Your message dated Wed, 29 Aug 2012 12:17:05 +0000 with message-id <e1t6hcj-00007c...@franck.debian.org> and subject line Bug#685324: fixed in geshi 1.0.8.4-1+squeeze1 has caused the Debian Bug report #685324, regarding Local File Inclusion Vulnerability in contrib script to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 685324: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685324 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: php-geshi Version: 1.0.8.4-1 Severity: serious Tags: security upstream GeSHi 1.0.8.11 closes a local file inclusion vulnerability present in one of the contrib scripts provided in the GeSHi distribution. The bug has been present for at least 1.0.8.4 (and maybe even longer). Please upgrade the php-geshi package to latest upstream. Regards, upstream. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages php-geshi depends on: ii php5 5.4.4-4 ii php5-cli 5.4.4-4 php-geshi recommends no packages. php-geshi suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: geshi Source-Version: 1.0.8.4-1+squeeze1 We believe that the bug you reported is fixed in the latest version of geshi, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 685...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jan Dittberner <ja...@debian.org> (supplier of updated geshi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 27 Aug 2012 16:06:25 +0200 Source: geshi Binary: php-geshi Architecture: source all Version: 1.0.8.4-1+squeeze1 Distribution: stable Urgency: low Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-de...@lists.alioth.debian.org> Changed-By: Jan Dittberner <ja...@debian.org> Description: php-geshi - Generic Syntax Highlighter Closes: 685324 Changes: geshi (1.0.8.4-1+squeeze1) stable; urgency=low . * Team upload. * Fix "Local File Inclusion Vulnerability in contrib script" use debian/rules to remove contrib/cssgen.php from bundled examples (Closes: #685324) Checksums-Sha1: ede2ff5574fa16312521b7181ff7d11738da8ff6 1773 geshi_1.0.8.4-1+squeeze1.dsc 497f11e84da41c518fcd448fd23fb0afa6d5dfc7 2995 geshi_1.0.8.4-1+squeeze1.diff.gz 8402ad5716c48988e0e23cbfac5b92c06282a970 703000 php-geshi_1.0.8.4-1+squeeze1_all.deb Checksums-Sha256: 9e26907b2f2c38d469f466151bec8decedab86c3cf1c65230154b55192568918 1773 geshi_1.0.8.4-1+squeeze1.dsc ccb300d74a7135bdbaac7b6ffaed202b37129b1649888ffc89914fdda119c809 2995 geshi_1.0.8.4-1+squeeze1.diff.gz 695362c36d9835b684c0c3f3eaa94485a40c4131febd30f09946ecc0d5aad156 703000 php-geshi_1.0.8.4-1+squeeze1_all.deb Files: 978723e21b165394d01cab016daf5d3e 1773 web optional geshi_1.0.8.4-1+squeeze1.dsc 0ea118873084e5e7c2bd7900658bd182 2995 web optional geshi_1.0.8.4-1+squeeze1.diff.gz 1e7bde9dcd97e323f1eca40568872ebb 703000 web optional php-geshi_1.0.8.4-1+squeeze1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQO48FAAoJEKc+AFVVj7jd4dgP/il/o6iNmsA6sfZgmeRtj10+ AumwnybWI7SNJgG4YjG9Gm8UqXhOT9muwwu9gb0sKGofA1yJ066fy3bS9DxBvNDT Dgq5zyhTUazg993YbZ+qgx4lRLq2ZX6v4voHn8D5f/AEfpF4M56hrX8+DXt5IoUR 8Uf62dbQDIIc+Pym+jhl4WdAXrFde8OautEPBfy69EK1LlPKXlnJk8pm9JWQZM29 Kv6zcXadr4e5i5YTQZw2BfmmME2oe6pHiXb6mIVo7gTpWTvaBUPOimhG8sAHh6Le eT559oM/3BgAx6qcY7NdV7s3xFY/V/N8L9HOm3U89zHAKPtpSHok7BqepJ2qDonm cxI9XupCeZfd2Ci3w5QTF0vzfnzUqqa5rxmlJTXZ91Ygy7+G8L5BlV/dJLgfV/ZU Hl2QpOZUzk1qh5QssdXImZqjlrXfBC35JWvqsJGIJs9i8BQ33oKmuBkOvrTF+7Y6 QBcvOu6oXESS2/A4pkwqO2zqddW3eMV8UCaSdQ8X9weXp37FhtA0NurKonHyThrK vY0HVVL9w47U+Ix/xxMVxfCn/PFrzLzaR+7IKkbvxRA+xajjQmi6aJDL0tGPU+C8 YIs0moceJcbnWV7kejWXF/lWEgPrQJplEQr2AKFEd0iczmieMyANirRUNw8S+mu7 fOHf5nmoAZHN3FCrYb2J =Oky0 -----END PGP SIGNATURE-----
--- End Message ---
