Back to lurker PTS page

Accepted lurker 1.2-5sarge1 (source i386)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 10 Mar 2006 17:07:31 +0100
Source: lurker
Binary: lurker
Architecture: source i386
Version: 1.2-5sarge1
Distribution: stable-security
Urgency: high
Maintainer: Jonas Meurer <mejo@debian.org>
Changed-By: Jonas Meurer <mejo@debian.org>
Description: 
 lurker     - Archive tool for mailing lists with search engine
Changes: 
 lurker (1.2-5sarge1) stable-security; urgency=high
 .
   * merge patch from Wesley Terpstra to fix several major security bugs:
     - Lurker's mechanism for specifying configuration files was vulnerable
       to being overridden. As lurker includes sections of unparsed config
       files in its output, an attacker could manipulate lurker into reading
       any file readable by the www-data user. (CVE-2006-1062)
     - It were possible for a remote attacker to create or overwrite files
       in any writable directory that is named "mbox". (CVE-2006-1063)
     - Missing input sanitising allowed an attacker to inject arbitrary
       web script or HTML. (CVE-2006-1064)
   * ship the INSTALL file and a NEWS.Debian file for documenting the necessary
     changes.
   * restart apache{2,-perl,-ssl} if it includes /etc/lurker/apache.conf at
     /etc/apache*/conf.d/lurker
Files: 
 ac6e3c86ae34b5416c0ea6417247d9c0 604 mail optional lurker_1.2-5sarge1.dsc
 393391e4c2489fb1c76c5f7c8e9bb099 273185 mail optional lurker_1.2.orig.tar.gz
 a155c855f422c82b52e9d976c6aa232b 31019 mail optional lurker_1.2-5sarge1.diff.gz
 450251b9af338b820ccb3f1304230dff 510092 mail optional lurker_1.2-5sarge1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEEbOTd6lUs+JfIQIRAvOvAKCZxHp+oPdo6HA0qw5OkdijTllY8ACePsxW
WMXlt0cp1vOMuB/dQNvbHsU=
=7St2
-----END PGP SIGNATURE-----


Accepted:
lurker_1.2-5sarge1.diff.gz
  to pool/main/l/lurker/lurker_1.2-5sarge1.diff.gz
lurker_1.2-5sarge1.dsc
  to pool/main/l/lurker/lurker_1.2-5sarge1.dsc
lurker_1.2-5sarge1_i386.deb
  to pool/main/l/lurker/lurker_1.2-5sarge1_i386.deb