Your message dated Thu, 06 Nov 2008 22:32:09 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504681: fixed in pgfouine 1.0-1.1
has caused the Debian Bug report #504681,
regarding SA32559: GeSHi Unspecified Code Execution Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
504681: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504681
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: pgfouine
Severity: grave
Version: 0.7-1
Tags: security
Hi,
The following SA (Secunia Advisory) id was published for GeSHi, which affects
the embedded copy in pgfouine[0].
SA32559[1]:
> A vulnerability has been reported in GeSHI, which can potentially be
> exploited by malicious people to compromise a vulnerable system.
>
> The vulnerability is caused due to an unspecified error, which may allow
> execution of arbitrary code on an affected system.
>
> The vulnerability is reported in versions prior to 1.0.8.1.
It would be great if pgfouine just depended on php-geshi (also available in
etch) and the include/require calls changed to use the copy provided by that
package, to avoid shipping yet another embedded code copy.
If you fix the vulnerability please also make sure to include the SA id in the
changelog entry.
[0]usr/share/pgfouine/include/reporting/geshi/geshi.php
[1]http://secunia.com/Advisories/32559/
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: pgfouine
Source-Version: 1.0-1.1
We believe that the bug you reported is fixed in the latest version of
pgfouine, which is due to be installed in the Debian FTP archive:
pgfouine_1.0-1.1.diff.gz
to pool/main/p/pgfouine/pgfouine_1.0-1.1.diff.gz
pgfouine_1.0-1.1.dsc
to pool/main/p/pgfouine/pgfouine_1.0-1.1.dsc
pgfouine_1.0-1.1_all.deb
to pool/main/p/pgfouine/pgfouine_1.0-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Barry deFreese <[EMAIL PROTECTED]> (supplier of updated pgfouine package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 06 Nov 2008 16:50:59 -0500
Source: pgfouine
Binary: pgfouine
Architecture: source all
Version: 1.0-1.1
Distribution: unstable
Urgency: low
Maintainer: Clément Stenac <[EMAIL PROTECTED]>
Changed-By: Barry deFreese <[EMAIL PROTECTED]>
Description:
pgfouine - PostgreSQL log analyzer
Closes: 504681
Changes:
pgfouine (1.0-1.1) unstable; urgency=low
.
* Non-maintainer upload.
* 30-use-php-gesi. Use php-gesi. (Closes: #504681).
+ Thanks to Marcos Marado for the patch.
* Remove .pc dir on clean.
* Remove binary-arch commands as package is binary-indep.
* Remove unnecessary linda override file.
* Bump Standards Version to 3.8.0. (No changes needed).
Checksums-Sha1:
5f892358ef438c7f735875486efedfc1e5b3f893 953 pgfouine_1.0-1.1.dsc
1fe3a4afbc50a511e45a493b9e718a4333bd69bf 5403 pgfouine_1.0-1.1.diff.gz
6e662ee100e8df9f876310039e743a6e66804e77 181164 pgfouine_1.0-1.1_all.deb
Checksums-Sha256:
cb023501e19b73a3d7b6cb2f6cf6ea7839c1376c9ce897f694fc8b7ba827a7bd 953
pgfouine_1.0-1.1.dsc
01c22c9304a10e89ae7f4c1846dd53d5190804a21f8a674c573e75a8fe43d80a 5403
pgfouine_1.0-1.1.diff.gz
7ecc89d5a1e17d58ceee62754727c80712daac2103be8d6df7e8a752e9bf4e2c 181164
pgfouine_1.0-1.1_all.deb
Files:
d592f43cf7fb3415a9a03fd4c30c34ee 953 misc optional pgfouine_1.0-1.1.dsc
0e162647ba055a35faedb50876591ad4 5403 misc optional pgfouine_1.0-1.1.diff.gz
0aab02db3d7c19586683334af1d49afd 181164 misc optional pgfouine_1.0-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkTbgQACgkQ5ItltUs5T35tnwCgxpUlI7kJb35ntqplb9yvnRNQ
vgYAoIVmcXzVOw3H6Si3P2k0t8jP4McD
=ZlBv
-----END PGP SIGNATURE-----
--- End Message ---
