[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-debian] Bug#601850: marked as done (monotone: Empty command st
|
From: |
Debian Bug Tracking System |
|
Subject: |
[Monotone-debian] Bug#601850: marked as done (monotone: Empty command string can be used to crash certain server configurations) |
|
Date: |
Mon, 01 Nov 2010 23:33:28 +0000 |
Your message dated Mon, 01 Nov 2010 23:32:12 +0000
with message-id <address@hidden>
and subject line Bug#601850: fixed in monotone 0.48-3
has caused the Debian Bug report #601850,
regarding monotone: Empty command string can be used to crash certain server
configurations
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact address@hidden
immediately.)
--
601850: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601850
Debian Bug Tracking System
Contact address@hidden with problems
--- Begin Message ---
|
Subject: |
monotone: Empty command string can be used to crash certain server configurations |
|
Date: |
Sat, 30 Oct 2010 10:40:15 +0100 |
Package: monotone
Version: 0.48-2
Severity: serious
Tags: upstream
Monotone versions 0.46, 0.47 and 0.48 are affected by a bug whereby a client
sending an empty command string to the server can cause it to terminate if
remote command execution is enabled. This has been fixed in 0.48.1.
Further details exist here:
http://www.thomaskeller.biz/blog/2010/10/22/monotone-0-48-1-released-please-update-your-servers/
--- End Message ---
--- Begin Message ---
|
Subject: |
Bug#601850: fixed in monotone 0.48-3 |
|
Date: |
Mon, 01 Nov 2010 23:32:12 +0000 |
Source: monotone
Source-Version: 0.48-3
We believe that the bug you reported is fixed in the latest version of
monotone, which is due to be installed in the Debian FTP archive:
monotone-doc_0.48-3_all.deb
to main/m/monotone/monotone-doc_0.48-3_all.deb
monotone-server_0.48-3_all.deb
to main/m/monotone/monotone-server_0.48-3_all.deb
monotone_0.48-3.diff.gz
to main/m/monotone/monotone_0.48-3.diff.gz
monotone_0.48-3.dsc
to main/m/monotone/monotone_0.48-3.dsc
monotone_0.48-3_amd64.deb
to main/m/monotone/monotone_0.48-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to address@hidden,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Francis Russell <address@hidden> (supplier of updated monotone package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing address@hidden)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 28 Oct 2010 22:59:20 +0200
Source: monotone
Binary: monotone monotone-server monotone-doc
Architecture: source all amd64
Version: 0.48-3
Distribution: unstable
Urgency: high
Maintainer: Debian Maintainers for Monotone <address@hidden>
Changed-By: Francis Russell <address@hidden>
Description:
monotone - A distributed version (revision) control system
monotone-doc - A distributed version (revision) control system - documentation
monotone-server - A distributed version (revision) control system - server
scripts
Closes: 601700 601850
Changes:
monotone (0.48-3) unstable; urgency=high
.
* Add debian/source/format file as it may become mandatory.
* debian/patches/10-sqlite_3.7.3_empty_blob.diff: new. Backport
upstream fix for change in SQLite empty blob behaviour (closes: #601700).
* debian/patches/20-empty-command.diff: new. Backport upstream security fix
to prevent crashing of servers with remote command execution enabled
(closes: #601850).
Checksums-Sha1:
af1e90ac2454b218e08186779fa36117396a5510 1535 monotone_0.48-3.dsc
014c1d65004929adc431999480a9115a94deff26 34731 monotone_0.48-3.diff.gz
860f9ef55dd657676ad9a3bd4a1afa0f73451556 10942 monotone-server_0.48-3_all.deb
c0b547b629d031836d64d6db93381e978049d093 2520146 monotone-doc_0.48-3_all.deb
0a9ff7860c2af2c947a30691e18ef87d93a80d8a 2124770 monotone_0.48-3_amd64.deb
Checksums-Sha256:
9c3d95fb66f052d022eb531e8beda3b4d3f661f21456794b22c69890d5d0f6c0 1535
monotone_0.48-3.dsc
775afdbab2b7a327051c81319116ed4bd93c378a54e6580527aadc101524597e 34731
monotone_0.48-3.diff.gz
94eca5a8c157d54f40dc787f0dc150833ec04ac50e7d26de7c42701f079b315e 10942
monotone-server_0.48-3_all.deb
f90126b4dbc15e681a8394dc7da0d3a7dd8b1c9cbdcc494b7150491842b5fead 2520146
monotone-doc_0.48-3_all.deb
e25b2b37894609751fdb5b28f7b15737ccd5f616a801c3c4165f4918236910ba 2124770
monotone_0.48-3_amd64.deb
Files:
00fac22bfca72e351023a5d9a5fa31e1 1535 vcs optional monotone_0.48-3.dsc
57b2a841acfbf735ca564338c4732d03 34731 vcs optional monotone_0.48-3.diff.gz
b60792933aaec98e63317b9134a24f09 10942 vcs optional
monotone-server_0.48-3_all.deb
1a3de5f0a0f5a2d51f993542b752a77b 2520146 doc optional
monotone-doc_0.48-3_all.deb
486e8a2ccf2f367975a6d1ea0db802b5 2124770 vcs optional monotone_0.48-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFMz0rcx9kwJZ3/qtQRAkZMAJ0SKCjlsikGR9225YIdrZHm80T/VgCdHfnd
LExQdnCGVXE+wWAKvoKcuV0=
=Eans
-----END PGP SIGNATURE-----
--- End Message ---
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Monotone-debian] Bug#601850: marked as done (monotone: Empty command string can be used to crash certain server configurations),
Debian Bug Tracking System <=