Your message dated Wed, 21 Jul 2010 01:56:21 +0000
with message-id <e1oboxl-0006l6...@franck.debian.org>
and subject line Bug#588038: fixed in mlmmj 1.2.15-1.1+lenny1
has caused the Debian Bug report #588038,
regarding Directory traversal flaw by editing and saving list entries via
php-admin web interface
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
588038: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588038
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mlmmj
Severity: grave
Tags: security
Hi,
please see
http://www.openwall.com/lists/oss-security/2010/06/23/5
https://bugzilla.redhat.com/show_bug.cgi?id=607256
Proposed patch by upstream:
http://www.openwall.com/lists/oss-security/2010/06/26/1
This is CVE-2009-4896.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages mlmmj depends on:
ii dctrl-tools 2.14 Command-line tools to process Debi
ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy
ii exim4-daemon-light [mail-tran 4.71-4 lightweight Exim MTA (v4) daemon
ii libc6 2.10.2-9 Embedded GNU C Library: Shared lib
mlmmj recommends no packages.
Versions of packages mlmmj suggests:
pn mlmmj-php-web <none> (no description available)
pn mlmmj-php-web-admin <none> (no description available)
--- End Message ---
--- Begin Message ---
Source: mlmmj
Source-Version: 1.2.15-1.1+lenny1
We believe that the bug you reported is fixed in the latest version of
mlmmj, which is due to be installed in the Debian FTP archive:
mlmmj-php-web-admin_1.2.15-1.1+lenny1_all.deb
to main/m/mlmmj/mlmmj-php-web-admin_1.2.15-1.1+lenny1_all.deb
mlmmj-php-web_1.2.15-1.1+lenny1_all.deb
to main/m/mlmmj/mlmmj-php-web_1.2.15-1.1+lenny1_all.deb
mlmmj_1.2.15-1.1+lenny1.diff.gz
to main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1.diff.gz
mlmmj_1.2.15-1.1+lenny1.dsc
to main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1.dsc
mlmmj_1.2.15-1.1+lenny1_amd64.deb
to main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 588...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated mlmmj package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 17 Jul 2010 02:10:15 +0800
Source: mlmmj
Binary: mlmmj mlmmj-php-web mlmmj-php-web-admin
Architecture: source amd64 all
Version: 1.2.15-1.1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Daniel Walrond <deb...@djw.org.uk>
Changed-By: Thomas Goirand <z...@debian.org>
Description:
mlmmj - mail server independent mailing list manager
mlmmj-php-web - web interface for mlmmj, written in php
mlmmj-php-web-admin - administrative web interface for mlmmj, written in php
Closes: 588038
Changes:
mlmmj (1.2.15-1.1+lenny1) stable-security; urgency=high
.
* Non-maintainer QA upload.
* Fixes CVE-2009-4896 mlmmj-php-admin directory traversal (Closes: #588038).
Checksums-Sha1:
cdcb6ca061a9adeafdf566c7802e7a8144ec0e33 1027 mlmmj_1.2.15-1.1+lenny1.dsc
a15d25762b859059f47f274dee10e03107f885f4 211880 mlmmj_1.2.15.orig.tar.gz
8806086188c4effe88addc477f7062fa546a042e 89834 mlmmj_1.2.15-1.1+lenny1.diff.gz
cd46038fe59053c6e75897c5379d2c18e616521d 170808
mlmmj_1.2.15-1.1+lenny1_amd64.deb
9e34ee97125cf4bd4c2a52183635650a21aa3c15 27310
mlmmj-php-web_1.2.15-1.1+lenny1_all.deb
9779a5745a28de32036d540170be480b463e896a 34508
mlmmj-php-web-admin_1.2.15-1.1+lenny1_all.deb
Checksums-Sha256:
49bf2a8b566e9c07306754b5d4da01628ba1236e44f94df4333ad97a15494a13 1027
mlmmj_1.2.15-1.1+lenny1.dsc
d138bbb13d78cbf5e64bdf465277b69cb61acbb32922e3ef32bf0844531805c2 211880
mlmmj_1.2.15.orig.tar.gz
f6166c54802d54d6c164f0cbff603b4ec502ce4958be0e4dd67449c313a6e3bd 89834
mlmmj_1.2.15-1.1+lenny1.diff.gz
5abf9cbd6780b2cb35fa319bc62b11cf07e2fe5a36731bb8bba38b706a27d5e6 170808
mlmmj_1.2.15-1.1+lenny1_amd64.deb
4ea4d19eb28b05d69a0d49ed1689d3cca2cbecdb54ff05609bb2ad42fc345b51 27310
mlmmj-php-web_1.2.15-1.1+lenny1_all.deb
537804b0dfc0ef9022fcdef9148018b0d4a5b9505c6050a506f63fc892a2f84f 34508
mlmmj-php-web-admin_1.2.15-1.1+lenny1_all.deb
Files:
8b375467bc41396da40532a6d96ddc1f 1027 mail optional mlmmj_1.2.15-1.1+lenny1.dsc
da0c43e8767fa9c5460305489f3a2337 211880 mail optional mlmmj_1.2.15.orig.tar.gz
e6f785cf58c2c6c1705724558a8020a3 89834 mail optional
mlmmj_1.2.15-1.1+lenny1.diff.gz
aa14efc2c2ef5df5a40f4e6484f59d17 170808 mail optional
mlmmj_1.2.15-1.1+lenny1_amd64.deb
57e04f940837fa2d7dfdb8f245f21e84 27310 mail optional
mlmmj-php-web_1.2.15-1.1+lenny1_all.deb
c11ff6b4a1b288ed348918324485cc43 34508 mail optional
mlmmj-php-web-admin_1.2.15-1.1+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkxDLqYACgkQl4M9yZjvmkkWyQCfUVCeuEYcnNzYv/fmTVtquZUP
A4AAniKIQGunJcJG+dL+PxREPZ0X7TbF
=9ftA
-----END PGP SIGNATURE-----
--- End Message ---
