Accepted fex 20100208+debian1-1+squeeze4 (source all) into squeeze-lts

To: debian-lts-changes@lists.debian.org
Subject: Accepted fex 20100208+debian1-1+squeeze4 (source all) into squeeze-lts
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 30 Sep 2014 18:04:01 +0000
Message-id: <[🔎] E1XZ1mL-0004sl-Of@franck.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 30 Sep 2014 19:00:33 +0200
Source: fex
Binary: fex fex-utils
Architecture: source all
Version: 20100208+debian1-1+squeeze4
Distribution: squeeze-lts
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description: 
 fex        - web service for transfering very large files
 fex-utils  - web service for transfering very large files (utils)
Changes: 
 fex (20100208+debian1-1+squeeze4) squeeze-lts; urgency=high
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * [CVE-2014-3875]:
     When inserting encoded newline characters into a request to rup,
     additional HTTP headers can be injected into the reply, as well
     as new HTML code on the top of the website.
   * [CVE-2014-3876]:
     The parameter akey is reflected unfiltered as part of the HTML
     page.  Some characters are forbidden in the GET parameter due
     to filtering of the URL, but this can be circumvented by using
     a POST parameter.
     Nevertheless, this issue is exploitable via the GET parameter
     alone, with some user interaction.
   * [CVE-2014-3877]:
     The parameter addto is reflected only slightly filtered back to
     the user as part of the HTML page. Some characters are forbidden
     in the GET parameter due to filtering of the URL, but this can
     be circumvented by using a POST parameter. Nevertheless, this
     issue is exploitable via the GET parameter alone, with some user
     interaction.
Checksums-Sha1: 
 e3331c0e6a5a8f2a7096f65260f830d681f215c6 1241 fex_20100208+debian1-1+squeeze4.dsc
 fa0489ea9cc2a29eedaa04194b4e1eb938d0bad9 256414 fex_20100208+debian1.orig.tar.gz
 99af2b3863ea8a969fd9af8a00f3f35b3388d4ec 10423 fex_20100208+debian1-1+squeeze4.diff.gz
 2e10566b19499e6d5da2820ddac08f48a416ba4a 145978 fex_20100208+debian1-1+squeeze4_all.deb
 5aada72fe2202113a759929840b0e7bfc3da69bf 27872 fex-utils_20100208+debian1-1+squeeze4_all.deb
Checksums-Sha256: 
 337ae5ca86176abab3d400c39fb9c4627ce341066c04dda9e017ccfda49832ae 1241 fex_20100208+debian1-1+squeeze4.dsc
 75a9037de81fe4de7c55452ea07de167f11d490c8ae585ed57447005ef9eaa8d 256414 fex_20100208+debian1.orig.tar.gz
 001efa13fca83af6f2cd3cc74ea6082cea0ee7f438b63f17e969d1a975b967c7 10423 fex_20100208+debian1-1+squeeze4.diff.gz
 725d7630c95d72b73d27269df03659560bb3996dbf835d43517f9b0e93c67c2d 145978 fex_20100208+debian1-1+squeeze4_all.deb
 50d2a6abd968c77f85386505998adc7d3fe14dbadec53f4e3f47f2c8471db047 27872 fex-utils_20100208+debian1-1+squeeze4_all.deb
Files: 
 aafff9042aa358c5089f31ec09279f70 1241 web optional fex_20100208+debian1-1+squeeze4.dsc
 cdfeb969153025a6df98e22a9dd61e23 256414 web optional fex_20100208+debian1.orig.tar.gz
 906c49f87f8ea7558de5fb3bf887e603 10423 web optional fex_20100208+debian1-1+squeeze4.diff.gz
 158bb95564a01b38701a906f5c48bed9 145978 web optional fex_20100208+debian1-1+squeeze4_all.deb
 fd7c96aeab6cc575b64427e8fafd8225 27872 web optional fex-utils_20100208+debian1-1+squeeze4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlQq7FgACgkQ02K2KlS5mJCOfACeLI/nzFf8mnX1gSPntowo98aH
82EAn1eYJNWWBWrXI5gb2ogwHKbVTu52
=59U2
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted php5 5.3.3-7+squeeze22 (source i386 all) into squeeze-lts
Previous by thread: Accepted php5 5.3.3-7+squeeze22 (source i386 all) into squeeze-lts
Index(es):
- Date
- Thread