Debian
 » 
debian-bugs-rc

Bug#526258: CVE-2009-1339: CSRF Vulnerability with Image Tag

View: New views
2 Messages — Rating Filter:   Alert me  

Bug#526258: CVE-2009-1339: CSRF Vulnerability with Image Tag

by Olivier Berger :: Rate this Message:

Reply (Restricted by the Administrator) | View Threaded | Show Only this Message

Package: twiki
Version: 1:4.0.5-9.1etch1
Severity: grave
Tags: security
Justification: user security hole

FYI, Twiki in oldstable is affected by a security vulnerability : http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339

AFAIK, there's no patch available for old versions.

Best regards,


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-proposed-updates')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages twiki depends on:
ii  apache2.2-common             2.2.11-3    Apache HTTP Server common files
ii  debconf [debconf-2.0]        1.5.26      Debian configuration management sy
pn  libalgorithm-diff-perl       <none>      (no description available)
ii  libcgi-session-perl          4.41-1      persistent session data in CGI app
ii  libdigest-sha1-perl          2.11-2+b1   NIST SHA-1 message digest algorith
ii  liberror-perl                0.17-1      Perl module for error/exception ha
ii  libhtml-parser-perl          3.60-1      collection of modules that parse H
pn  liblocale-maketext-lexicon-p <none>      (no description available)
pn  libtext-diff-perl            <none>      (no description available)
ii  liburi-perl                  1.37+dfsg-1 Manipulates and accesses URI strin
ii  perl [libmime-base64-perl]   5.10.0-19   Larry Wall's Practical Extraction
ii  perl-modules [libnet-perl]   5.10.0-19   Core Perl modules
ii  rcs                          5.7-24      The GNU Revision Control System

twiki recommends no packages.

Versions of packages twiki suggests:
pn  libunicode-maputf8-perl       <none>     (no description available)



--
To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...


Bug#526258: marked as done (CVE-2009-1339: CSRF Vulnerability with Image Tag)

by Debian Bug Tracking System :: Rate this Message:

Reply (Restricted by the Administrator) | View Threaded | Show Only this Message

Your message dated Sun, 06 Dec 2009 10:50:11 +0000
with message-id <1260096611.869333.3408.nullmailer@...>
and subject line Package twiki has been removed from Debian
has caused the Debian Bug report #526258,
regarding CVE-2009-1339: CSRF Vulnerability with Image Tag
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@...
immediately.)


--
526258: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526258
Debian Bug Tracking System
Contact owner@... with problems

Package: twiki
Version: 1:4.0.5-9.1etch1
Severity: grave
Tags: security
Justification: user security hole

FYI, Twiki in oldstable is affected by a security vulnerability : http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339

AFAIK, there's no patch available for old versions.

Best regards,


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-proposed-updates')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages twiki depends on:
ii  apache2.2-common             2.2.11-3    Apache HTTP Server common files
ii  debconf [debconf-2.0]        1.5.26      Debian configuration management sy
pn  libalgorithm-diff-perl       <none>      (no description available)
ii  libcgi-session-perl          4.41-1      persistent session data in CGI app
ii  libdigest-sha1-perl          2.11-2+b1   NIST SHA-1 message digest algorith
ii  liberror-perl                0.17-1      Perl module for error/exception ha
ii  libhtml-parser-perl          3.60-1      collection of modules that parse H
pn  liblocale-maketext-lexicon-p <none>      (no description available)
pn  libtext-diff-perl            <none>      (no description available)
ii  liburi-perl                  1.37+dfsg-1 Manipulates and accesses URI strin
ii  perl [libmime-base64-perl]   5.10.0-19   Larry Wall's Practical Extraction
ii  perl-modules [libnet-perl]   5.10.0-19   Core Perl modules
ii  rcs                          5.7-24      The GNU Revision Control System

twiki recommends no packages.

Versions of packages twiki suggests:
pn  libunicode-maputf8-perl       <none>     (no description available)



Version: 1:4.1.2-5+rm

You filled the bug http://bugs.debian.org/526258 in Debian BTS
against the package twiki. I'm closing it at *unstable*, but it will
remain open for older distributions.

For more information about this package's removal, read
http://bugs.debian.org/559353. That bug might give the reasons why
this package was removed and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues

Free embeddable forum powered by Nabble Forum Help