[CVE-2007-3163, CVE-2006-6978 etc.] FCKEditor issues

Debian Bug report logs - #429204
[CVE-2007-3163, CVE-2006-6978 etc.] FCKEditor issues

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>

To: submit@bugs.debian.org

Subject: [CVE-2007-3163, CVE-2006-6978 etc.] FCKEditor issues

Date: Sat, 16 Jun 2007 11:59:41 +0200

Package: knowledgeroot
Severity: grave
Tags: security

Your package seems to contain a copy of FCKEditor, which has been
affected by several security issues:

<http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=FCKEditor>

Please make sure that these vulnerabilities have been fixed in your
copy, both in stable and unstable.  Thanks!

(It would be great if you could contribute to a shared FCKEditor
package, so there's just one place which needs patching.)

Message #10 received at 429204-close@bugs.debian.org (full text, mbox, reply):

From: Frank Habermann <lordlamer@lordlamer.de>

To: 429204-close@bugs.debian.org

Subject: Bug#429204: fixed in knowledgeroot 0.9.8.2-2

Date: Sun, 01 Jul 2007 21:47:05 +0000

Source: knowledgeroot
Source-Version: 0.9.8.2-2

We believe that the bug you reported is fixed in the latest version of
knowledgeroot, which is due to be installed in the Debian FTP archive:

knowledgeroot_0.9.8.2-2.diff.gz
  to pool/main/k/knowledgeroot/knowledgeroot_0.9.8.2-2.diff.gz
knowledgeroot_0.9.8.2-2.dsc
  to pool/main/k/knowledgeroot/knowledgeroot_0.9.8.2-2.dsc
knowledgeroot_0.9.8.2-2_all.deb
  to pool/main/k/knowledgeroot/knowledgeroot_0.9.8.2-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 429204@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Frank Habermann <lordlamer@lordlamer.de> (supplier of updated knowledgeroot package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 01 Jul 2007 23:27:23 +0200
Source: knowledgeroot
Binary: knowledgeroot
Architecture: source all
Version: 0.9.8.2-2
Distribution: unstable
Urgency: high
Maintainer: Frank Habermann <lordlamer@lordlamer.de>
Changed-By: Frank Habermann <lordlamer@lordlamer.de>
Description: 
 knowledgeroot - web-based knowledgebase system
Closes: 429196 429204
Changes: 
 knowledgeroot (0.9.8.2-2) unstable; urgency=high
 .
   * Applied patch from phpmailer upstream to fix shell command execution in
     the included phpmailer code [CVE-2007-3215] (Closes: #429196).
   * Applied patch from svn repository for fckeditor to fix incomplete
     blacklist vulnerability in the filemanager [CVE-2007-3163]
     (Closes: #429204).
Files: 
 efecf03c6d66a5debba33cafe9c830b7 595 web optional knowledgeroot_0.9.8.2-2.dsc
 4bc915d428b0aa70ac699f50e1ab7053 6041 web optional knowledgeroot_0.9.8.2-2.diff.gz
 dbad8c6880d8003295ad8db6f9910b0f 1303752 web optional knowledgeroot_0.9.8.2-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGiB6r+C5cwEsrK54RAukRAJ98bsxVHmDDPuONroRKQtHT/7HN8QCfRLub
smbPsJpVl3wuJF3Q8cxWaEw=
=xW1q
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.