Debian Bug report logs - #400718
CVE-2006-5925: Links "smb" Protocol File Upload/Download Vulnerability

version graph

Package: links2; Maintainer for links2 is Axel Beckert <abe@debian.org>; Source for links2 is src:links2.

Reported by: Mikko Rapeli <mikko.rapeli@iki.fi>

Date: Tue, 28 Nov 2006 08:48:26 UTC

Severity: grave

Tags: sarge, security

Fixed in version 2.1pre26-1

Done: Jiggly Puff <jigglypuff@spambob.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Gürkan Sengün <gurkan@linuks.mine.nu>:
Bug#400718; Package links2. Full text and rfc822 format available.

Acknowledgement sent to Mikko Rapeli <mikko.rapeli@iki.fi>:
New Bug report received and forwarded. Copy sent to Gürkan Sengün <gurkan@linuks.mine.nu>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Mikko Rapeli <mikko.rapeli@iki.fi>
To: submit@bugs.debian.org
Subject: CVE-2006-5925: Links "smb" Protocol File Upload/Download Vulnerability
Date: Tue, 28 Nov 2006 10:24:10 +0200
[Message part 1 (text/plain, inline)]
package: links2
severity: grave
tags: security

See bugs #399187 and #399188 for discussion. Patches in links and elinks 
converge towards removal of smb support. Attached patch is for sarge.

-Mikko
[links2_sarge_disable_smb_01.txt (text/plain, attachment)]

Tags added: sarge Request was from Gurkan Sengun <gurkan@linuks.mine.nu> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Jiggly Puff <jigglypuff@spambob.com>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Mikko Rapeli <mikko.rapeli@iki.fi>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #12 received at 400718-done@bugs.debian.org (full text, mbox):

From: Jiggly Puff <jigglypuff@spambob.com>
To: 400718-done@bugs.debian.org
Subject: DSA says this bug is fixed.
Date: Thu, 15 Feb 2007 22:48:25 -0800
Version: 2.1pre26-1

I'm sorry if I'm stepping on anybody's toes, but this reeks of
unnoticed loose end. This bug is still identified as grave, and is
counted as release critical in etch. However, a debian security
advisory says that this bug has been fixed several versions ago, so I'm
closing it. I'm sorry if that isn't the right thing to do, and feel
free to re-open it if necessary.

Here is a link to the security advisory:
http://www.debian.org/security/2006/dsa-1240



Information forwarded to debian-bugs-dist@lists.debian.org, Gürkan Sengün <gurkan@linuks.mine.nu>:
Bug#400718; Package links2. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Gürkan Sengün <gurkan@linuks.mine.nu>. Full text and rfc822 format available.

Message #17 received at 400718@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Jiggly Puff <jigglypuff@spambob.com>
Cc: 400718@bugs.debian.org
Subject: Re: DSA says this bug is fixed.
Date: Fri, 16 Feb 2007 00:03:36 -0800
On Thu, Feb 15, 2007 at 10:48:25PM -0800, Jiggly Puff wrote:

> I'm sorry if I'm stepping on anybody's toes, but this reeks of
> unnoticed loose end. This bug is still identified as grave, and is
> counted as release critical in etch.

It isn't counted as release-critical in etch because it's tagged 'sarge',
but it doesn't hurt to document it as closed in that etch version either.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/



Information forwarded to debian-bugs-dist@lists.debian.org, Gürkan Sengün <gurkan@linuks.mine.nu>:
Bug#400718; Package links2. Full text and rfc822 format available.

Acknowledgement sent to Jiggly Puff <jigglypuff@spambob.com>:
Extra info received and forwarded to list. Copy sent to Gürkan Sengün <gurkan@linuks.mine.nu>. Full text and rfc822 format available.

Message #22 received at 400718@bugs.debian.org (full text, mbox):

From: Jiggly Puff <jigglypuff@spambob.com>
To: 400718@bugs.debian.org
Subject: You're right.
Date: Fri, 16 Feb 2007 12:27:51 -0800
You're right. It is tagged as sarge. I hadn't noticed that. For some
reason, though, that tag had not propogated to the list of release
critical bugs: http://bugs.debian.org/release-critical/all.html



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 19:00:18 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 02:37:51 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.