Your message dated Wed, 10 Mar 2010 01:52:41 +0000
with message-id <e1npb6h-000626...@ries.debian.org>
and subject line Bug#572417: fixed in tdiary 2.2.1-1+lenny1
has caused the Debian Bug report #572417,
regarding tdiary: CVE-2010-0726 code injection vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
572417: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572417
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tdiary
Version: 2.2.1-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for tdiary.
CVE-2010-0726[0]:
| Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack
| transmission) plugin in tDiary 2.2.2 and earlier allows remote
| attackers to inject arbitrary web script or HTML via unknown vectors,
| possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt
| parameters.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0726
http://security-tracker.debian.org/tracker/CVE-2010-0726
--- End Message ---
--- Begin Message ---
Source: tdiary
Source-Version: 2.2.1-1+lenny1
We believe that the bug you reported is fixed in the latest version of
tdiary, which is due to be installed in the Debian FTP archive:
tdiary-contrib_2.2.1-1+lenny1_all.deb
to main/t/tdiary/tdiary-contrib_2.2.1-1+lenny1_all.deb
tdiary-mode_2.2.1-1+lenny1_all.deb
to main/t/tdiary/tdiary-mode_2.2.1-1+lenny1_all.deb
tdiary-plugin_2.2.1-1+lenny1_all.deb
to main/t/tdiary/tdiary-plugin_2.2.1-1+lenny1_all.deb
tdiary-theme_2.2.1-1+lenny1_all.deb
to main/t/tdiary/tdiary-theme_2.2.1-1+lenny1_all.deb
tdiary_2.2.1-1+lenny1.diff.gz
to main/t/tdiary/tdiary_2.2.1-1+lenny1.diff.gz
tdiary_2.2.1-1+lenny1.dsc
to main/t/tdiary/tdiary_2.2.1-1+lenny1.dsc
tdiary_2.2.1-1+lenny1_all.deb
to main/t/tdiary/tdiary_2.2.1-1+lenny1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 572...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated tdiary package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 09 Mar 2010 18:54:19 +1100
Source: tdiary
Binary: tdiary tdiary-theme tdiary-plugin tdiary-mode tdiary-contrib
Architecture: source all
Version: 2.2.1-1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Daigo Moriwaki <da...@debian.org>
Changed-By: Steffen Joeris <wh...@debian.org>
Description:
tdiary - a communication-friendly weblog system
tdiary-contrib - Plugins of tDiary to add functionalities
tdiary-mode - tDiary editing mode for Emacsen
tdiary-plugin - Plugins of tDiary to add functionalities
tdiary-theme - Themes of tDiary to change the design
Closes: 572417
Changes:
tdiary (2.2.1-1+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the security team
* Fix XSS issue in tb-send.rb (Closes: #572417)
Fixes: CVE-2010-0726
Thanks to Hideki Yamane
Checksums-Sha1:
68796d22fab92b0b656b4e3eb9721890da900b01 1083 tdiary_2.2.1-1+lenny1.dsc
cdd6d062dc5d9e4ed5eb512864e73052063c017c 4207143 tdiary_2.2.1.orig.tar.gz
ec36a3977f8cad1547e1ab29a79f9e22a697fd9f 28848 tdiary_2.2.1-1+lenny1.diff.gz
f45a409b5071808bac5bd923997a4d1e17efd2cc 201722 tdiary_2.2.1-1+lenny1_all.deb
b078de97b10b61925639d35bb85fae9cd4bae555 3671582
tdiary-theme_2.2.1-1+lenny1_all.deb
c747010dda526291b520686faf0667b8fee3a5c7 270084
tdiary-plugin_2.2.1-1+lenny1_all.deb
64614f069bdfdb4bb181284f825e9e0735327f19 36916
tdiary-mode_2.2.1-1+lenny1_all.deb
901a1b0f0522c1b6d4c85f3df780ff455256332a 209268
tdiary-contrib_2.2.1-1+lenny1_all.deb
Checksums-Sha256:
20adca00c4a42c454db08ef27a1b8395a13e3ec65260fe2f513def524aa1f1a9 1083
tdiary_2.2.1-1+lenny1.dsc
897a593b0323d85e1bfa4bff6309d5e700e6203db0bf3bb4d8957888b7256bb2 4207143
tdiary_2.2.1.orig.tar.gz
3e8ed68a0c939f2674401d7d77cf528654595b6fc4dd9be0aea6f93e957f3f3d 28848
tdiary_2.2.1-1+lenny1.diff.gz
2cd2b50dbf8350d53e7e242572bb3c62e8b5685770eef99e59cf79f59076bcba 201722
tdiary_2.2.1-1+lenny1_all.deb
ab6d46f9ca5d52596bba26423674bfe68e59a1fa4f505c53aba3854b47be0dd1 3671582
tdiary-theme_2.2.1-1+lenny1_all.deb
8c5d2a3bedd95ee90bbb5261ab0fe5a3fd6748e701857cc8f5df98a0e18dd7b8 270084
tdiary-plugin_2.2.1-1+lenny1_all.deb
34df1285f2b82af82092f06269aac0c9211817288aece3ec1b152bf1dd9acec8 36916
tdiary-mode_2.2.1-1+lenny1_all.deb
390277094cf8ffdef7c09aad473cb21072bc84e7c1afeec553d7a0f64aa8eefb 209268
tdiary-contrib_2.2.1-1+lenny1_all.deb
Files:
3256337487cc7177ac6a20a5815c2e5e 1083 web optional tdiary_2.2.1-1+lenny1.dsc
41bd634fc4a8a6ffe93f70d33c826865 4207143 web optional tdiary_2.2.1.orig.tar.gz
47109a3e807f5595fb580a3eed3ce2a6 28848 web optional
tdiary_2.2.1-1+lenny1.diff.gz
cf6df3658938bc5df5839f29cd51d34e 201722 web optional
tdiary_2.2.1-1+lenny1_all.deb
e23890cfcdbd50cf8edd68dea769f8ec 3671582 web optional
tdiary-theme_2.2.1-1+lenny1_all.deb
c27fa1b2a89f4bc7edb08332aa0270ab 270084 web optional
tdiary-plugin_2.2.1-1+lenny1_all.deb
9fee97c0332c554040f646660c22b54d 36916 web optional
tdiary-mode_2.2.1-1+lenny1_all.deb
4425e9c291d09015b1d89eba2d345155 209268 web optional
tdiary-contrib_2.2.1-1+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuWBTkACgkQ62zWxYk/rQevKwCeLfl0Ez9CkfQUaCMKh6a+Qppd
gosAn347uYI1dupxPFTaWD/g/GqcukPV
=41jh
-----END PGP SIGNATURE-----
--- End Message ---
