Debian Bug report logs - #318633
Multiple security problems (CAN-2004-2162 and CAN-2004-2161)

version graph

Package: tutos; Maintainer for tutos is (unknown);

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Sat, 16 Jul 2005 17:18:23 UTC

Severity: grave

Tags: fixed, patch, security

Fixed in version 1.1.20031017-2.1

Done: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Dimitri Fontaine <dfontaine@cvf.fr>:
Bug#318633; Package tutos. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Dimitri Fontaine <dfontaine@cvf.fr>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: tutos: Multiple security problems (CAN-2005-2162 and CAN-2005-2161)
Date: Sat, 16 Jul 2005 19:09:58 +0200
Package: tutos
Severity: grave
Tags: security
Justification: user security hole

Multiple security problems have been reported on TUTOS, including SQL
injection and cross-site-scripting. Please see
http://www.securityfocus.com/archive/1/375757
for details. All issues seem to be fixed in current CVS.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Information forwarded to debian-bugs-dist@lists.debian.org, Dimitri Fontaine <dfontaine@cvf.fr>:
Bug#318633; Package tutos. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Dimitri Fontaine <dfontaine@cvf.fr>. Full text and rfc822 format available.

Message #10 received at 318633@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 318633@bugs.debian.org
Subject: Wrong CVE Ids
Date: Mon, 18 Jul 2005 08:41:50 +0200
Doh! This should be CAN-2004-2161 and CAN-2004-2162, not -2005-

Cheers,
        Moritz



Changed Bug title. Request was from Joey Hess <joeyh@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Dimitri Fontaine <dfontaine@cvf.fr>:
Bug#318633; Package tutos. Full text and rfc822 format available.

Acknowledgement sent to Neil McGovern <neilm@debian.org>:
Extra info received and forwarded to list. Copy sent to Dimitri Fontaine <dfontaine@cvf.fr>. Full text and rfc822 format available.

Message #17 received at 318633@bugs.debian.org (full text, mbox):

From: Neil McGovern <neilm@debian.org>
To: 318633@bugs.debian.org
Subject: Fix in new upstream
Date: Wed, 10 Aug 2005 18:04:15 +0100
[Message part 1 (text/plain, inline)]
Hi there,

This is now fixed in the new upstream version (1.2.20050306)
Could you please package this version?

If it's not been done with a week, I'll prepare an NMU.

Cheers,
Neil McGovern
-- 
   __   
 .Ž  `. neilm@debian.org
 : :' ! ----------------
 `. `Ž  gpg: B345BDD3
   `-   Please don't cc, I'm subscribed to the list
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Dimitri Fontaine <dfontaine@cvf.fr>:
Bug#318633; Package tutos. Full text and rfc822 format available.

Acknowledgement sent to Neil McGovern <neilm@debian.org>:
Extra info received and forwarded to list. Copy sent to Dimitri Fontaine <dfontaine@cvf.fr>.

Your message did not contain a Subject field. They are recommended and useful because the title of a Bug is determined using this field. Please remember to include a Subject field in your messages in future.

Full text and rfc822 format available.


Message #22 received at 318633@bugs.debian.org (full text, mbox):

From: Neil McGovern <neilm@debian.org>
To: 318633@bugs.debian.org
Date: Fri, 19 Aug 2005 10:42:39 +0100
[Message part 1 (text/plain, inline)]
Patch included
-- 
   __   
 .Ž  `. neilm@debian.org
 : :' ! ----------------
 `. `Ž  gpg: B345BDD3
   `-   Please don't cc, I'm subscribed to the list
[tutos.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Tags added: patch Request was from Neil McGovern <neilm@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: fixed Request was from Neil McGovern <neilm@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Dimitri Fontaine <dfontaine@cvf.fr>:
Bug#318633; Package tutos. Full text and rfc822 format available.

Acknowledgement sent to Neil McGovern <maulkin@halon.org.uk>:
Extra info received and forwarded to list. Copy sent to Dimitri Fontaine <dfontaine@cvf.fr>. Full text and rfc822 format available.

Message #31 received at 318633@bugs.debian.org (full text, mbox):

From: Neil McGovern <maulkin@halon.org.uk>
To: 318633@bugs.debian.org
Subject: Additional patch
Date: Sun, 12 Feb 2006 21:20:07 +0000
[Message part 1 (text/plain, inline)]
Please find attached a second patch to fix B1 of the issue.

Neil
-- 
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3
[tutos.2.patch (text/plain, attachment)]

Tags added: fixed Request was from Neil McGovern <neilm@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: fixed Request was from Neil McGovern <neilm@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 1.1.20031017-2.1, send any further explanations to Moritz Muehlenhoff <jmm@inutil.org> Request was from "Adam D. Barratt" <debian-bts@adam-barratt.org.uk> to control@bugs.debian.org. Full text and rfc822 format available.

