Your message dated Thu, 10 Apr 2008 21:32:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#475445: fixed in ikiwiki 2.42
has caused the Debian Bug report #475445,
regarding Cross Site Request Forging vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
475445: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: ikiwiki
Severity: serious
CSRF attacks can be used to construct links that change a logged-in
user's password or other preferences. Links can also be constructed
that cause a logged-in user to modify a wiki page.
--
see shy jo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: ikiwiki
Source-Version: 2.42
We believe that the bug you reported is fixed in the latest version of
ikiwiki, which is due to be installed in the Debian FTP archive:
ikiwiki_2.42.dsc
to pool/main/i/ikiwiki/ikiwiki_2.42.dsc
ikiwiki_2.42.tar.gz
to pool/main/i/ikiwiki/ikiwiki_2.42.tar.gz
ikiwiki_2.42_all.deb
to pool/main/i/ikiwiki/ikiwiki_2.42_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joey Hess <[EMAIL PROTECTED]> (supplier of updated ikiwiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 03 Apr 2008 02:35:39 -0400
Source: ikiwiki
Binary: ikiwiki
Architecture: source all
Version: 2.42
Distribution: unstable
Urgency: high
Maintainer: Joey Hess <[EMAIL PROTECTED]>
Changed-By: Joey Hess <[EMAIL PROTECTED]>
Description:
ikiwiki - a wiki compiler
Closes: 475445
Changes:
ikiwiki (2.42) unstable; urgency=high
.
* aggregate: Correct a mistake in the code that dummy up a guid for feeds
lacking one.
* inline: Correct handling of urls relative to baseurl in feeds.
* Fix CSRF attacks against the preferences and edit forms. The fix involved
embedding the session id in the forms, and not allowing the forms to be
submitted if the embedded id does not match the session id. Closes: #475445
Files:
36eb80d0053218c923b6192f4cac3606 865 web optional ikiwiki_2.42.dsc
036620a1781bd04d2e2fa6245fbc214b 694550 web optional ikiwiki_2.42.tar.gz
bbf1cd705e69fa3832b7684ca6c9be8b 829166 web optional ikiwiki_2.42_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH/oV32tp5zXiKP0wRAgmoAJ0SCvYAIWARtMQqqXGg/hqzn966kwCghs6n
y/YJtFU3YCklG/6cZVvV09s=
=vco0
-----END PGP SIGNATURE-----
--- End Message ---
