Accepted: wml, wml, wml, wml, wml, wml, wml_2.0.11-1ubuntu0.1_amd64_translations.tar.gz, wml_2.0.11-1ubuntu0.1_i386_translations.tar.gz, wml_2.0.11-1ubuntu0.1_ia64_translations.tar.gz, wml_2.0.11-1ubuntu0.1_powerpc_translations.tar.gz, wml_2.0.11-1ubuntu0.1_sparc_translations.tar.gz 2.0.11-1ubuntu0.1 (source, amd64, i386, ia64, powerpc, sparc, raw-translations, raw-translations, raw-translations, raw-translations, raw-translations)
Ubuntu Installer
archive at ubuntu.com
Fri Mar 14 20:55:43 GMT 2008
Accepted:
OK: wml_2.0.11.orig.tar.gz
OK: wml_2.0.11-1ubuntu0.1.diff.gz
OK: wml_2.0.11-1ubuntu0.1.dsc
-> Component: universe Section: web
OK: wml_2.0.11-1ubuntu0.1_amd64.deb
OK: wml_2.0.11-1ubuntu0.1_i386.deb
OK: wml_2.0.11-1ubuntu0.1_ia64.deb
OK: wml_2.0.11-1ubuntu0.1_powerpc.deb
OK: wml_2.0.11-1ubuntu0.1_sparc.deb
OK: wml_2.0.11-1ubuntu0.1_amd64_translations.tar.gz
OK: wml_2.0.11-1ubuntu0.1_i386_translations.tar.gz
OK: wml_2.0.11-1ubuntu0.1_ia64_translations.tar.gz
OK: wml_2.0.11-1ubuntu0.1_powerpc_translations.tar.gz
OK: wml_2.0.11-1ubuntu0.1_sparc_translations.tar.gz
Format: 1.7
Date: Mon, 10 Mar 2008 17:28:13 +0100
Source: wml
Binary: wml
Architecture: amd64_translations amd64 i386_translations i386 ia64_translations ia64 powerpc_translations powerpc source sparc_translations sparc
Version: 2.0.11-1ubuntu0.1
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Emanuele Gentili <emgent at emanuele-gentili.com>
Description:
wml - off-line HTML generation toolkit
Changes:
wml (2.0.11-1ubuntu0.1) feisty-security; urgency=low
.
* debian/control
- updated maintainer field
* SECURITY UPDATE: (LP: #191205)
+ wml_backend/p1_ipp/ipp.src (CVE-2008-0665)
- in Website META Language (WML) 2.0.11 allows local
users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp
temporary file.
+ wlm_backend/p3_eperl/eperl_sys.c wml_contrib/wmg.cgi (CVE-2008-0666)
- Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary
files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by
wml_contrib/wmg.cgi and (2) temporary files used by
wml_backend/p3_eperl/eperl_sys.c.
* References
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0665
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0666
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907
Files:
1cca598c11721934afab76939be0838a 3255 raw-translations - wml_2.0.11-1ubuntu0.1_amd64_translations.tar.gz
b7dd3587c14e47a55880a687810a25af 450032 web optional wml_2.0.11-1ubuntu0.1_amd64.deb
0111914876c2a3518a84a21480f4d61e 3256 raw-translations - wml_2.0.11-1ubuntu0.1_i386_translations.tar.gz
142a4d4ac02ad5933d357a37fada6274 449016 web optional wml_2.0.11-1ubuntu0.1_i386.deb
926cd130b5f26b93d443083a210185d6 3256 raw-translations - wml_2.0.11-1ubuntu0.1_ia64_translations.tar.gz
cf8ea29cda64c52bd5c8cf3f9576fe7f 455624 web optional wml_2.0.11-1ubuntu0.1_ia64.deb
d22d90d13626ea0919737ad2bb2aca7c 3255 raw-translations - wml_2.0.11-1ubuntu0.1_powerpc_translations.tar.gz
fef1f3edb6d6cea2c7f48a33be8e3704 452010 web optional wml_2.0.11-1ubuntu0.1_powerpc.deb
a65073f912e8d372d8c1d90aeec5c3af 727 web optional wml_2.0.11-1ubuntu0.1.dsc
2eeb708d0458a097d6c95df4678bc723 24396 web optional wml_2.0.11-1ubuntu0.1.diff.gz
116ac9b77e346e8495c513c5fde74811 3254 raw-translations - wml_2.0.11-1ubuntu0.1_sparc_translations.tar.gz
c828bdfef6a0236cf3120a14ec8cb4ce 449260 web optional wml_2.0.11-1ubuntu0.1_sparc.deb
Launchpad-Bugs-Fixed: 191205
Original-Maintainer: Luk Claes <luk at debian.org>
More information about the feisty-changes
mailing list