Your message dated Tue, 03 Aug 2010 05:00:04 +0000
with message-id <e1og9bg-0003jr...@franck.debian.org>
and subject line Bug#584809: fixed in moin 1.7.1-3+lenny5
has caused the Debian Bug report #584809,
regarding CVE-2010-2487: multiple XSS vulnerabilities in moin
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
584809: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: moin
Version: 1.7.1-3+lenny2
Severity: important
Tags: security
An XSS have been reported upstream:
> There is a possible reflected Cross-Site Scripting attack. An attacker
> able to cause a user to follow a specially crafted malicious link may be
> able to recover session identifiers or exploit browser vulnerabilities.
Moin 1.9.2 (unstable) and 1.7 (lenny) are supposed to be affected.
See:
http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
--- End Message ---
--- Begin Message ---
Source: moin
Source-Version: 1.7.1-3+lenny5
We believe that the bug you reported is fixed in the latest version of
moin, which is due to be installed in the Debian FTP archive:
moin_1.7.1-3+lenny5.diff.gz
to main/m/moin/moin_1.7.1-3+lenny5.diff.gz
moin_1.7.1-3+lenny5.dsc
to main/m/moin/moin_1.7.1-3+lenny5.dsc
python-moinmoin_1.7.1-3+lenny5_all.deb
to main/m/moin/python-moinmoin_1.7.1-3+lenny5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 584...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frank Lin PIAT <fp...@klabs.be> (supplier of updated moin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 07 Jun 2010 06:48:00 +0200
Source: moin
Binary: python-moinmoin
Architecture: source all
Version: 1.7.1-3+lenny5
Distribution: stable-security
Urgency: high
Maintainer: Jonas Smedegaard <d...@jones.dk>
Changed-By: Frank Lin PIAT <fp...@klabs.be>
Description:
python-moinmoin - Python clone of WikiWiki - library
Closes: 584809
Changes:
moin (1.7.1-3+lenny5) stable-security; urgency=high
.
* Non-maintainer upload.
* Fixed XSS in theme.add_msg, CVE-2010-2487
(Closes: #584809)
Checksums-Sha1:
f89a8e5082469363aeca2b7c02b18c322f0c676c 1259 moin_1.7.1-3+lenny5.dsc
3dc013eb71cd581a1a3804f27d7467d3dcc9d1c0 92369 moin_1.7.1-3+lenny5.diff.gz
41f2d4bcd86c631af1649440e5fc7bb21debebf1 4499604
python-moinmoin_1.7.1-3+lenny5_all.deb
Checksums-Sha256:
f9cc61d5ac4e561455b1108138c26b402b1c33401d3ae4ee16710034f95ba7f8 1259
moin_1.7.1-3+lenny5.dsc
8179472cadc1288895fa85706ced20a1e1dac387e48f472c7b5f4ff100ba1eef 92369
moin_1.7.1-3+lenny5.diff.gz
ee93b193f08aa86941af2750641caa89d4c4ec7d1360ac088b4c20d0ae1a3ad3 4499604
python-moinmoin_1.7.1-3+lenny5_all.deb
Files:
574199fc8e4c954cdd8b75e81eecdcf2 1259 net optional moin_1.7.1-3+lenny5.dsc
5363c01a34f85326113d767264edd42a 92369 net optional moin_1.7.1-3+lenny5.diff.gz
c17eeecc46d92ea6db6078884c777669 4499604 python optional
python-moinmoin_1.7.1-3+lenny5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxVfT8ACgkQHYflSXNkfP/C0ACdFC2Bq6ASWi14ar8t2Fm3kvvo
lSIAnRCSmJUUhaWk597Nj3KdudqnVYwG
=7jEZ
-----END PGP SIGNATURE-----
--- End Message ---
