Your message dated Wed, 27 Jun 2007 03:32:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#430691: fixed in hiki 0.8.7-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: hiki
Severity: critical
Tags: security
Justification: causes serious data loss
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear hiki maintainer,
Kazuhiro Nishiyama found a vulnerability in hiki that remote attacker
can delete arbitrary files by Hiki user's privilege, probably www-data
user's one.
Hiki 0.8.0 - 0.8.6 is affected, it means that stable, testing and unstable
pacakges in Debian are affected. Please update hiki package.
For more detail, see http://hikiwiki.org/en/advisory20070624.html
- --
Regards,
Hideki Yamane
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGgT1nIu0hy8THJksRAt0fAKCytE2I88MtbMlCoPV6nsvjo4HViwCeJv1T
/K3M8IjjDMc8fYGfz1hOQXU=
=hNrX
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: hiki
Source-Version: 0.8.7-1
We believe that the bug you reported is fixed in the latest version of
hiki, which is due to be installed in the Debian FTP archive:
hiki_0.8.7-1.diff.gz
to pool/main/h/hiki/hiki_0.8.7-1.diff.gz
hiki_0.8.7-1.dsc
to pool/main/h/hiki/hiki_0.8.7-1.dsc
hiki_0.8.7-1_all.deb
to pool/main/h/hiki/hiki_0.8.7-1_all.deb
hiki_0.8.7.orig.tar.gz
to pool/main/h/hiki/hiki_0.8.7.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Taku YASUI <[EMAIL PROTECTED]> (supplier of updated hiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 27 Jun 2007 11:43:21 +0900
Source: hiki
Binary: hiki
Architecture: source all
Version: 0.8.7-1
Distribution: unstable
Urgency: high
Maintainer: Taku YASUI <[EMAIL PROTECTED]>
Changed-By: Taku YASUI <[EMAIL PROTECTED]>
Description:
hiki - Wiki Engine written in Ruby
Closes: 430691
Changes:
hiki (0.8.7-1) unstable; urgency=high
.
* New upstream release
* [SECURITY] fix unsafe session management
See http://hikiwiki.org/en/advisory20070624.html for more information
(closes: #430691)
Files:
da0bcdbff4659124ade4d9363066d18a 561 web optional hiki_0.8.7-1.dsc
b6bab0bcd092864516c26551849d5744 249661 web optional hiki_0.8.7.orig.tar.gz
e9d2a78dff2bb11ce37444af2ebcb9f3 6095 web optional hiki_0.8.7-1.diff.gz
7bf638546e260cf146cbb192328b8d1a 234090 web optional hiki_0.8.7-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGgdfFFwU5DuZsm7ARAvxOAKCUJ9aQ88umEV9Zq0u4YCEXkj+GZgCfVR21
1v06G5bjlPvYTEqPKYDYmjo=
=tGpy
-----END PGP SIGNATURE-----
--- End Message ---
