Your message dated Wed, 23 Aug 2006 16:07:59 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#382207: CVE-2006-3990: File inclusion vulnerability in
Savant2 which is included in egroupware
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: egroupware-core
Severity: grave
Tags: security
Justification: user security hole
Some vulnerabilities have been found in Savant2:
"Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones
Savant2, possibly when used with the com_mtree component for Mambo and
Joomla!, allow remote attackers to execute arbitrary PHP code via a
URL in the mosConfig_absolute_path parameter in (1)
Savant2_Plugin_stylesheet.php, (2) Savant2_Compiler_basic.php, (3)
Savant2_Error_pear.php, (4) Savant2_Error_stack.php, (5)
Savant2_Filter_colorizeCode.php, (6)
Savant2_Filter_trimwhitespace.php, (7) Savant2_Plugin_ahref.php, (8)
Savant2_Plugin_ahrefcontact.php, (9) Savant2_Plugin_ahreflisting.php,
(10) Savant2_Plugin_ahreflistingimage.php, (11)
Savant2_Plugin_ahrefmap.php, (12)
Savant2_Plugin_ahrefownerlisting.php, (13)
Savant2_Plugin_ahrefprint.php, (14) Savant2_Plugin_ahrefrating.php,
(15) Savant2_Plugin_ahrefrecommend.php, (16)
Savant2_Plugin_ahrefreport.php, (17) Savant2_Plugin_ahrefreview.php,
(18) Savant2_Plugin_ahrefvisit.php, (19) Savant2_Plugin_checkbox.php,
(20) Savant2_Plugin_cycle.php, (21) Savant2_Plugin_dateformat.php,
(22) Savant2_Plugin_editor.php, (23) Savant2_Plugin_form.php, (24)
Savant2_Plugin_image.php, (25) Savant2_Plugin_input.php, (26)
Savant2_Plugin_javascript.php, (27) Savant2_Plugin_listalpha.php, (28)
Savant2_Plugin_listingname.php, (29) Savant2_Plugin_modify.php, (30)
Savant2_Plugin_mtpath.php, (31) Savant2_Plugin_options.php, (32)
Savant2_Plugin_radios.php, (33) Savant2_Plugin_rating.php, or (34)
Savant2_Plugin_textarea.php."
Please check whether the version included in egroupware is affected
by this vulnerabilities. If it is, please mention the CVE-id in the
changelog.
--- End Message ---
--- Begin Message ---
Upstream says there is no bug.
--- End Message ---
