Your message dated Fri, 14 Sep 2007 13:17:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#442255: fixed in mediawiki1.10 1.10.2-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: mediawiki
Severity: serious
Tags: security
Hi,
a CVE has been issued against mediawiki.
CVE-2007-4828[0]:
Cross-site scripting (XSS) vulnerability in the API
pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0
through 1.9.3, 1.10.0 through 1.10.1, and the 1.11
development versions before 1.11.0 allows remote attackers
to inject arbitrary web script or HTML via unspecified
vectors.
If you fix this bug please include the CVE id in your
changelogs.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4828
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpLt1gM2aRwh.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: mediawiki1.10
Source-Version: 1.10.2-1
We believe that the bug you reported is fixed in the latest version of
mediawiki1.10, which is due to be installed in the Debian FTP archive:
mediawiki1.10-math_1.10.2-1_amd64.deb
to pool/main/m/mediawiki1.10/mediawiki1.10-math_1.10.2-1_amd64.deb
mediawiki1.10_1.10.2-1.diff.gz
to pool/main/m/mediawiki1.10/mediawiki1.10_1.10.2-1.diff.gz
mediawiki1.10_1.10.2-1.dsc
to pool/main/m/mediawiki1.10/mediawiki1.10_1.10.2-1.dsc
mediawiki1.10_1.10.2-1_all.deb
to pool/main/m/mediawiki1.10/mediawiki1.10_1.10.2-1_all.deb
mediawiki1.10_1.10.2.orig.tar.gz
to pool/main/m/mediawiki1.10/mediawiki1.10_1.10.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Romain Beauxis <[EMAIL PROTECTED]> (supplier of updated mediawiki1.10 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 14 Sep 2007 14:54:33 +0200
Source: mediawiki1.10
Binary: mediawiki1.10-math mediawiki1.10
Architecture: source all amd64
Version: 1.10.2-1
Distribution: unstable
Urgency: low
Maintainer: Mediawiki Maintenance Team <[EMAIL PROTECTED]>
Changed-By: Romain Beauxis <[EMAIL PROTECTED]>
Description:
mediawiki1.10 - website engine for collaborative work
mediawiki1.10-math - math rendering plugin for MediaWiki
Closes: 426223 437509 442255
Changes:
mediawiki1.10 (1.10.2-1) unstable; urgency=low
.
* New upstream release
* Fix CVE-2007-4828: XSS in pretty-printing mode (Closes: #442255)
* Updated debconf translations, thanks to translators !
Closes: #437509, #426223
Files:
29373f7a8913d71a82defede765f543e 900 web optional mediawiki1.10_1.10.2-1.dsc
f1a5659624444c7101f258c7d43b03a0 4375272 web optional
mediawiki1.10_1.10.2.orig.tar.gz
6f8bf0d1fd7e212c73e545ce1604ab97 30176 web optional
mediawiki1.10_1.10.2-1.diff.gz
a84f1fedffc8d950d69e1c8dfd590f6e 4400160 web optional
mediawiki1.10_1.10.2-1_all.deb
5f377e82e9ff80db261aa93475d001cf 145464 web optional
mediawiki1.10-math_1.10.2-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG6oXcnuQ3Rt5ZmAARAoE7AKCrNp8CUxA+fE8M7CBYyV+/Ytkz6gCaAoEq
ZcVFGD3tLUx4nanjlXxhGx8=
=ayq+
-----END PGP SIGNATURE-----
--- End Message ---
