Debian Bug report logs -
#727669
Protect against CSRF attacks by using tokens on destructive actions (CVE-2013-6275)
Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Fri, 25 Oct 2013 07:45:02 UTC
Severity: important
Tags: security
Found in version php-horde-ingo/3.1.2-1
Fixed in version php-horde-ingo/3.1.3-1
Done: Mathieu Parent <sathieu@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, unknown-package@qa.debian.org:
Bug#727669; Package php-ingo.
(Fri, 25 Oct 2013 07:45:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
New Bug report received and forwarded. Copy sent to unknown-package@qa.debian.org.
(Fri, 25 Oct 2013 07:45:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: php-ingo
Severity: important
Version: 3.1.2-1
Upstream fixed a CSRF issue (CVE-2013-6275) in Ingo.
The upstream bug is found here:
http://bugs.horde.org/ticket/12796
The upstream patch is this:
http://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=bug_12796.patch&ticket=12796&fn=%2Fbug_12796.patch
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-keys, inline)]
[Message part 3 (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, unknown-package@qa.debian.org:
Bug#727669; Package php-ingo.
(Fri, 25 Oct 2013 08:03:09 GMT) (full text, mbox, link).
Message #8 received at 727669@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: reassign -1 php-horde-ingo 3.1.2-1
On Vi, 25 oct 13, 07:40:03, Mike Gabriel wrote:
> Package: php-ingo
> Severity: important
> Version: 3.1.2-1
>
> Upstream fixed a CSRF issue (CVE-2013-6275) in Ingo.
>
> The upstream bug is found here:
> http://bugs.horde.org/ticket/12796
>
> The upstream patch is this:
> http://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=bug_12796.patch&ticket=12796&fn=%2Fbug_12796.patch
>
> Greets,
> Mike
> --
>
> DAS-NETZWERKTEAM
> mike gabriel, herweg 7, 24357 fleckeby
> fon: +49 (1520) 1976 148
>
> GnuPG Key ID 0x25771B31
> mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
>
> freeBusy:
> https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
> pub 4096R/25771B31 2012-07-20 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
> uid Mike Gabriel <mike.gabriel@it-zukunft-schule.de>
> uid Mike Gabriel <m.gabriel@das-netzwerkteam.de>
> uid Mike Gabriel <mike@ubuntu.de>
> uid Mike Gabriel <sunweaver@debian.org>
> sub 4096R/3D7D2E42 2012-07-20
--
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt
[signature.asc (application/pgp-signature, inline)]
Bug reassigned from package 'php-ingo' to 'php-horde-ingo'.
Request was from Andrei POPESCU <andreimpopescu@gmail.com>
to 727669-submit@bugs.debian.org.
(Fri, 25 Oct 2013 08:03:10 GMT) (full text, mbox, link).
No longer marked as found in versions 3.1.2-1.
Request was from Andrei POPESCU <andreimpopescu@gmail.com>
to 727669-submit@bugs.debian.org.
(Fri, 25 Oct 2013 08:03:11 GMT) (full text, mbox, link).
Marked as found in versions php-horde-ingo/3.1.2-1.
Request was from Andrei POPESCU <andreimpopescu@gmail.com>
to 727669-submit@bugs.debian.org.
(Fri, 25 Oct 2013 08:03:11 GMT) (full text, mbox, link).
Changed Bug title to 'Protect against CSRF attacks by using tokens on destructive actions (CVE-2013-6275)' from 'Protect against CSRF attacks by using tokens on destructive actions'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 28 Oct 2013 17:27:16 GMT) (full text, mbox, link).
Added tag(s) security.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 28 Oct 2013 17:27:17 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Mathieu Parent <math.parent@gmail.com>
to control@bugs.debian.org.
(Tue, 29 Oct 2013 17:03:14 GMT) (full text, mbox, link).
Reply sent
to Mathieu Parent <sathieu@debian.org>:
You have taken responsibility.
(Tue, 29 Oct 2013 21:27:12 GMT) (full text, mbox, link).
Notification sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Bug acknowledged by developer.
(Tue, 29 Oct 2013 21:27:12 GMT) (full text, mbox, link).
Message #25 received at 727669-close@bugs.debian.org (full text, mbox, reply):
Source: php-horde-ingo
Source-Version: 3.1.3-1
We believe that the bug you reported is fixed in the latest version of
php-horde-ingo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 727669@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathieu Parent <sathieu@debian.org> (supplier of updated php-horde-ingo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 29 Oct 2013 21:48:20 +0100
Source: php-horde-ingo
Binary: php-horde-ingo
Architecture: source all
Version: 3.1.3-1
Distribution: unstable
Urgency: low
Maintainer: Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>
Changed-By: Mathieu Parent <sathieu@debian.org>
Description:
php-horde-ingo - ${phppear:summary}
Closes: 727669
Changes:
php-horde-ingo (3.1.3-1) unstable; urgency=low
.
* New upstream version 3.1.3
- Fix CSRF attacks by using tokens on destructive actions (CVE-2013-6275)
(Closes: #727669)
Checksums-Sha1:
575217adc684d58f4fa13ef6df20f09b92394db6 1385 php-horde-ingo_3.1.3-1.dsc
291e60cd7b2dfb8368b1973f7cb382e4ff43f78d 1495659 php-horde-ingo_3.1.3.orig.tar.gz
873b4051f0dc632c13477153364424dcf453acd6 3602 php-horde-ingo_3.1.3-1.debian.tar.gz
06943c6dcd78e4c477b060cd2c5f778739502507 1541006 php-horde-ingo_3.1.3-1_all.deb
Checksums-Sha256:
156ef8d562bd20121bc61cbcd7b8b81d6d0db3e0115cea91f2c9a04946f72cb5 1385 php-horde-ingo_3.1.3-1.dsc
7b11684725e53853a70775446239589d7e9bb4e0597583e8145a72c23d040671 1495659 php-horde-ingo_3.1.3.orig.tar.gz
f85c93df6d5179f69b81ac5c8a05b243ea24bf7cbeb96686c61d749bdc1b144d 3602 php-horde-ingo_3.1.3-1.debian.tar.gz
0d84ea762a25a3ca1741e041058785015560b25c2cd92a487770472fce8af172 1541006 php-horde-ingo_3.1.3-1_all.deb
Files:
a031050dd5c4da22e49690fdbbb0b87b 1385 php extra php-horde-ingo_3.1.3-1.dsc
bd42a798a64f9c298b337285e97707ff 1495659 php extra php-horde-ingo_3.1.3.orig.tar.gz
6cdea21c2aa848bc1bc6a363cbbd6b76 3602 php extra php-horde-ingo_3.1.3-1.debian.tar.gz
2294ec9681db98874b8de5794aa1e048 1541006 php extra php-horde-ingo_3.1.3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iEYEARECAAYFAlJwH0wACgkQOW2jYf5fHX+1NgCfW7zm82Qat6tUpLfnmdqoIpnJ
ShIAn1VQ/7nc01GwoIrN7GMlKztLIxO3
=9GZJ
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>:
Bug#727669; Package php-horde-ingo.
(Sat, 23 Nov 2013 11:54:08 GMT) (full text, mbox, link).
Acknowledgement sent
to barrFreedman@mail2world.com:
Extra info received and forwarded to list. Copy sent to Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>.
(Sat, 23 Nov 2013 11:54:08 GMT) (full text, mbox, link).
Message #30 received at 727669@bugs.debian.org (full text, mbox, reply):
--
This is to inform you that an inheritance was bequeathed in your
favour. Letters were posted to you to this regards, but returned
undelivered. Kindly contact me once you recieve this email for more
information.
Sincerely
Barr Mark Freedman
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 22 Dec 2013 07:30:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:31:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon