Debian Bug report logs -
#339079
CVE-2005-334[78]: Two vulnerabilities in phpsysinfo
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 14 Nov 2005 20:49:25 UTC
Severity: grave
Tags: security
Fixed in version phpsysinfo/2.3-7
Done: Frederik Schüler <fs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Frederik Schüler <fschueler@gmx.net>:
Bug#339079; Package phpsysinfo.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Frederik Schüler <fschueler@gmx.net>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: phpsysinfo
Severity: grave
Tags: security
Justification: user security hole
Two security problems have been found in phpsysinfo. Please see
http://www.hardened-php.net/advisory_212005.81.html for more
information. 2.4.1 fixes these issues.
MITRE has assigned the identifiers CVE-2005-3347 and CVE-2005-3348
to these problems, please mention them in the changelog when fixing
this.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Information forwarded to debian-bugs-dist@lists.debian.org, Frederik Schüler <fschueler@gmx.net>:
Bug#339079; Package phpsysinfo.
(full text, mbox, link).
Acknowledgement sent to "Frederik Schüler" <fschueler@gmx.net>:
Extra info received and forwarded to list. Copy sent to Frederik Schüler <fschueler@gmx.net>.
(full text, mbox, link).
Message #10 received at 339079@bugs.debian.org (full text, mbox, reply):
Hello,
thanbks for the info. A new package is in preparation and will be uploaded
ASAP.
Best regards
Frederik Schüler
--
Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko!
Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
Reply sent to Frederik Schüler <fs@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 339079-close@bugs.debian.org (full text, mbox, reply):
Source: phpsysinfo
Source-Version: 2.3-7
We believe that the bug you reported is fixed in the latest version of
phpsysinfo, which is due to be installed in the Debian FTP archive:
phpsysinfo_2.3-7.diff.gz
to pool/main/p/phpsysinfo/phpsysinfo_2.3-7.diff.gz
phpsysinfo_2.3-7.dsc
to pool/main/p/phpsysinfo/phpsysinfo_2.3-7.dsc
phpsysinfo_2.3-7_all.deb
to pool/main/p/phpsysinfo/phpsysinfo_2.3-7_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 339079@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frederik Schüler <fs@debian.org> (supplier of updated phpsysinfo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 14 Nov 2005 22:48:42 +0100
Source: phpsysinfo
Binary: phpsysinfo
Architecture: source all
Version: 2.3-7
Distribution: unstable
Urgency: high
Maintainer: Frederik Schüler <fs@debian.org>
Changed-By: Frederik Schüler <fs@debian.org>
Description:
phpsysinfo - PHP based host information
Closes: 330454 330764 338084 339079
Changes:
phpsysinfo (2.3-7) unstable; urgency=high
.
* New Maintainer Address: I successfully passed NM.
* Fix several security issues, thanks to Martin Schulze <joey@infodrom.org>
for the patch. Closes: #339079
- Restrict sensor_program to single filenames [index.php,
debian/patches/xxx_CVE-2005-0870.diff]
- Backported parts of upstream changes and parts of changes by
Christopher Kunz [index.php, debian/patches/xxx_CVE-2005-3347.diff]
- Initialise charset variable [index.php,
debian/patches/xxx_CVE-2005-3348.diff]
* Add portuguese debconf template translation, thanks to Miguel
Figueiredo <elmig@debianpt.org> and the Debianpt.org Translation Team
<traduz@debianpt.org>. Closes: #338084
* Add german debconf template translation, thanks to Daniel Knabl
<daniel@knabl.com> and the German Gnome language team
<gnome-de@gnome.org>. Closes: #330454
* Add swedish debconf template translation, thanks to Daniel Nylander
<po@danielnylander.se> and the Swedish Linux-International translation
team <sv@li.org>. Closes: #330764
* Updated watch file.
Files:
b1dffedf7a1e69104a22db2927209d89 583 web optional phpsysinfo_2.3-7.dsc
28bb0e691797fba01b0723e5d0de611e 12413 web optional phpsysinfo_2.3-7.diff.gz
22b6661f46a4a84dd89f288cd22e5b97 167340 web optional phpsysinfo_2.3-7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDe1Ld6n7So0GVSSARAiJhAJ91Q2mNoMOfkgcOV/nER3fjSSrT5gCfVpWF
gqAMlLzVpXNWbEBoD0R5Erc=
=VY3i
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 26 Jun 2007 16:52:07 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:39:07 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon