Your message dated Sun, 24 Jun 2012 09:47:34 +0000
with message-id <e1sijpq-0004bs...@franck.debian.org>
and subject line Bug#678737: fixed in extplorer 2.1.0b6+dfsg.3-3
has caused the Debian Bug report #678737,
regarding Cross site request forgery
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
678737: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678737
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: extplorer
Severity: grave
As per:
http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-site.Request.Forgery_174.html
there's a CSRF security issue in eXtplorer.
Patch is on its way, I'm just opening a bug report to track it.
Thomas
--- End Message ---
--- Begin Message ---
Source: extplorer
Source-Version: 2.1.0b6+dfsg.3-3
We believe that the bug you reported is fixed in the latest version of
extplorer, which is due to be installed in the Debian FTP archive:
extplorer_2.1.0b6+dfsg.3-3.debian.tar.gz
to main/e/extplorer/extplorer_2.1.0b6+dfsg.3-3.debian.tar.gz
extplorer_2.1.0b6+dfsg.3-3.dsc
to main/e/extplorer/extplorer_2.1.0b6+dfsg.3-3.dsc
extplorer_2.1.0b6+dfsg.3-3_all.deb
to main/e/extplorer/extplorer_2.1.0b6+dfsg.3-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 678...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated extplorer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 22 Jun 2012 13:48:15 +0000
Source: extplorer
Binary: extplorer
Architecture: source all
Version: 2.1.0b6+dfsg.3-3
Distribution: unstable
Urgency: high
Maintainer: Thomas Goirand <z...@debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description:
extplorer - web file explorer and manager using Ext JS
Closes: 678737
Changes:
extplorer (2.1.0b6+dfsg.3-3) unstable; urgency=high
.
* Fixes an Cross Site Request forgery security problem if user is logged
by applyting upstream patch (Closes: #678737).
* Bumps to compat level 8 and debhelper 8.
* Added build-arch and build-indep targets in debian/rules.
* Standards-Version is now 3.9.3.
* Now uses format 1.0 for debian/copyright.
* Removed leading article in short desc.
Checksums-Sha1:
8c2a02dcf59b09d428594b08f65bb9f289587005 1259 extplorer_2.1.0b6+dfsg.3-3.dsc
6d711f234f04ef6cbe35bf7de0f23ef97f390df5 10398
extplorer_2.1.0b6+dfsg.3-3.debian.tar.gz
442d15ef192f4499b2634d6ad1458422ce276e4e 351832
extplorer_2.1.0b6+dfsg.3-3_all.deb
Checksums-Sha256:
3b05132d27335b7f087438f098e223c4325728e3f58f5de4d0d0364ee9647ed1 1259
extplorer_2.1.0b6+dfsg.3-3.dsc
2701fddb0cce5890853601caab57adb05797392d472159f06b802633da47989e 10398
extplorer_2.1.0b6+dfsg.3-3.debian.tar.gz
47f622f6b237b472a33295fdba53286bf8bc14b6200fc7fd377bbad4a862f4eb 351832
extplorer_2.1.0b6+dfsg.3-3_all.deb
Files:
96c4fdb9f7882cbdeebcff96b5124e75 1259 web optional
extplorer_2.1.0b6+dfsg.3-3.dsc
bec2a803aa70695a4fd30a971942bf10 10398 web optional
extplorer_2.1.0b6+dfsg.3-3.debian.tar.gz
8b9d4538cee113c0a00dc2d8ffa53d07 351832 web optional
extplorer_2.1.0b6+dfsg.3-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk/m4NAACgkQl4M9yZjvmkkw+gCeJSjW9/vgpTznQEAStz0z0PfI
6n8AoI2HOpYXJ6H4wBfYOwHvxmjHtgJW
=TmU+
-----END PGP SIGNATURE-----
--- End Message ---
