Bug#435439: marked as done (CVE-2007-4100: mldonkey IP blocklist bypass vulnerability)
Your message dated Sat, 11 Aug 2007 21:17:04 +0000
with message-id <E1IJyKW-00039u-CM@ries.debian.org>
and subject line Bug#435439: fixed in mldonkey 2.9.0-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: CVE-2007-4100: mldonkey IP blocklist bypass vulnerability
- From: Stefan Fritsch <sf@sfritsch.de>
- Date: Tue, 31 Jul 2007 20:52:30 +0200
- Message-id: <20070731185230.3770.78176.reportbug@k.lan>
Package: mldonkey-server
Version: 2.8.1-2
Severity: important
Tags: security
A vulnerability has been fixed in mldonkey 2.9.0:
"MLDonkey before 2.9.0 does not load certain code from
$MLDONKEY/web_infos/ before the network modules become active, which
allows remote attackers to bypass the IP blocklist."
Please mention the CVE id in the changelog.
--- End Message ---
--- Begin Message ---
Source: mldonkey
Source-Version: 2.9.0-1
We believe that the bug you reported is fixed in the latest version of
mldonkey, which is due to be installed in the Debian FTP archive:
mldonkey-gui_2.9.0-1_i386.deb
to pool/main/m/mldonkey/mldonkey-gui_2.9.0-1_i386.deb
mldonkey-server_2.9.0-1_i386.deb
to pool/main/m/mldonkey/mldonkey-server_2.9.0-1_i386.deb
mldonkey_2.9.0-1.diff.gz
to pool/main/m/mldonkey/mldonkey_2.9.0-1.diff.gz
mldonkey_2.9.0-1.dsc
to pool/main/m/mldonkey/mldonkey_2.9.0-1.dsc
mldonkey_2.9.0.orig.tar.gz
to pool/main/m/mldonkey/mldonkey_2.9.0.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 435439@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Samuel Mimram <smimram@debian.org> (supplier of updated mldonkey package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 11 Aug 2007 22:36:02 +0200
Source: mldonkey
Binary: mldonkey-gui mldonkey-server
Architecture: source i386
Version: 2.9.0-1
Distribution: unstable
Urgency: low
Maintainer: Debian OCaml Maintainers <debian-ocaml-maint@lists.debian.org>
Changed-By: Samuel Mimram <smimram@debian.org>
Description:
mldonkey-gui - Graphical frontend for mldonkey based on GTK
mldonkey-server - Door to the 'donkey' network
Closes: 435439 437308
Changes:
mldonkey (2.9.0-1) unstable; urgency=low
.
[ Samuel Mimram ]
* New upstream release.
* Fixes CVE-2007-4100, closes: #435439.
* Updated Catalan debconf translation, closes: #437308.
.
[ Sylvain Le Gall ]
* Use DTD from docbook-xml package and not from docbook package.
* Format text of debian/changelog to 80 columns.
* Move refentry.xml to refentryinfo.xml.
Files:
e4f6ef73aafb73c9d378b259e1876ad8 1186 net optional mldonkey_2.9.0-1.dsc
5f6fc960dac6e31a5590e0f74291ffa5 3278974 net optional mldonkey_2.9.0.orig.tar.gz
19b9c516fb665858ec9e4607104a675b 122148 net optional mldonkey_2.9.0-1.diff.gz
00b6d259346c4a6ad16057a2d56ee0ad 2489396 net optional mldonkey-server_2.9.0-1_i386.deb
499e2857bf9a75dbe707151424d81c27 3576504 net optional mldonkey-gui_2.9.0-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGviU5Iae1O4AJae8RAsOYAJwKhTWRzleX+z4bwla9IRydW6RFmwCeMvlW
t2v3X2mrc+oJeuLLRQ6F1e8=
=99Tl
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: