Debian Bug report logs -
#429204
[CVE-2007-3163, CVE-2006-6978 etc.] FCKEditor issues
Reported by: Florian Weimer <fw@deneb.enyo.de>
Date: Sat, 16 Jun 2007 10:03:06 UTC
Severity: grave
Tags: security
Fixed in version knowledgeroot/0.9.8.2-2
Done: Frank Habermann <lordlamer@lordlamer.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Frank Habermann <lordlamer@lordlamer.de>
:
Bug#429204
; Package knowledgeroot
.
(full text, mbox, link).
Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>
:
New Bug report received and forwarded. Copy sent to Frank Habermann <lordlamer@lordlamer.de>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: knowledgeroot
Severity: grave
Tags: security
Your package seems to contain a copy of FCKEditor, which has been
affected by several security issues:
<http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=FCKEditor>
Please make sure that these vulnerabilities have been fixed in your
copy, both in stable and unstable. Thanks!
(It would be great if you could contribute to a shared FCKEditor
package, so there's just one place which needs patching.)
Reply sent to Frank Habermann <lordlamer@lordlamer.de>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Florian Weimer <fw@deneb.enyo.de>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 429204-close@bugs.debian.org (full text, mbox, reply):
Source: knowledgeroot
Source-Version: 0.9.8.2-2
We believe that the bug you reported is fixed in the latest version of
knowledgeroot, which is due to be installed in the Debian FTP archive:
knowledgeroot_0.9.8.2-2.diff.gz
to pool/main/k/knowledgeroot/knowledgeroot_0.9.8.2-2.diff.gz
knowledgeroot_0.9.8.2-2.dsc
to pool/main/k/knowledgeroot/knowledgeroot_0.9.8.2-2.dsc
knowledgeroot_0.9.8.2-2_all.deb
to pool/main/k/knowledgeroot/knowledgeroot_0.9.8.2-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 429204@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frank Habermann <lordlamer@lordlamer.de> (supplier of updated knowledgeroot package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 01 Jul 2007 23:27:23 +0200
Source: knowledgeroot
Binary: knowledgeroot
Architecture: source all
Version: 0.9.8.2-2
Distribution: unstable
Urgency: high
Maintainer: Frank Habermann <lordlamer@lordlamer.de>
Changed-By: Frank Habermann <lordlamer@lordlamer.de>
Description:
knowledgeroot - web-based knowledgebase system
Closes: 429196 429204
Changes:
knowledgeroot (0.9.8.2-2) unstable; urgency=high
.
* Applied patch from phpmailer upstream to fix shell command execution in
the included phpmailer code [CVE-2007-3215] (Closes: #429196).
* Applied patch from svn repository for fckeditor to fix incomplete
blacklist vulnerability in the filemanager [CVE-2007-3163]
(Closes: #429204).
Files:
efecf03c6d66a5debba33cafe9c830b7 595 web optional knowledgeroot_0.9.8.2-2.dsc
4bc915d428b0aa70ac699f50e1ab7053 6041 web optional knowledgeroot_0.9.8.2-2.diff.gz
dbad8c6880d8003295ad8db6f9910b0f 1303752 web optional knowledgeroot_0.9.8.2-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGiB6r+C5cwEsrK54RAukRAJ98bsxVHmDDPuONroRKQtHT/7HN8QCfRLub
smbPsJpVl3wuJF3Q8cxWaEw=
=xW1q
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 16 Mar 2009 07:34:43 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:49:26 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.