Debian Bug report logs -
#590769
CVE-2010-2491: XSS
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 29 Jul 2010 04:39:01 UTC
Severity: grave
Tags: security
Fixed in version roundup/1.4.13-3.1
Done: Moritz Muehlenhoff <jmm@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Toni Mueller <toni@debian.org>:
Bug#590769; Package roundup.
(Thu, 29 Jul 2010 04:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Toni Mueller <toni@debian.org>.
(Thu, 29 Jul 2010 04:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: roundup
Severity: grave
Tags: security
http://bugs.gentoo.org/show_bug.cgi?id=326395
http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
I'll look into an update.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages roundup depends on:
ii adduser 3.112 add and remove users and groups
ii python 2.6.5-11 interactive high-level object-orie
ii python-central 0.6.16 register and build utility for Pyt
roundup recommends no packages.
Versions of packages roundup suggests:
pn libapache2-mod-python <none> (no description available)
pn python-gdbm <none> (no description available)
pn python-mysqldb <none> (no description available)
pn python-openssl <none> (no description available)
pn python-psycopg2 <none> (no description available)
pn python-pyme <none> (no description available)
pn python-sqlite <none> (no description available)
pn python-tz <none> (no description available)
pn python-xapian <none> (no description available)
pn runit <none> (no description available)
Reply sent
to Moritz Muehlenhoff <jmm@debian.org>:
You have taken responsibility.
(Fri, 30 Jul 2010 02:51:14 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Fri, 30 Jul 2010 02:51:15 GMT) (full text, mbox, link).
Message #10 received at 590769-close@bugs.debian.org (full text, mbox, reply):
Source: roundup
Source-Version: 1.4.13-3.1
We believe that the bug you reported is fixed in the latest version of
roundup, which is due to be installed in the Debian FTP archive:
roundup_1.4.13-3.1.diff.gz
to main/r/roundup/roundup_1.4.13-3.1.diff.gz
roundup_1.4.13-3.1.dsc
to main/r/roundup/roundup_1.4.13-3.1.dsc
roundup_1.4.13-3.1_all.deb
to main/r/roundup/roundup_1.4.13-3.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 590769@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Muehlenhoff <jmm@debian.org> (supplier of updated roundup package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 29 Jul 2010 21:52:01 -0400
Source: roundup
Binary: roundup
Architecture: source all
Version: 1.4.13-3.1
Distribution: unstable
Urgency: medium
Maintainer: Toni Mueller <toni@debian.org>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Description:
roundup - an issue-tracking system
Closes: 590769
Changes:
roundup (1.4.13-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2010-2491 (Closes: #590769)
Checksums-Sha1:
88c0f01d3729a462c8deeef64b1865a61d5a0ed3 1051 roundup_1.4.13-3.1.dsc
2aa4b775bb2948de915c0ab7297ca7da569db53c 23521 roundup_1.4.13-3.1.diff.gz
ac6423db25c651eb0923eae79c219ff55c3243d2 1356372 roundup_1.4.13-3.1_all.deb
Checksums-Sha256:
42f87f08784bd7466c368c2ada74b151f26a62fcb78cf522b0e05b963e748ef1 1051 roundup_1.4.13-3.1.dsc
a511f01435c54acefdc6c2c0367df0917b7f723ca45100bea4d4ad19cc2ffda9 23521 roundup_1.4.13-3.1.diff.gz
09de9a735eb4f483e570521ddbcb32ffef56a91bc84f9b91dd4ba88fcf37b56e 1356372 roundup_1.4.13-3.1_all.deb
Files:
eae452bd2f43e34ef60402802bdb8b73 1051 web optional roundup_1.4.13-3.1.dsc
94679bd3e4dcfbb94ee339844075a84c 23521 web optional roundup_1.4.13-3.1.diff.gz
c8eed062855ddd006f6756749fe1e816 1356372 web optional roundup_1.4.13-3.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxSMH0ACgkQXm3vHE4uylrcpgCg03IMohLMT9F2gxalr0l3w1uq
Ks8Anj6fHa/J9KK9VV/HcKzxh4pS/ZEL
=5J+B
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 01 Sep 2010 07:40:57 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:23:24 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon