Steffen,
I have placed ampache-3.4.1-2 up on m.d.n. for your review and upload.
http://mentors.debian.net/debian/pool/main/a/ampache
With this upload I have made the package dependent on
- libphp-snoopy - to correct bug #504169
- libjs-prototype - this is also a duplicate copy of code, and
> This version won't help. First of all, I strongly doubt that the release team
> would accept such intrusive changes for lenny. Second, the file should just
> be removed and a dependency added against libphp-snoopy. Of course you will
> have to check that it still works correctly. Keep in mind
> Cheers
> Steffen
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796
> http://security-tracker.debian.net/tracker/CVE-2008-4796
> [1] http://klecker.debian.org/~white/libphp-snoopy/CVE-2008-4796.patch
>
>
Steffen,
Thanks for the bug repor
Hi Charlie
> Thanks for the bug report.
>
> I have addressed this issue in ampache-3.4.3-1 which is currently on
> m.d.n [1] awaiting sponsoring.
>
> With Lenny so close to release I am contacting my usual sponsor for
> guidance on which would be the best solution for this bug:
> a. use supplied
Package: ampache
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ampache.
CVE-2008-4796[0]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
| and earlier allows remote at
5 matches
Mail list logo
