Your message dated Sun, 17 Jan 2010 15:48:01 +0000
with message-id <e1nwxm9-0000uo...@ries.debian.org>
and subject line Bug#565406: fixed in dokuwiki 0.0.20090214b-3.1
has caused the Debian Bug report #565406,
regarding ACL can be edited
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
565406: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565406
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dokuwiki
Version: 0.0.20080505-4
Tags: security, patch, fixed-upstream
Severity: serious
A major security problem allows to edit the ACL, thus gaining access to a
closed wiki. See
[bugtracker] for description and patch. The problem is fixed in version
2009-12-25b, I’ll upload a
package for this version to [mentors] in a few hours.
Regards,
Adrian Lang
[bugtracker] http://bugs.splitbrain.org/index.php?do=details&task_id=1847
[mentors]
http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=dokuwiki
--- End Message ---
--- Begin Message ---
Source: dokuwiki
Source-Version: 0.0.20090214b-3.1
We believe that the bug you reported is fixed in the latest version of
dokuwiki, which is due to be installed in the Debian FTP archive:
dokuwiki_0.0.20090214b-3.1.diff.gz
to main/d/dokuwiki/dokuwiki_0.0.20090214b-3.1.diff.gz
dokuwiki_0.0.20090214b-3.1.dsc
to main/d/dokuwiki/dokuwiki_0.0.20090214b-3.1.dsc
dokuwiki_0.0.20090214b-3.1_all.deb
to main/d/dokuwiki/dokuwiki_0.0.20090214b-3.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 565...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated dokuwiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 17 Jan 2010 14:47:41 +0100
Source: dokuwiki
Binary: dokuwiki
Architecture: source all
Version: 0.0.20090214b-3.1
Distribution: unstable
Urgency: high
Maintainer: Mohammed Adnène Trojette <adn+...@diwi.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description:
dokuwiki - standards compliant simple to use wiki
Closes: 565406
Changes:
dokuwiki (0.0.20090214b-3.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Check against cross-site request forgeries (CSRF)
* Fixed multiple vulnerabilities in ACL plugin (Closes: #565406)
Checksums-Sha1:
4e1c53c33135dbe51677a00bd526a501dab25e12 1091 dokuwiki_0.0.20090214b-3.1.dsc
7610ebdca9fa608dccd97833426b6b99b31916e6 34552
dokuwiki_0.0.20090214b-3.1.diff.gz
931248b51c066fda40d5f55e36b3dee0e1ffb77d 1416348
dokuwiki_0.0.20090214b-3.1_all.deb
Checksums-Sha256:
3bea65978c68789ac6d6214875d9986475bd1cdf6194c48d7a8e153e62837014 1091
dokuwiki_0.0.20090214b-3.1.dsc
c810ec763cf73397260a026a8171e855d80930ddd89308e032aa40debacf3eea 34552
dokuwiki_0.0.20090214b-3.1.diff.gz
d9c47709700621414d9193c2936066a1837a24e2481e84046dd08eca8495fb00 1416348
dokuwiki_0.0.20090214b-3.1_all.deb
Files:
774b1dcf3e7bba9c76eb594fb2e8fcca 1091 web optional
dokuwiki_0.0.20090214b-3.1.dsc
838b1666c61380ee1d45e3a1c262be70 34552 web optional
dokuwiki_0.0.20090214b-3.1.diff.gz
43d7ddc81bb9d1c68a7d00b4f1b94854 1416348 web optional
dokuwiki_0.0.20090214b-3.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktTFbEACgkQNxpp46476arB3gCeIUR6JnDiSqbbKUK+eNmNk774
yMUAn0hCr51nfs+WH2o48gB+rs18dmKI
=SMBh
-----END PGP SIGNATURE-----
--- End Message ---
