** Changed in: debian
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/292923
Title:
CVE-2008-4796: missing input sanitising
To manage notifications
** Branch linked: lp:~ubuntu-branches/ubuntu/hardy/libphp-snoopy/hardy-
security
** Branch linked: lp:~ubuntu-branches/ubuntu/intrepid/libphp-snoopy
/intrepid-security
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You received this bug notification because
This bug was fixed in the package libphp-snoopy - 1.2.3-1ubuntu0.1
---
libphp-snoopy (1.2.3-1ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: execute arbitrary commands via shell metacharacters in
https URLs (LP: #292923)
- changed Snoopy.class.php with patch from
Thanks for the hardy debdiff! I updated your changelog to include the
-security pocket, and it is building now. It should be published
shortly in the archive.
** Changed in: libphp-snoopy (Ubuntu Hardy)
Assignee: (unassigned) = Kees Cook (kees)
Status: In Progress = Fix Committed
Here is the debdiff for hardy.
I did the same work for hardy too and i tried to build it, once built, i
installed it in a pbuilder environment and then i checked that the patch
got applied.
** Attachment added: libphp-snoopy_1.2.3-1ubuntu0.1-hardy.debdiff
(Vicenzo: You should still test that it builds correctly -if possible in
a chroot, see http://bloc.eurion.net/archives/2009/test-build-debian-
packages/- and installs correctly and the fix is really there; this
should always be done. I was only answering to the fragment you quoted,
as in that I'll
I setup a intrepid pbuilder environment, i make it compile the package
and install it, then with an editor i verified that the patch got
applied this time...
The packages compiles and installs for me in a clean environment.
--
CVE-2008-4796: missing input sanitising
Thanks for the debdiff Vincenzo, the intrepid package is building now
and will be released soon.
** Changed in: libphp-snoopy (Ubuntu Intrepid)
Status: In Progress = Fix Committed
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You received this bug
This bug was fixed in the package libphp-snoopy - 1.2.3-2ubuntu0.1
---
libphp-snoopy (1.2.3-2ubuntu0.1) intrepid-security; urgency=low
* SECURITY UPDATE: execute arbitrary commands via shell metacharacters in
https URLs (LP: #292923)
- changed Snoopy.class.php with patch from
Attached is a new debdiff, it should be ok this time
As you can see the patch gets applied now:
make[1]: Leaving directory
`/home/goshawk/Documents/Projects/MOTU/libphp-snoopy/libphp-snoopy-1.2.3'
if [ debian/stamp-patched = reverse-patches ]; then rm -f
** Changed in: libphp-snoopy (Ubuntu Intrepid)
Status: Triaged = In Progress
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing
Thanks for the updated debdiff Vincenzo. Here are my comments:
- The patch doesn't actually get applied when the package is build. You need to
modify the debian/rules file. See:
https://wiki.ubuntu.com/PackagingGuide/PatchSystems
- The patch isn't tagged. Please tag it according to:
Here is the diff.tar.gz you have requested according with
SecurityUpdateProcedures.
If there is something wrong please tell me that i'll fix it.
About the QA regression testing i spoke with rainct and he said:
I guess you can skip that, considering that the fix comes from
upstream, that the new
sorry, as rainct suggested to me here is a debdiff.
** Attachment added: libphp-snoopy_1.2.3-2ubuntu0.1.debdiff
http://launchpadlibrarian.net/23225847/libphp-snoopy_1.2.3-2ubuntu0.1.debdiff
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You received this
sorry, as rainct suggested to me here is a debdiff.
** Attachment added: libphp-snoopy_1.2.3-2ubuntu0.1.debdiff
http://launchpadlibrarian.net/23225849/libphp-snoopy_1.2.3-2ubuntu0.1.debdiff
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You received this
Sorry, that debdiff and the diff.gz were wrong due a problem in the
control file, here is the right one (i hope)
** Attachment added: libphp-snoopy_1.2.3-2ubuntu0.1.debdiff
http://launchpadlibrarian.net/23225957/libphp-snoopy_1.2.3-2ubuntu0.1.debdiff
--
CVE-2008-4796: missing input
** Changed in: libphp-snoopy (Ubuntu Intrepid)
Assignee: Vincenzo Ampolo (vincenzo-ampolo) = (unassigned)
Status: In Progress = Triaged
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You received this bug notification because you are a member of
** Changed in: libphp-snoopy (Ubuntu Hardy)
Status: New = Confirmed
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
Vincenzo, thank you for your work on this, however I cannot process your
patch for Intrepid, because we do not do full version upgrades for
security patches in Ubuntu. Instead, we backport fixes to the version in
the release version of Ubuntu. Perhaps you could prepare debdiffs to fix
this by
** Changed in: libphp-snoopy (Ubuntu)
Assignee: Vincenzo Ampolo (vincenzo-ampolo) = (unassigned)
Status: In Progress = Fix Released
** Changed in: libphp-snoopy (Ubuntu Intrepid)
Assignee: (unassigned) = Vincenzo Ampolo (vincenzo-ampolo)
Status: New = In Progress
--
I've updated the bug tasks. The main one is now Fix released as Jaunty
has the new version with the security fix, and I've added a task for
Intrepid and one for Hardy as they both have the same affected version.
I guess the revision for Intrepid can also be uploaded to Hardy, as the
only
Trying to setup a Security update to version 1.2.4
** Changed in: libphp-snoopy (Ubuntu)
Assignee: (unassigned) = Vincenzo Ampolo (vincenzo-ampolo)
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You received this bug notification because you are a member
Changes between 1.2.3 and 1.2.4 . 1.2.4 seems to be a major version
update
** Attachment added: version1.2.3-1.2.4.patch
http://launchpadlibrarian.net/22962716/version1.2.3-1.2.4.patch
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4796
--
CVE-2008-4796: missing input
diff for intrepid, in jaunty there is already the 1.2.4 version, which
has the fix
** Attachment added: libphp-snoopy_1.2.4-1.diff.gz
http://launchpadlibrarian.net/22962935/libphp-snoopy_1.2.4-1.diff.gz
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You
Waiting for ubuntu-security review
** Changed in: libphp-snoopy (Ubuntu)
Status: Confirmed = In Progress
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct
** Changed in: libphp-snoopy (Ubuntu)
Status: New = Confirmed
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
** Visibility changed to: Public
--
CVE-2008-4796: missing input sanitising
https://bugs.launchpad.net/bugs/292923
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
27 matches
Mail list logo
