Your message dated Sat, 08 Nov 2008 10:02:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504682: fixed in dokuwiki 0.0.20080505-3.1
has caused the Debian Bug report #504682,
regarding SA32559: GeSHi Unspecified Code Execution Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
504682: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504682
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: dokuwiki
Severity: grave
Version: 0.0.20061106-6
Tags: security
Hi,
The following SA (Secunia Advisory) id was published for GeSHi, which affects
the embedded copy in dokuwiki[0].
SA32559[1]:
> A vulnerability has been reported in GeSHI, which can potentially be
> exploited by malicious people to compromise a vulnerable system.
>
> The vulnerability is caused due to an unspecified error, which may allow
> execution of arbitrary code on an affected system.
>
> The vulnerability is reported in versions prior to 1.0.8.1.
It would be great if dokuwiki just depended on php-geshi (also available in
etch) and the include/require calls changed to use the copy provided by that
package, to avoid shipping yet another embedded code copy.
If you fix the vulnerability please also make sure to include the SA id in the
changelog entry.
[0]usr/share/dokuwiki/inc/geshi.php
[1]http://secunia.com/Advisories/32559/
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: dokuwiki
Source-Version: 0.0.20080505-3.1
We believe that the bug you reported is fixed in the latest version of
dokuwiki, which is due to be installed in the Debian FTP archive:
dokuwiki_0.0.20080505-3.1.diff.gz
to pool/main/d/dokuwiki/dokuwiki_0.0.20080505-3.1.diff.gz
dokuwiki_0.0.20080505-3.1.dsc
to pool/main/d/dokuwiki/dokuwiki_0.0.20080505-3.1.dsc
dokuwiki_0.0.20080505-3.1_all.deb
to pool/main/d/dokuwiki/dokuwiki_0.0.20080505-3.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[EMAIL PROTECTED]> (supplier of updated dokuwiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 08 Nov 2008 09:48:34 +0100
Source: dokuwiki
Binary: dokuwiki
Architecture: source all
Version: 0.0.20080505-3.1
Distribution: unstable
Urgency: high
Maintainer: Mohammed Adnène Trojette <[EMAIL PROTECTED]>
Changed-By: Giuseppe Iuculano <[EMAIL PROTECTED]>
Description:
dokuwiki - standards compliant simple to use wiki
Closes: 504682
Changes:
dokuwiki (0.0.20080505-3.1) unstable; urgency=high
.
* Non-maintainer upload.
* Depends on php-geshi instead of using the embedded copy shipped with
dokuwiki (SA32559) (Closes: #504682)
Checksums-Sha1:
c50999122d67ac3bcf3e39236ca6045fd0e2e42d 1083 dokuwiki_0.0.20080505-3.1.dsc
6e9d9adce50c8ad10317ac1d2a7117daf2e073a0 32957
dokuwiki_0.0.20080505-3.1.diff.gz
fd2bf79c3c31fc74a41d2da2762b21e64a68a504 1478734
dokuwiki_0.0.20080505-3.1_all.deb
Checksums-Sha256:
1fb706896b26ab5b48038e0b450410b50ad4f47ccae9441b90ea0b1ba9b0c6d3 1083
dokuwiki_0.0.20080505-3.1.dsc
bc96151e2cf94615f0b3a9e4c7ca0df7b6089d71e382b44f54a792ccb750b1e3 32957
dokuwiki_0.0.20080505-3.1.diff.gz
8060005ea309c81f93d47ee119bd35e74b7b4ee4d6deab4ff8a121680e30289c 1478734
dokuwiki_0.0.20080505-3.1_all.deb
Files:
4978edc1225655bf22b22de179a223a7 1083 web optional
dokuwiki_0.0.20080505-3.1.dsc
5ba7ed3590666457365f5ea88fe62a86 32957 web optional
dokuwiki_0.0.20080505-3.1.diff.gz
57ce038b3539b3ee16c70514e582ca86 1478734 web optional
dokuwiki_0.0.20080505-3.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkVYsQACgkQ62zWxYk/rQex5QCfVn++tRIGfNxzlRXHRkwrQTF3
5vIAoKV1ipWrKY31Q0tuhTEfejhXcFoO
=bO2K
-----END PGP SIGNATURE-----
--- End Message ---
