Your message dated Tue, 16 May 2017 00:33:53 +0000 with message-id <e1daqqz-000535...@fasolo.debian.org> and subject line Bug#862611: fixed in deluge 1.3.13+git20161130.48cedf63-3 has caused the Debian Bug report #862611, regarding deluge-webui: directory traversal attack vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862611: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862611 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: deluge-webui severity: important Dear Maintainer, Deluge 1.3.15 have an important fix a directory traversal security vulnerability that has the potential to compromise your machine. It is important to update to this version as soon as possible. Kind regards, Jonatan
--- End Message ---
--- Begin Message ---Source: deluge Source-Version: 1.3.13+git20161130.48cedf63-3 We believe that the bug you reported is fixed in the latest version of deluge, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 862...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andrew Starr-Bochicchio <a...@debian.org> (supplier of updated deluge package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 15 May 2017 20:09:48 -0400 Source: deluge Binary: deluge-common deluged deluge-console deluge-web deluge-gtk deluge deluge-webui deluge-torrent Architecture: source all Version: 1.3.13+git20161130.48cedf63-3 Distribution: unstable Urgency: high Maintainer: Cristian Greco <crist...@debian.org> Changed-By: Andrew Starr-Bochicchio <a...@debian.org> Description: deluge - bittorrent client written in Python/PyGTK deluge-common - bittorrent client written in Python/PyGTK (common files) deluge-console - bittorrent client written in Python/PyGTK (console ui) deluge-gtk - bittorrent client written in Python/PyGTK (GTK+ ui) deluge-torrent - bittorrent client (gtk ui transitional package) deluge-web - bittorrent client written in Python/PyGTK (web ui) deluge-webui - bittorrent client (web ui transitional package) deluged - bittorrent client written in Python/PyGTK (daemon) Closes: 862611 Changes: deluge (1.3.13+git20161130.48cedf63-3) unstable; urgency=high . * Check if template files exist and raise 404 if not in order to protect webui against directory traversal (Closes: #862611). Checksums-Sha1: ce9edc5b9a4456fc676c66fe88ff9849069b2ac3 2448 deluge_1.3.13+git20161130.48cedf63-3.dsc bf160b89db919e0d07435429246cd47d140ceb5b 567828 deluge_1.3.13+git20161130.48cedf63-3.debian.tar.xz 4ac33b59e88dad7d2ad003cb365ea0bf23923b84 768500 deluge-common_1.3.13+git20161130.48cedf63-3_all.deb 9f727aedabda3f6b0fc1d7833ca631d0ad6f5af5 52920 deluge-console_1.3.13+git20161130.48cedf63-3_all.deb a4fe3d14c6b57439c54d7f6c4e12cb799e1892a6 246386 deluge-gtk_1.3.13+git20161130.48cedf63-3_all.deb 361bb95406d079bf5b8c226f28178133b0ec4c8f 34716 deluge-torrent_1.3.13+git20161130.48cedf63-3_all.deb 6e7837bdce5e27ac55d99c32bab90227d5469fa9 496658 deluge-web_1.3.13+git20161130.48cedf63-3_all.deb a559ec8a799e5ee5ec8ec73672ae1781ef8c41be 34730 deluge-webui_1.3.13+git20161130.48cedf63-3_all.deb 52f1c1a8f452881531981592db8f8e189fcb5f5d 42584 deluge_1.3.13+git20161130.48cedf63-3_all.deb 06357f826dee5f33211f35cdba581c1ecde8a85b 8086 deluge_1.3.13+git20161130.48cedf63-3_amd64.buildinfo 8669faca0d36abcc4029e5cb5430927e8a3b2b4f 38442 deluged_1.3.13+git20161130.48cedf63-3_all.deb