Debian Bug report logs - #626844
pu: package kdenetwork/4:4.4.5-2+squeeze1

version graph

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Modestas Vainius <modax@debian.org>

Date: Sun, 15 May 2011 20:21:01 UTC

Severity: normal

Tags: confirmed, squeeze

Fixed in version 6.0.2

Done: Adam D. Barratt <adam@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, debian-qt-kde@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#626844; Package release.debian.org. (Sun, 15 May 2011 20:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Modestas Vainius <modax@debian.org>:
New Bug report received and forwarded. Copy sent to debian-qt-kde@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>. (Sun, 15 May 2011 20:21:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Modestas Vainius <modax@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: pu: package kdenetwork/4:4.4.5-2+squeeze1
Date: Sun, 15 May 2011 23:17:35 +0300
[Message part 1 (text/plain, inline)]
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Hello,

[ Disclaimer: I've already asked security team about this upload and they told
me to do it via s-p-u ]

This upload would contain a patch that improves fix for CVE-2010-1000.
Change-by-change details are below while full diff is attached.

* Add cve_2010_1000_directory_traversal.diff, note that CVE-2010-1000 was
  already fixed, but this patch performs a better protection against that
  vulnerability.

  http://git.debian.org/?p=pkg-kde/kde-sc/kdenetwork.git;a=commit;h=f18dc

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (110, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
[kdenetwork_4.4.5-2+squeeze1.diff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#626844; Package release.debian.org. (Mon, 16 May 2011 20:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 16 May 2011 20:57:03 GMT) Full text and rfc822 format available.

Message #10 received at 626844@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Modestas Vainius <modax@debian.org>, 626844@bugs.debian.org
Subject: Re: Bug#626844: pu: package kdenetwork/4:4.4.5-2+squeeze1
Date: Mon, 16 May 2011 21:53:12 +0100
tag 626844 + squeeze confirmed
thanks

On Sun, 2011-05-15 at 23:17 +0300, Modestas Vainius wrote:
> This upload would contain a patch that improves fix for CVE-2010-1000.
> Change-by-change details are below while full diff is attached.
> 
> * Add cve_2010_1000_directory_traversal.diff, note that CVE-2010-1000 was
>   already fixed, but this patch performs a better protection against that
>   vulnerability.
> 
>   http://git.debian.org/?p=pkg-kde/kde-sc/kdenetwork.git;a=commit;h=f18dc

With s/UNRELEASED/stable/ in the changelog, please go ahead.

Regards,

Adam





Added tag(s) squeeze and confirmed. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Mon, 16 May 2011 20:57:04 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Tue, 31 May 2011 20:27:03 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 6.0.2, send any further explanations to Modestas Vainius <modax@debian.org> Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sun, 26 Jun 2011 15:03:24 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jul 2011 07:37:40 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 13:35:19 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.