh Duong oliv...@lethanh.be ---End Message--- ---BeginMessage--- Source: mediatomb Source-Version: 0.12.1-4+deb7u1 We believe that the bug you reported is fixed in the latest version of mediatomb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 778...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Miguel A. Colón Vélez debian.mic...@gmail.com (supplier of updated mediatomb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 28 Jul 2015 12:13:10 -0400 Source: mediatomb Binary: mediatomb-common mediatomb-daemon mediatomb mediatomb-dbg Architecture: source amd64 all Version: 0.12.1-4+deb7u1 Distribution: oldstable Urgency: high Maintainer: Debian multimedia packages maintainers pkg-multimedia-maintainers@lists.alioth.debian.org Changed-By: Miguel A. Colón Vélez debian.mic...@gmail.com Description: mediatomb - UPnP MediaServer (main package) mediatomb-common - UPnP MediaServer (base package) mediatomb-daemon - UPnP MediaServer (daemon package) mediatomb-dbg - UPnP MediaServer (debug package) Closes: 580120 778669 Changes: mediatomb (0.12.1-4+deb7u1) oldstable; urgency=high . * Backport fix for #580120, #778669 from 0.12.1-47-g7ab7616-1 and 0.12.0~svn2018-6.1 to wheezy. . [ IOhannes m zmölnig ] * Disabled User-Interface by default. (Closes: #580120, #778669) Checksums-Sha1: 8530e03865ad66e2faf6c7bc16503be49cd645d2 2478 mediatomb_0.12.1-4+deb7u1.dsc 70bdd03f026fc51891db36c1df95fb87adcaa4ea 32002 mediatomb_0.12.1-4+deb7u1.debian.tar.gz 5987ee60de03cd28c260a4f557fc647c4598c69f 951164 mediatomb-common_0.12.1-4+deb7u1_amd64.deb fb6f8848b5e16fd9b999b4dab31aaf29bd49d268 26526 mediatomb-daemon_0.12.1-4+deb7u1_all.deb eb5d85f8b31abacac9487d47f7ebb200f27d0024 23878 mediatomb_0.12.1-4+deb7u1_all.deb 17fb61a65a0f38b9f6d887d501ab7423881e6f24 2828800 mediatomb-dbg_0.12.1-4+deb7u1_amd64.deb Checksums-Sha256: 9df31bcf91f7b84c29996ddc350eef8a6e3ad6887ffab72b09cdf5e76a9c34a9 2478 mediatomb_0.12.1-4+deb7u1.dsc ad55cbc72b17771e52d1303bb27c1ec0449d3ef233a322f1d4d34e32e288a616 32002 mediatomb_0.12.1-4+deb7u1.debian.tar.gz e96c727486fb60ca1484d25c235297ac94411975f6058a21be4906a18b68ac8e 951164 mediatomb-common_0.12.1-4+deb7u1_amd64.deb 9da4b37affe8a22633519173c05ef90d6dcdaa34e690d3a1f098a8457fca58a2 26526 mediatomb-daemon_0.12.1-4+deb7u1_all.deb 91358679f4ccc55981e2b267765a4708e45a5260ca387bbaafc0986676ba7134 23878 mediatomb_0.12.1-4+deb7u1_all.deb a8acbec58834895510fd4fe42bd328bcd9c0fbb89a1d0c59bb264fd6cd344963 2828800 mediatomb-dbg_0.12.1-4+deb7u1_amd64.deb Files: e85f16fb949ff31bf4540b11cafbaa1d 2478 net optional mediatomb_0.12.1-4+deb7u1.dsc 3d67958f6ad83fa7c404d9d60d8b740e 32002 net optional mediatomb_0.12.1-4+deb7u1.debian.tar.gz 625012e55dee9f864962792bf78b31a5 951164 net optional mediatomb-common_0.12.1-4+deb7u1_amd64.deb 0c2dc0f3b88d0e782a236ec9bb35f38e 26526 net optional mediatomb-daemon_0.12.1-4+deb7u1_all.deb 99cb1a0a942beab0193750d96f077435 23878 net optional mediatomb_0.12.1-4+deb7u1_all.deb 083099a7bc56fa801ac752a0fedfd65d 2828800 debug extra mediatomb-dbg_0.12.1-4+deb7u1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJVuFDpAAoJEOikiuUxHXZaMPwP/2KLOZZyPYxu7LXQtVfVOT/M
Bug#778669: marked as done (mediatomb allows anyone to browse and export the whole filesystem)