Message sent on to Moritz Muehlenhoff <jmm@inutil.org>:
Bug#318633. Full text and rfc822 format available.

Message #40 received at 318633-submitter@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>
To: 215928-submitter@bugs.debian.org, 310191-submitter@bugs.debian.org, 310311-submitter@bugs.debian.org, 310903-submitter@bugs.debian.org, 311203-submitter@bugs.debian.org, 311488-submitter@bugs.debian.org, 311615-submitter@bugs.debian.org, 313457-submitter@bugs.debian.org, 315648-submitter@bugs.debian.org, 316180-submitter@bugs.debian.org, 316629-submitter@bugs.debian.org, 325111-submitter@bugs.debian.org, 331790-submitter@bugs.debian.org, 316657-submitter@bugs.debian.org, 316664-submitter@bugs.debian.org, 317196-submitter@bugs.debian.org, 317219-submitter@bugs.debian.org, 317229-submitter@bugs.debian.org, 318123-submitter@bugs.debian.org, 337467-submitter@bugs.debian.org, 347050-submitter@bugs.debian.org, 318150-submitter@bugs.debian.org, 318176-submitter@bugs.debian.org, 318291-submitter@bugs.debian.org, 321057-submitter@bugs.debian.org, 349191-submitter@bugs.debian.org, 318540-submitter@bugs.debian.org, 318559-submitter@bugs.debian.org, 318569-submitter@bugs.debian.org, 370196-submitter@bugs.debian.org, 318591-submitter@bugs.debian.org, 318633-submitter@bugs.debian.org, 318675-submitter@bugs.debian.org, 318827-submitter@bugs.debian.org, 318998-submitter@bugs.debian.org, 319073-submitter@bugs.debian.org, 319206-submitter@bugs.debian.org, 319432-submitter@bugs.debian.org, 319490-submitter@bugs.debian.org, 319666-submitter@bugs.debian.org, 331870-submitter@bugs.debian.org, 360450-submitter@bugs.debian.org, 319672-submitter@bugs.debian.org, 319811-submitter@bugs.debian.org, 319985-submitter@bugs.debian.org, 334834-submitter@bugs.debian.org, 362436-submitter@bugs.debian.org
Subject: Bugs fixed in NMU, documenting versions
Date: Sun, 22 Oct 2006 19:47:32 +0100
# Hi,
#
# These bugs were fixed in an NMU, but have not been acknowledged by the
# maintainers.  With version tracking in the Debian BTS, it is important
# to know which version of a package fixes each bug so that they can be
# tracked for release status, so I'm closing these bugs with the
#relevant version information now

close 215928 0.4-9.3
close 310191 0.4-9.3
close 310311 0.15.1b-2.1
close 310903 1.99.11-1.2
close 311203 0.28-1.1
close 311488 0.5.2-2.1
close 311615 1:0.7.1-1.1
close 313457 0.3.1-6.1
close 315648 0.50.0-1.2
close 316180 0.41-23.1
close 316629 1.0-8.1
close 325111 1.0-8.1
close 331790 1.0-8.1
close 316657 0.6-2.1
close 316664 9.4.2-2.3
close 317196 0.3.0+beta4-1.1
close 317219 7.8-1.1
close 317229 2.2.1-2.1
close 318123 1:5.13-2.2
close 337467 1:5.13-2.2
close 347050 1:5.13-2.2
close 318150 2.2.14-1.2
close 318176 6:6.2.4.5-0.1
close 318291 1.3.0-1.1
close 321057 1.3.0-1.1
close 349191 1.3.0-1.1
close 318540 0.8-5.1
close 318559 1.3.3-2.1
close 318569 1.2.3-2.1
close 370196 1.2.3-2.1
close 318591 0.4.5+cvs20030824-1.3
close 318633 1.1.20031017-2.1
close 318675 1.2.13-1.2
close 318827 3.8.3-4.2
close 318998 0.2.7.0-1.1
close 319073 0.3.1-2.1
close 319206 0.97.20031122-5.1
close 319432 1.0-8.1
close 319490 0.9.6-0.13
close 319666 0.02-5.1
close 331870 0.02-5.1
close 360450 0.02-5.1
close 319672 0.60-3
close 319811 1.6.0.1
close 319985 2.2.9.dfsg-1.1
close 334834 2.2.9.dfsg-1.1
close 362436 2.2.9.dfsg-1.1




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 17 Jun 2007 23:49:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 20:30:53 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.