Your message dated Sat, 25 Aug 2012 13:17:37 +0000 with message-id <e1t5gf7-0006e3...@franck.debian.org> and subject line Bug#685324: fixed in geshi 1.0.8.4-2 has caused the Debian Bug report #685324, regarding Local File Inclusion Vulnerability in contrib script to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 685324: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685324 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: php-geshi Version: 1.0.8.4-1 Severity: serious Tags: security upstream GeSHi 1.0.8.11 closes a local file inclusion vulnerability present in one of the contrib scripts provided in the GeSHi distribution. The bug has been present for at least 1.0.8.4 (and maybe even longer). Please upgrade the php-geshi package to latest upstream. Regards, upstream. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages php-geshi depends on: ii php5 5.4.4-4 ii php5-cli 5.4.4-4 php-geshi recommends no packages. php-geshi suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: geshi Source-Version: 1.0.8.4-2 We believe that the bug you reported is fixed in the latest version of geshi, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 685...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jan Dittberner <ja...@debian.org> (supplier of updated geshi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 25 Aug 2012 14:55:54 +0200 Source: geshi Binary: php-geshi Architecture: source all Version: 1.0.8.4-2 Distribution: unstable Urgency: low Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-de...@lists.alioth.debian.org> Changed-By: Jan Dittberner <ja...@debian.org> Description: php-geshi - Generic Syntax Highlighter Closes: 685324 Changes: geshi (1.0.8.4-2) unstable; urgency=low . * Fix "Local File Inclusion Vulnerability in contrib script" use debian/rules to remove contrib/cssgen.php from bundled examples (Closes: #685324) * debian/control: add myself to Uploaders Checksums-Sha1: 4d64b113a43075b6a3df1de1985ad8212e2ea482 1815 geshi_1.0.8.4-2.dsc 4c111e78a7473ee2df8a93368e4812582a00eca6 2955 geshi_1.0.8.4-2.diff.gz b874da31b1e3a7eafb7e9b8a61bd6c9b84975aa0 703834 php-geshi_1.0.8.4-2_all.deb Checksums-Sha256: 073edb87357103f5f91b96f82418c041cf01463abc31a3ee1538369e2c428da7 1815 geshi_1.0.8.4-2.dsc 08f3028ea8bdff11ff8d6047d1a1b16de01ea80057de16d24695ddc10e2d88be 2955 geshi_1.0.8.4-2.diff.gz 1075c710e2291dd0aadd25e4f69ea989312212bfe7dd61163da8c0204871a3dc 703834 php-geshi_1.0.8.4-2_all.deb Files: 861def50d4aa0015af3c04ea91bf3ed9 1815 web optional geshi_1.0.8.4-2.dsc cadaf24aff5e0c3a1994fbfc91d1abeb 2955 web optional geshi_1.0.8.4-2.diff.gz b89201d4ccbf490035325f7e245ba2df 703834 web optional php-geshi_1.0.8.4-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQOM3MAAoJEKc+AFVVj7jdoBMP/iSlCixvrZE8WRBKEBJCD9z7 QUtfd3p2RVwSOwmZjzfxZ/jf2Udet8RVdMX0RnCGkqlF0s88G4KV1zE1xj/LjKv4 Y28RT57Wwm/JYpd5lxMPUiR0ulpy4BkKarFN2GMkN1k5+p56YXs5Z6jgltccsN1/ gkIaiYDGHNBFNDteROk1UL1XfdWe/nP8nl335zpELLeb+M6CK92oGkkzQ817UHPL kN+F4WRqtQXTxo8hWnkxvetdGhgMROc6ahT2VzZQCnThHlHXr4QUUVi9vlLJZOYg MP4ZVgXy/m/9qUk+bp8QFuqUxZklP6E8DHloSJGED8u5tmO61NrljnjtNudMDQYO RRg0FEDsjD/rHz9IDHaZck+Rdxymx/BuP++sH16xpy2fqvGhOysTT7UORmIBJ7Ro 2ZY8LpXpSAkw+ANpi7lhacX6uNGHVgTOxFWrWSneDYG1XtqzjZObH5GU1Vwr+tNA b925TQrkmqwiYs3YJMUuYwHJuwT/DGi5iTng9T0s3JN5lGMpicih8LstlnuNfgT3 zP7C4AXf2zVlajd9tKijtX+F4tRLskRz2pZKOASr6CZ9Yot7zWxDv9B5RS1cIA5U ElnWkshLKPoTGSRNWLlKYiim5K8DW2aXXvmSrSm/KSCfx7R7IfscEbb9HU1+Gjf3 SCvbmbm2L5Wei13F4xR5 =JWMx -----END PGP SIGNATURE-----
--- End Message ---
