Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Sven Dowideit <svenud@ozemail.com.au>: Bug#526258; Package twiki.
(Thu, 30 Apr 2009 07:48:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Olivier Berger <olivier.berger@it-sudparis.eu>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Sven Dowideit <svenud@ozemail.com.au>.
(Thu, 30 Apr 2009 07:48:04 GMT) (full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2009-1339: CSRF Vulnerability with Image Tag
Date: Thu, 30 Apr 2009 09:46:34 +0200
Package: twiki
Version: 1:4.0.5-9.1etch1
Severity: grave
Tags: security
Justification: user security hole
FYI, Twiki in oldstable is affected by a security vulnerability : http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339
AFAIK, there's no patch available for old versions.
Best regards,
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-proposed-updates')
Architecture: i386 (i686)
Kernel: Linux 2.6.29-1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages twiki depends on:
ii apache2.2-common 2.2.11-3 Apache HTTP Server common files
ii debconf [debconf-2.0] 1.5.26 Debian configuration management sy
pn libalgorithm-diff-perl <none> (no description available)
ii libcgi-session-perl 4.41-1 persistent session data in CGI app
ii libdigest-sha1-perl 2.11-2+b1 NIST SHA-1 message digest algorith
ii liberror-perl 0.17-1 Perl module for error/exception ha
ii libhtml-parser-perl 3.60-1 collection of modules that parse H
pn liblocale-maketext-lexicon-p <none> (no description available)
pn libtext-diff-perl <none> (no description available)
ii liburi-perl 1.37+dfsg-1 Manipulates and accesses URI strin
ii perl [libmime-base64-perl] 5.10.0-19 Larry Wall's Practical Extraction
ii perl-modules [libnet-perl] 5.10.0-19 Core Perl modules
ii rcs 5.7-24 The GNU Revision Control System
twiki recommends no packages.
Versions of packages twiki suggests:
pn libunicode-maputf8-perl <none> (no description available)
Reply sent
to Marco Rodrigues <gothicx@sapo.pt>:
You have taken responsibility.
(Sun, 06 Dec 2009 11:00:52 GMT) (full text, mbox, link).
Notification sent
to Olivier Berger <olivier.berger@it-sudparis.eu>:
Bug acknowledged by developer.
(Sun, 06 Dec 2009 11:00:52 GMT) (full text, mbox, link).
Subject: Package twiki has been removed from Debian
Date: Sun, 06 Dec 2009 10:50:11 +0000
Version: 1:4.1.2-5+rm
You filled the bug http://bugs.debian.org/526258 in Debian BTS
against the package twiki. I'm closing it at *unstable*, but it will
remain open for older distributions.
For more information about this package's removal, read
http://bugs.debian.org/559353. That bug might give the reasons why
this package was removed and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
--
Marco Rodrigues
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 04 Jan 2010 07:44:53 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.