Your message dated Thu, 30 Jul 2015 21:18:39 + with message-id e1zkvdr-0003yg...@franck.debian.org and subject line Bug#580120: fixed in mediatomb 0.12.1-4+deb7u1 has caused the Debian Bug report #580120, regarding mediatomb allows anyone to browse and export the whole filesystem to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 580120: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580120 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: mediatomb-daemon Version: 0.12.1-4 Severity: grave Tag: security This is a regression of the bug that was fixed in #580120, but somehow the patch applied got revert. Anyone can list and download all the file accessible to the mediatomb user via the daemon web interface, which is binded to 0.0.0.0 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580120 -- Olivier Lê Thanh Duong oliv...@lethanh.be ---End Message--- ---BeginMessage--- Source: mediatomb Source-Version: 0.12.1-4+deb7u1 We believe that the bug you reported is fixed in the latest version of mediatomb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 580...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Miguel A. Colón Vélez debian.mic...@gmail.com (supplier of updated mediatomb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 28 Jul 2015 12:13:10 -0400 Source: mediatomb Binary: mediatomb-common mediatomb-daemon mediatomb mediatomb-dbg Architecture: source amd64 all Version: 0.12.1-4+deb7u1 Distribution: oldstable Urgency: high Maintainer: Debian multimedia packages maintainers pkg-multimedia-maintainers@lists.alioth.debian.org Changed-By: Miguel A. Colón Vélez debian.mic...@gmail.com Description: mediatomb - UPnP MediaServer (main package) mediatomb-common - UPnP MediaServer (base package) mediatomb-daemon - UPnP MediaServer (daemon package) mediatomb-dbg - UPnP MediaServer (debug package) Closes: 580120 778669 Changes: mediatomb (0.12.1-4+deb7u1) oldstable; urgency=high . * Backport fix for #580120, #778669 from 0.12.1-47-g7ab7616-1 and 0.12.0~svn2018-6.1 to wheezy. . [ IOhannes m zmölnig ] * Disabled User-Interface by default. (Closes: #580120, #778669) Checksums-Sha1: 8530e03865ad66e2faf6c7bc16503be49cd645d2 2478 mediatomb_0.12.1-4+deb7u1.dsc 70bdd03f026fc51891db36c1df95fb87adcaa4ea 32002 mediatomb_0.12.1-4+deb7u1.debian.tar.gz 5987ee60de03cd28c260a4f557fc647c4598c69f 951164 mediatomb-common_0.12.1-4+deb7u1_amd64.deb fb6f8848b5e16fd9b999b4dab31aaf29bd49d268 26526 mediatomb-daemon_0.12.1-4+deb7u1_all.deb eb5d85f8b31abacac9487d47f7ebb200f27d0024 23878 mediatomb_0.12.1-4+deb7u1_all.deb 17fb61a65a0f38b9f6d887d501ab7423881e6f24 2828800 mediatomb-dbg_0.12.1-4+deb7u1_amd64.deb Checksums-Sha256: 9df31bcf91f7b84c29996ddc350eef8a6e3ad6887ffab72b09cdf5e76a9c34a9 2478 mediatomb_0.12.1-4+deb7u1.dsc ad55cbc72b17771e52d1303bb27c1ec0449d3ef233a322f1d4d34e32e288a616 32002 mediatomb_0.12.1-4+deb7u1.debian.tar.gz e96c727486fb60ca1484d25c235297ac94411975f6058a21be4906a18b68ac8e 951164 mediatomb-common_0.12.1-4+deb7u1_amd64.deb 9da4b37affe8a22633519173c05ef90d6dcdaa34e690d3a1f098a8457fca58a2 26526 mediatomb-daemon_0.12.1-4+deb7u1_all.deb 91358679f4ccc55981e2b267765a4708e45a5260ca387bbaafc0986676ba7134 23878 mediatomb_0.12.1-4+deb7u1_all.deb a8acbec58834895510fd4fe42bd328bcd9c0fbb89a1d0c59bb264fd6cd344963 2828800 mediatomb-dbg_0.12.1-4+deb7u1_amd64.deb Files: e85f16fb949ff31bf4540b11cafbaa1d 2478 net optional mediatomb_0.12.1-4+deb7u1.dsc 3d67958f6ad83fa7c404d9d60d8b740e 32002 net optional mediatomb_0.12.1-4+deb7u1.debian.tar.gz 625012e55dee9f864962792bf78b31a5 951164 net optional mediatomb-common_0.12.1-4+deb7u1_amd64.deb 0c2dc0f3b88d0e782a236ec9bb35f38e 26526 net optional mediatomb-daemon_0.12.1-4+deb7u1_all.deb 99cb1a0a942beab0193750d96f077435 23878 net optional mediatomb_0.12.1-4+deb7u1_all.deb 083099a7bc56fa801ac752a0fedfd65d 2828800 debug extra mediatomb-dbg_0.12.1-4+deb7u1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJVuFDpAAoJEOikiuUxHXZaMPwP/2KLOZZyPYxu7LXQtVfVOT/M
Bug#778669: marked as done (mediatomb allows anyone to browse and export the whole filesystem)
