Debian Bug report logs - #597224
pixelpost: multiple vulnerabilities

version graph

Package: pixelpost; Maintainer for pixelpost is (unknown);

Reported by: Raphael Geissert <geissert@debian.org>

Date: Fri, 17 Sep 2010 18:57:05 UTC

Severity: grave

Tags: security

Found in version pixelpost/1.7.1-5

Fixed in version 1.7.1-6+rm

Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Xavier Luthi <xavier@caroxav.be>:
Bug#597224; Package pixelpost. (Fri, 17 Sep 2010 18:57:08 GMT) (full text, mbox, link).


Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <geissert@debian.org>
To: submit@bugs.debian.org
Subject: pixelpost: multiple vulnerabilities
Date: Fri, 17 Sep 2010 13:56:07 -0500
Package: pixelpost
Version: 1.7.1-5
Severity: grave
Tags: security

Hi,

Multiple vulnerabilities have been reported against pixelpost.
Full details can be found by following this thread:
http://marc.info/?t=128470282500002&r=1&w=2

CVE-wise they are:

CSRF: CVE-2010-3305

SQL injection fixed in 1.7.3: CVE-2009-4899

XSS fixed in 1.7.3: CVE-2009-4900

But there are a few more that I just reported.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net




Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Sun, 16 Jan 2011 15:18:16 GMT) (full text, mbox, link).


Notification sent to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer. (Sun, 16 Jan 2011 15:18:16 GMT) (full text, mbox, link).


Message #8 received at 597224-done@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 581923-done@bugs.debian.org,597224-done@bugs.debian.org,605619-done@bugs.debian.org,
Cc: pixelpost@packages.debian.org, pixelpost@packages.qa.debian.org
Subject: Bug#610157: Removed package(s) from unstable
Date: Sun, 16 Jan 2011 15:17:47 +0000
Version: 1.7.1-6+rm

Dear submitter,

as the package pixelpost has just been removed from the Debian archive
unstable we hereby close the assiciated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see http://bugs.debian.org/610157

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 14 Feb 2011 07:31:19 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 00:34:34 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.