Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-6780

Source

Debian Bug report logs - #730104
yui: CVE-2013-6780

Package: yui; Maintainer for yui is (unknown);

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 21 Nov 2013 13:21:07 UTC

Severity: grave

Tags: security

Fixed in version 2.9.0.dfsg.0.1-0.1+rm

Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>:
Bug#730104; Package yui. (Thu, 21 Nov 2013 13:21:11 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>. (Thu, 21 Nov 2013 13:21:11 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: yui
Severity: grave
Tags: security
Justification: user security hole

This was assigned CVE-2013-6780:
https://yuilibrary.com/support/20131111-vulnerability/

Given that upstream states

| YUI 2 is an end-of-lifed project and is no longer supported. All YUI 2 .swf files 
| have been removed from the Yahoo CDN. If your site was taking advantage of the 
| presence of these files on the Yahoo CDN they will no longer be available. 

yui should be removed from unstable. Please file bugs against it's rdeps.

Cheers,
        Moritz

Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. (Fri, 03 Jan 2014 12:21:05 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Fri, 03 Jan 2014 12:21:05 GMT) (full text, mbox, link).

Message #10 received at 730104-close@bugs.debian.org (full text, mbox, reply):

Source: moodle
Source-Version: 2.5.3-3

We believe that the bug you reported is fixed in the latest version of
moodle, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 730104@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated moodle package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 03 Jan 2014 11:44:05 +0100
Source: moodle
Binary: moodle
Architecture: source all
Version: 2.5.3-3
Distribution: unstable
Urgency: medium
Maintainer: Moodle Packaging Team <pkg-moodle-maintainers@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 moodle     - course management system for online learning
Closes: 730104 732895
Changes: 
 moodle (2.5.3-3) unstable; urgency=medium
 .
   * Drop unused libjs-yui dependency (closes: #730104).
   * Replace bundled yui3 with dependency on packaged libjs-yui3-min.
   * Add virtual-mysql-{server,client} dependency alternatives
     (closes: #732895).
   * Change owner of config.php from www-data to root.
   * Checked for policy 3.9.5, no changes necessary.
Checksums-Sha1: 
 4a7057eacf3e2e75c6ac21e6728c0cdeff6dd79d 1679 moodle_2.5.3-3.dsc
 3a566027b9b5f01bd965231541dc298fd3b9ae89 26538 moodle_2.5.3-3.debian.tar.gz
 8ad70894bb0930f09e4585d5bfd3e9ed01382c93 15893164 moodle_2.5.3-3_all.deb
Checksums-Sha256: 
 ac5d59049c4e71be7810d2392a6b4c38b7508eab49904b01fff1335746b33687 1679 moodle_2.5.3-3.dsc
 f0fc61169a3f49582c03c3ccda4d3bc43cb6a400c398b4f13c0a618c0d360a01 26538 moodle_2.5.3-3.debian.tar.gz
 666418d23a1fe3dcc674962d7d9069056a1daea8072527853c121d1d98787cd2 15893164 moodle_2.5.3-3_all.deb
Files: 
 286f4831fe6ba048bf1c7794e1a1dc07 1679 web optional moodle_2.5.3-3.dsc
 3dca3e1924c6d615d3e354d88b431918 26538 web optional moodle_2.5.3-3.debian.tar.gz
 d3cd3303c5ed13a2ddd2418eccee3639 15893164 web optional moodle_2.5.3-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSxqjDAAoJEFb2GnlAHawEFYwIAK/tCPQIzmiI/OK79+ZWV4fp
MHFll/2+x2nPAPXCOBEZmCSScwxHbEKG1dgK4bYgJLZtjeMt4ZmY21P1SNrO19Fb
saKiziaaSJ45Fc3vU9xovnsS3Gth91qADY2jX8O6qqVEPGIAYK/yUVhxPP8jxjxD
3KdtLuxhtq8fYtcrAjHTsU8vPsw3F0zMOTdFK7sCBxz6ia6Bz8uoGKBx7x6W0CiF
WjOyNS1L6nF/vEVylWeS+MRRvsmUvD1sUTP+0Cjf22nEjW0ZCVdOcgvl5aLfji3Z
F3krg1ImMwSAigGknp3NO0xjMp6JGlrZqV5CutFCRP//jmUMhxoR0U4Uz9nl9jI=
=6VQg
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>:
Bug#730104; Package yui. (Fri, 03 Jan 2014 12:51:09 GMT) (full text, mbox, link).

Acknowledgement sent to Ivo De Decker <ivo.dedecker@ugent.be>:
Extra info received and forwarded to list. Copy sent to Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>. (Fri, 03 Jan 2014 12:51:09 GMT) (full text, mbox, link).

Message #15 received at 730104@bugs.debian.org (full text, mbox, reply):

control: reopen 730104
control: close 733963 2.5.3-3

Hi Thijs,

On Fri, Jan 03, 2014 at 12:19:41PM +0000, Thijs Kinkhorst wrote:
> Changes: 
>  moodle (2.5.3-3) unstable; urgency=medium
>  .
>    * Drop unused libjs-yui dependency (closes: #730104).
>    * Replace bundled yui3 with dependency on packaged libjs-yui3-min.

Looks like you closedd the bug in yui, not the one in moodle. Fixing.

Cheers,

Ivo

Bug reopened Request was from Ivo De Decker <ivo.dedecker@ugent.be> to 730104-submit@bugs.debian.org. (Fri, 03 Jan 2014 12:51:09 GMT) (full text, mbox, link).

No longer marked as fixed in versions moodle/2.5.3-3. Request was from Ivo De Decker <ivo.dedecker@ugent.be> to 730104-submit@bugs.debian.org. (Fri, 03 Jan 2014 12:51:10 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>:
Bug#730104; Package yui. (Fri, 03 Jan 2014 13:27:05 GMT) (full text, mbox, link).

Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>. (Fri, 03 Jan 2014 13:27:05 GMT) (full text, mbox, link).

Message #24 received at 730104@bugs.debian.org (full text, mbox, reply):

Hoi Ivo,

On Fri, January 3, 2014 13:48, Ivo De Decker wrote:
> control: reopen 730104
> control: close 733963 2.5.3-3
>
> Hi Thijs,
>
> On Fri, Jan 03, 2014 at 12:19:41PM +0000, Thijs Kinkhorst wrote:
>> Changes:
>>  moodle (2.5.3-3) unstable; urgency=medium
>>  .
>>    * Drop unused libjs-yui dependency (closes: #730104).
>>    * Replace bundled yui3 with dependency on packaged libjs-yui3-min.
>
> Looks like you closedd the bug in yui, not the one in moodle. Fixing.

Sorry and thanks.


Thijs

Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Thu, 11 Aug 2016 23:00:42 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Thu, 11 Aug 2016 23:00:42 GMT) (full text, mbox, link).

Message #29 received at 730104-done@bugs.debian.org (full text, mbox, reply):

Version: 2.9.0.dfsg.0.1-0.1+rm

Dear submitter,

as the package yui has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/834085

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 09 Sep 2016 07:25:09 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:26:50 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

yui: CVE-2013-6780

Debian Bug report logs - #730104
yui: CVE-2013-6780

Vulmon Search

About

Products

Connect

yui: CVE-2013-6780

Debian Bug report logs - #730104 yui: CVE-2013-6780

Vulmon Search

About

Products

Connect

Debian Bug report logs - #730104
yui: CVE-2013-6780