Your message dated Mon, 13 Jul 2015 18:04:36 + with message-id e1zei5k-0006oy...@franck.debian.org and subject line Bug#580120: fixed in mediatomb 0.12.1-47-g7ab7616-1 has caused the Debian Bug report #580120, regarding mediatomb allows anyone to browse and export the whole filesystem to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 580120: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580120 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: mediatomb-daemon Version: 0.12.1-4 Severity: grave Tag: security This is a regression of the bug that was fixed in #580120, but somehow the patch applied got revert. Anyone can list and download all the file accessible to the mediatomb user via the daemon web interface, which is binded to 0.0.0.0 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580120 -- Olivier Lê Thanh Duong oliv...@lethanh.be ---End Message--- ---BeginMessage--- Source: mediatomb Source-Version: 0.12.1-47-g7ab7616-1 We believe that the bug you reported is fixed in the latest version of mediatomb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 580...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hector Oron zu...@debian.org (supplier of updated mediatomb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 13 Jul 2015 19:41:42 +0200 Source: mediatomb Binary: mediatomb-common mediatomb-daemon mediatomb mediatomb-dbg Architecture: source i386 all Version: 0.12.1-47-g7ab7616-1 Distribution: unstable Urgency: medium Maintainer: Debian multimedia packages maintainers pkg-multimedia-maintainers@lists.alioth.debian.org Changed-By: Hector Oron zu...@debian.org Description: mediatomb - UPnP MediaServer (main package) mediatomb-common - UPnP MediaServer (base package) mediatomb-daemon - UPnP MediaServer (daemon package) mediatomb-dbg - UPnP MediaServer (debug package) Closes: 580120 730391 778669 Changes: mediatomb (0.12.1-47-g7ab7616-1) unstable; urgency=medium . [ Miguel A. Colón Vélez ] * New upstream snapshot. - Added subtitle support for Samsung devices. (Closes: #730391) * debian/control: - Build depend on pkg-config to fix FTBFS. - Explicitly build depend on libavutil-dev. - Bump libav requirement to 10. - Build depend on libflac-dev to enable FLAC metadata extraction. - Build depend on uuid-dev to use the system's libuuid. * debian/patches: - Refresh and update all patches. - Use a more robust patch for building wih libmp4v2. - Revert an upstream commit to fix building with libmp4v2. - Drop internal libuuid and use the system's libuuid. - Drop patches that were fixed upstream: + 0005_buffer_overrun_999hours.patch + 0006a_js_1.8_support.patch + 0006b_js_parse.patch + 0006c_js_copyObject.patch + 0007_libmozjs185_support.patch + 0008a_gcc_4.6_support.patch + 0008b_gcc_4.7_support.patch + 0009a_libav_0.7_support.patch + 0011_libav_9_support.patch + 0012_remove_absolute_paths.patch * debian/rules: - Create a get-orig-source-target to obtain the upstream source. - Add --disable-silent-rules for compiler-flags-hidden. - Remove --disable-libextractor. (deprecated) - Use --disable-lastfm instead of --disable-lastfmlib. * Remove myself as uploader. . [ IOhannes m zmölnig ] * Disabled User-Interface by default. (Closes: #580120, #778669) * Add notification in NEWS/README.Debian about the disabled user-interface. Checksums-Sha1: 3e8f982ed8634668856078c7a8af884e4499a761 2580 mediatomb_0.12.1-47-g7ab7616-1.dsc c1a89a870a4a59c95fa838597d55f3dedc509fef 2004776 mediatomb_0.12.1-47-g7ab7616.orig.tar.xz 84e0343d2770caa6beabd91ca9ebff61c8ccd4ee 41896 mediatomb_0.12.1-47-g7ab7616-1.debian.tar.xz 1afce2b4f0e967fcbe05e45637d2ed5e09990143 820580 mediatomb-common_0.12.1-47-g7ab7616-1_i386.deb 2d0b1c0b604de1539a519fac2635088336dd7ae3 27400 mediatomb-daemon_0.12.1-47-g7ab7616-1_all.deb 8cf568c3cef1b3bd2d2a7d175047dbf06a79896f 2575442 mediatomb-dbg_0.12.1-47-g7ab7616-1_i386.deb
Bug#778669: marked as done (mediatomb allows anyone to browse and export the whole filesystem)
