-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 14 Oct 2008 12:12:35 +0200 Source: bugzilla Binary: bugzilla3 bugzilla3-doc Architecture: source all Version: 3.0.4.1-2+lenny1 Distribution: testing-security Urgency: high Maintainer: Raphael Bossek <bossekr@debian.org> Changed-By: Nico Golde <nion@debian.org> Description: bugzilla3 - web-based bug tracking system bugzilla3-doc - comprehensive guide to Bugzilla Closes: 502019 Changes: bugzilla (3.0.4.1-2+lenny1) testing-security; urgency=high . * Non-maintainer upload by the Security Team. * Add upstream patch to 32_importxml.sh to filter out all leading path data from the filename passed to importxml.pl to prevent directory traversal attacks (CVE-2008-4437; Closes: #502019). Checksums-Sha1: 57d85be14428b406168e285208a2d425fe146c97 1242 bugzilla_3.0.4.1-2+lenny1.dsc ad2470db964ed713b0f286db5ddcba3331cbc0ad 3954446 bugzilla_3.0.4.1.orig.tar.gz bdcd26f16bd52b7ba3dd95670b2ddc0c4b5ae14b 68617 bugzilla_3.0.4.1-2+lenny1.diff.gz 63006eded1f6ce0f60f901f4ca69c1a6cc9aabf3 2159336 bugzilla3_3.0.4.1-2+lenny1_all.deb 240391e59ffc218c0a50e927657ac351610d59c8 759746 bugzilla3-doc_3.0.4.1-2+lenny1_all.deb Checksums-Sha256: 2eb13c4b7f4a27ae456be68116db6f860020f718ae7654e094898ba4908dcb6d 1242 bugzilla_3.0.4.1-2+lenny1.dsc 373277aa535424e7aef9e15f93047965ddc965e15a55e9301f8ed2abbe075286 3954446 bugzilla_3.0.4.1.orig.tar.gz 18c1147f0e3638e18a4cc29eba7e1a56444cb9cf2c556e4281ffd381b3baac18 68617 bugzilla_3.0.4.1-2+lenny1.diff.gz b51c37ecf0f1adbcbb054840c50f53044605f925be439454767b6053cc9d9764 2159336 bugzilla3_3.0.4.1-2+lenny1_all.deb c22a930424a0a45ce62a39c0eabc312bc4449470d2ee4bf954b00163777a6517 759746 bugzilla3-doc_3.0.4.1-2+lenny1_all.deb Files: 1e05b4a22f8b9fefb1fa4f5f85bd2a23 1242 web optional bugzilla_3.0.4.1-2+lenny1.dsc a5059f2d816d9675f7029146c2153a7a 3954446 web optional bugzilla_3.0.4.1.orig.tar.gz 7a3cb55337b5559e9d88a08d60684ada 68617 web optional bugzilla_3.0.4.1-2+lenny1.diff.gz 79c384041f6615a52dd6504c16e3b2b6 2159336 web optional bugzilla3_3.0.4.1-2+lenny1_all.deb f152d2159ba9542ce6154694ca6f97bf 759746 doc optional bugzilla3-doc_3.0.4.1-2+lenny1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkj0c1MACgkQHYflSXNkfP+eiwCfaOQGzMnDbSiUfb49BOaJVrUj K2cAnAvYiRXcPTqF6GhpBP9lmDgNz+m9 =YaGI -----END PGP SIGNATURE----- Accepted: bugzilla3-doc_3.0.4.1-2+lenny1_all.deb to pool/main/b/bugzilla/bugzilla3-doc_3.0.4.1-2+lenny1_all.deb bugzilla3_3.0.4.1-2+lenny1_all.deb to pool/main/b/bugzilla/bugzilla3_3.0.4.1-2+lenny1_all.deb bugzilla_3.0.4.1-2+lenny1.diff.gz to pool/main/b/bugzilla/bugzilla_3.0.4.1-2+lenny1.diff.gz bugzilla_3.0.4.1-2+lenny1.dsc to pool/main/b/bugzilla/bugzilla_3.0.4.1-2+lenny1.dsc