Debian Bug report logs -
#382621
[squirrelmail] CVE-2006-4019 Variable overwriting in compose.php
Reported by: Helmut <bgrpt@toplitzer.net>
Date: Sat, 12 Aug 2006 10:18:29 UTC
Severity: grave
Tags: patch, security
Found in version squirrelmail/2:1.4.4-8
Fixed in versions 2:1.4.8-1, 2:1.4.4-9
Done: Thijs Kinkhorst <thijs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>:
Bug#382621; Package squirrelmail.
(full text, mbox, link).
Acknowledgement sent to Helmut <bgrpt@toplitzer.net>:
New Bug report received and forwarded. Copy sent to Jeroen van Wolffelaar <jeroen@wolffelaar.nl>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: squirrelmail
Version: 2:1.4.4-8
Severity: grave
Tags: security patch
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2006-08/msg00248.html
Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Helmut <bgrpt@toplitzer.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 382621-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 2:1.4.8-1
On Sat, 2006-08-12 at 12:01 +0200, Helmut wrote:
> Package: squirrelmail
> Version: 2:1.4.4-8
> Severity: grave
> Tags: security patch
>
> http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2006-08/msg00248.html
An updated package has been submitted to the security team on Friday so
an update will be out soon. For sid this has been fixed in the 2:1.4.8-1
upload on Friday.
Thijs
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>:
Bug#382621; Package squirrelmail.
(full text, mbox, link).
Acknowledgement sent to Helmut <bgrpt@toplitzer.net>:
Extra info received and forwarded to list. Copy sent to Jeroen van Wolffelaar <jeroen@wolffelaar.nl>.
(full text, mbox, link).
Message #15 received at 382621@bugs.debian.org (full text, mbox, reply):
reopen 382621
retitle 382621 [squirrelmail] CVE-2006-4019 Variable overwriting in compose.php
thanks
Since there's no fix out yet I reopen the bug to keep it on
the list.
Bug reopened, originator not changed.
Request was from Helmut <bgrpt@toplitzer.net>
to control@bugs.debian.org.
(full text, mbox, link).
Changed Bug title.
Request was from Helmut <bgrpt@toplitzer.net>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Helmut <bgrpt@toplitzer.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #24 received at 382621-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 2:1.4.8-1
On Thu, 2006-08-17 at 06:53 +0200, Helmut wrote:
> Since there's no fix out yet I reopen the bug to keep it on
> the list.
This doesn't work correctly. It was still open for sarge, the version
tracking noticed that. Closing again with sid(etch) version to reinstate
the previous situation. I must admit that the version tracking feature
of the BTS is badly documented.
I haven't heard anything back from the security team yet.
Thijs
[signature.asc (application/pgp-signature, inline)]
Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Helmut <bgrpt@toplitzer.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #29 received at 382621-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 2:1.4.4-9
On Thu, 2006-08-17 at 06:53 +0200, Helmut wrote:
> Since there's no fix out yet I reopen the bug to keep it on
> the list.
An advisory has been released.
Thijs
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jun 2007 20:38:51 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:07:22 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon