Your message dated Thu, 20 Dec 2007 19:54:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#441407: fixed in gallery2 2.1.2-2.0.etch.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gallery2
Version: 2.1.2-2
Severity: serious
Tags: security
Hi,
As you know Gallery 2.2.3 has been released which fixes several security bugs
in the WebDAV and Reupload modules. Could you please assess whether an update
for etch is necessary?
Also, please retroactively add CVE id CVE-2007-4650 to your changelog for
2.2.3-1.
As I see it, gallery 1.x is not affected, can you confirm that?
Thanks,
Thijs
pgpAeqvqEx1qp.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: gallery2
Source-Version: 2.1.2-2.0.etch.1
We believe that the bug you reported is fixed in the latest version of
gallery2, which is due to be installed in the Debian FTP archive:
gallery2_2.1.2-2.0.etch.1.diff.gz
to pool/main/g/gallery2/gallery2_2.1.2-2.0.etch.1.diff.gz
gallery2_2.1.2-2.0.etch.1.dsc
to pool/main/g/gallery2/gallery2_2.1.2-2.0.etch.1.dsc
gallery2_2.1.2-2.0.etch.1_all.deb
to pool/main/g/gallery2/gallery2_2.1.2-2.0.etch.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael C. Schultheiss <[EMAIL PROTECTED]> (supplier of updated gallery2
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 18 Oct 2007 13:45:29 +0000
Source: gallery2
Binary: gallery2
Architecture: source all
Version: 2.1.2-2.0.etch.1
Distribution: stable-security
Urgency: high
Maintainer: Michael C. Schultheiss <[EMAIL PROTECTED]>
Changed-By: Michael C. Schultheiss <[EMAIL PROTECTED]>
Description:
gallery2 - web-based photo album written in PHP
Closes: 441407
Changes:
gallery2 (2.1.2-2.0.etch.1) stable-security; urgency=high
.
* Fix multiple unspecified vulnerabilities that allowed attackers to
edit unspecified data files using "linked items" in the Reupload
module [CVE-2007-4650] (Closes: #441407)
Files:
1292cd38f037d14233c50c82f2656559 884 web optional gallery2_2.1.2-2.0.etch.1.dsc
0603fedf38581e11c27a78d451f2730f 9506000 web optional
gallery2_2.1.2.orig.tar.gz
96a6d2095129554de20e23203ff07cfa 17103 web optional
gallery2_2.1.2-2.0.etch.1.diff.gz
6292925bcfc5b35ef7c7493b0869019d 9623730 web optional
gallery2_2.1.2-2.0.etch.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRzGnIWz0hbPcukPfAQK9vggAnhFFRHlH0sL86RCGZhfykkpkbgNkzObc
duVK96lYYuKl7qFIBjdhPqjrkjwQ9Ihda1kby8mThp4o1D7eoiRIoqXaDIY8/XOx
OSGCrGLCH1I+Dc9Jw4wUkopHEyo9t6OCoVpU0FDupKSYviDec6ju/SElfQ2wIp85
zBT+FyNPX6jVvLkDRsw/kbmwWByf3sGFmGNo3dtcy63eKC9dGuB/g0W52cVG+dmx
TQN6dhyO3V8IbKeW+CndbjF/rPKFAkrqU4AFaxssT5inBGf771/TMBEb4UnrSySw
Ad+NKMjmYt8KCjhaIopoHAogoL80bCpd/wLjZ4ZzUrHFKNR77rcykQ==
=oddJ
-----END PGP SIGNATURE-----
--- End Message ---