Your message dated Mon, 13 Jul 2015 18:04:36 + with message-id e1zei5k-0006pa...@franck.debian.org and subject line Bug#778669: fixed in mediatomb 0.12.1-47-g7ab7616-1 has caused the Debian Bug report #778669, regarding mediatomb allows anyone to browse and export the whole filesystem to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 778669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778669 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: mediatomb-daemon Version: 0.12.1-4 Severity: grave Tag: security This is a regression of the bug that was fixed in #580120, but somehow the patch applied got revert. Anyone can list and download all the file accessible to the mediatomb user via the daemon web interface, which is binded to 0.0.0.0 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580120 -- Olivier Lê Thanh Duong oliv...@lethanh.be ---End Message--- ---BeginMessage--- Source: mediatomb Source-Version: 0.12.1-47-g7ab7616-1 We believe that the bug you reported is fixed in the latest version of mediatomb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 778...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hector Oron zu...@debian.org (supplier of updated mediatomb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 13 Jul 2015 19:41:42 +0200 Source: mediatomb Binary: mediatomb-common mediatomb-daemon mediatomb mediatomb-dbg Architecture: source i386 all Version: 0.12.1-47-g7ab7616-1 Distribution: unstable Urgency: medium Maintainer: Debian multimedia packages maintainers pkg-multimedia-maintainers@lists.alioth.debian.org Changed-By: Hector Oron zu...@debian.org Description: mediatomb - UPnP MediaServer (main package) mediatomb-common - UPnP MediaServer (base package) mediatomb-daemon - UPnP MediaServer (daemon package) mediatomb-dbg - UPnP MediaServer (debug package) Closes: 580120 730391 778669 Changes: mediatomb (0.12.1-47-g7ab7616-1) unstable; urgency=medium . [ Miguel A. Colón Vélez ] * New upstream snapshot. - Added subtitle support for Samsung devices. (Closes: #730391) * debian/control: - Build depend on pkg-config to fix FTBFS. - Explicitly build depend on libavutil-dev. - Bump libav requirement to 10. - Build depend on libflac-dev to enable FLAC metadata extraction. - Build depend on uuid-dev to use the system's libuuid. * debian/patches: - Refresh and update all patches. - Use a more robust patch for building wih libmp4v2. - Revert an upstream commit to fix building with libmp4v2. - Drop internal libuuid and use the system's libuuid. - Drop patches that were fixed upstream: + 0005_buffer_overrun_999hours.patch + 0006a_js_1.8_support.patch + 0006b_js_parse.patch + 0006c_js_copyObject.patch + 0007_libmozjs185_support.patch + 0008a_gcc_4.6_support.patch + 0008b_gcc_4.7_support.patch + 0009a_libav_0.7_support.patch + 0011_libav_9_support.patch + 0012_remove_absolute_paths.patch * debian/rules: - Create a get-orig-source-target to obtain the upstream source. - Add --disable-silent-rules for compiler-flags-hidden. - Remove --disable-libextractor. (deprecated) - Use --disable-lastfm instead of --disable-lastfmlib. * Remove myself as uploader. . [ IOhannes m zmölnig ] * Disabled User-Interface by default. (Closes: #580120, #778669) * Add notification in NEWS/README.Debian about the disabled user-interface. Checksums-Sha1: 3e8f982ed8634668856078c7a8af884e4499a761 2580 mediatomb_0.12.1-47-g7ab7616-1.dsc c1a89a870a4a59c95fa838597d55f3dedc509fef 2004776 mediatomb_0.12.1-47-g7ab7616.orig.tar.xz 84e0343d2770caa6beabd91ca9ebff61c8ccd4ee 41896 mediatomb_0.12.1-47-g7ab7616-1.debian.tar.xz 1afce2b4f0e967fcbe05e45637d2ed5e09990143 820580 mediatomb-common_0.12.1-47-g7ab7616-1_i386.deb 2d0b1c0b604de1539a519fac2635088336dd7ae3 27400 mediatomb-daemon_0.12.1-47-g7ab7616-1_all.deb 8cf568c3cef1b3bd2d2a7d175047dbf06a79896f 2575442 mediatomb-dbg_0.12.1-47-g7ab7616-1_i386.deb