Checksums-Sha256: aa7a6704e407cf0ce1d9eac96ae38b9744a8e9397a5b9bf0fb869d43d435e422 2448 deluge_1.3.13+git20161130.48cedf63-3.dsc 22f4d35ca513838e79e2eec06e826c55ea27d3279672b525f31de2be7feed5bd 567828 deluge_1.3.13+git20161130.48cedf63-3.debian.tar.xz c5337e809fd0c1cda577cc7976033b9f6ec0badcc2f14aa7337ffcae4a6b8c2f 768500 deluge-common_1.3.13+git20161130.48cedf63-3_all.deb cfd05de909eac7848731e070a955d11eb108e41de3f23365745fefe2bbd9b2f1 52920 deluge-console_1.3.13+git20161130.48cedf63-3_all.deb da5a7a88fe19ff81e8f08af88c846ed03675ed338ee7d4be2485d46fe61b241e 246386 deluge-gtk_1.3.13+git20161130.48cedf63-3_all.deb 247fbe97ac96d3b99bb466fb2b91342931ab1119b9251bc3741da6574a385e8f 34716 deluge-torrent_1.3.13+git20161130.48cedf63-3_all.deb 95b44be3c19d39ba0329287e0d651529ca1164c413bb7e99a817058381e29a14 496658 deluge-web_1.3.13+git20161130.48cedf63-3_all.deb 7a0b5e88e937964ac741a78756e27c8baf833b913698e6ad9591911bf8268c6a 34730 deluge-webui_1.3.13+git20161130.48cedf63-3_all.deb a98ba94ac9579845966729a1ec206141e4fd728902cd91f69b3017c232c64005 42584 deluge_1.3.13+git20161130.48cedf63-3_all.deb e14a848328592cbc47e2f583eca57e26fe43ab24abc1f8161afffb31a2ea0edf 8086 deluge_1.3.13+git20161130.48cedf63-3_amd64.buildinfo d6a82e0684f4e9dbf76ae2ef86afe811dc918318b40f9fe60eda74f7aeeb7e73 38442 deluged_1.3.13+git20161130.48cedf63-3_all.deb Files: c770364a04d413b0488814adf67281f9 2448 net optional deluge_1.3.13+git20161130.48cedf63-3.dsc bdb466d8d683857104c6ab39d25bf105 567828 net optional deluge_1.3.13+git20161130.48cedf63-3.debian.tar.xz 7658a84e29f02d2f4a7ce3f4bc9f967f 768500 net optional deluge-common_1.3.13+git20161130.48cedf63-3_all.deb 9a8147c17a46e74eb979025b1b7962fe 52920 net optional deluge-console_1.3.13+git20161130.48cedf63-3_all.deb c71894147e3897fc9604d39ae782e0b6 246386 net optional deluge-gtk_1.3.13+git20161130.48cedf63-3_all.deb 2e203c97c922976f4eb6901308ded022 34716 oldlibs extra deluge-torrent_1.3.13+git20161130.48cedf63-3_all.deb 197bcdd7f221e950edf56730436122e5 496658 net optional deluge-web_1.3.13+git20161130.48cedf63-3_all.deb 7c2b2fa2d08afef6ee2b08f05b73faa2 34730 oldlibs extra deluge-webui_1.3.13+git20161130.48cedf63-3_all.deb 04fe824d46898013a87041921e4ff36d 42584 net optional deluge_1.3.13+git20161130.48cedf63-3_all.deb b65cf84afbd860b0dd03b683a270d2c5 8086 net optional deluge_1.3.13+git20161130.48cedf63-3_amd64.buildinfo 011021069b9cbc015513644b71c6ba2a 38442 net optional deluged_1.3.13+git20161130.48cedf63-3_all.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJZGkRCAAoJEDtW4rvVP9yxNtMP/2powIqQFiq6CnzMuUNk2X/U 3J0JNR5YVnYQfbHlffIEXvRZAI7hc135J11Ufc8yRKGowXkmTJ1mZt/nhlCcn7hY WG77VuYr9x5L6f7dl7qKYFiVI5iWxbLwA8Mn+W0AzBUJziUQSUQd2P4pUeIWcZ9H wmezNvbBDEKSSY39Yvf/Z+iRIu3WKYHhN0DYlkChHAowK8Zxbu8/U8ngIMgCFape MH0HmAK8dgYNAP9KiDqwZDkeZKoAe4TZ960poRV2bH2Puqzm5xBSx6qqXVteqMbk Wc1qtr3KhvLlCUxBlvyGrb8DKvITPYOItmIhFvroFQKZ7h6XgwYsVnUNy9xa9o7n Vxg+kLd8C4CYxecmdovaVDi18lQU0aRsPvCWU45zEcsKIKBPyBpVXBC0scTrYBdD JgC4sKhFwMCxyY59PpvJHCpIg857ZBAsyZX+x/YeBG/T024YwX7iorWyc/ej0Ijh hMHH8xuX27tVmRW+1iZGrUYkGd82Ua6nzJEqLAVmJRjFUJXt9XPY76Jmx8/R3QQc X3QN75xDbTxmPiIG1wEumlBDLQDqoIXwS1t4JoCGctxDurXeSsXiVwRrDE6crtZA KoKmfYtye4zFmEYHV3w/8akeEB5fUT6kxRZv1oVNRVdsao9vMAyp7xPJDUIwFu+o 83lDtZLMc96oAfedOAp1 =/ZAr -----END PGP SIGNATURE-----
--- End Message ---
