Your message dated Wed, 01 Dec 2010 17:17:25 +0000
with message-id <e1pnqj3-0002np...@franck.debian.org>
and subject line Bug#604060: fixed in pootle 2.0.5-0.3
has caused the Debian Bug report #604060,
regarding pootle: XSS via 'match_names' parameter
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
604060: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604060
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: pootle
Version: 2.0.5-0.2
Severity: grave
Tags: patch, security, fixed-upstream
The security team had been notified by Friedel Wolff (pootle upstream) there is
a XSS vulnerability in pootle. He provided a patch:
http://translate.svn.sourceforge.net/viewvc/translate/src/branches/Pootle-2.0/Pootle/local_apps/pootle_app/views/language/translate_page.py?view=patch&r1=16172&r2=16171&pathrev=16172
This bug doesn't affect stable. There is no CVE assigned.
Thanks, luciano
--- End Message ---
--- Begin Message ---
Source: pootle
Source-Version: 2.0.5-0.3
We believe that the bug you reported is fixed in the latest version of
pootle, which is due to be installed in the Debian FTP archive:
pootle_2.0.5-0.3.diff.gz
to main/p/pootle/pootle_2.0.5-0.3.diff.gz
pootle_2.0.5-0.3.dsc
to main/p/pootle/pootle_2.0.5-0.3.dsc
pootle_2.0.5-0.3_all.deb
to main/p/pootle/pootle_2.0.5-0.3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 604...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Reichle-Schmehl <toli...@debian.org> (supplier of updated pootle
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 29 Nov 2010 17:47:31 +0100
Source: pootle
Binary: pootle
Architecture: source all
Version: 2.0.5-0.3
Distribution: unstable
Urgency: medium
Maintainer: Nicolas FRANCOIS (Nekral) <nicolas.franc...@centraliens.net>
Changed-By: Alexander Reichle-Schmehl <toli...@debian.org>
Description:
pootle - Web-based translation and translation management tool
Closes: 604060
Changes:
pootle (2.0.5-0.3) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix XSS vulnerability with patch in
local_apps/pootle_app/views/language/translate_page.py
Thanks to Luciano Bello and Friedel Wolff for the notification
(Closes: #604060)
* Set urgency medium due to RC bug fix
Checksums-Sha1:
eb4cfb36611fecc85a08b9aa33d1e331a468872c 1938 pootle_2.0.5-0.3.dsc
a2d0bd676053b9bb4be71368edd80efc05a3568e 21517 pootle_2.0.5-0.3.diff.gz
382e16d8216e0b3c6470632a03463dec39952ec0 4436148 pootle_2.0.5-0.3_all.deb
Checksums-Sha256:
ee9a4a71d99be78767fb984ee6ec232241ece2e27015999554d1d9d9287f1a47 1938
pootle_2.0.5-0.3.dsc
080080fa608b53848754bdcd2399c6bc0a7c48d37d30aad7d512b29c9028c857 21517
pootle_2.0.5-0.3.diff.gz
dc041dd28bc73db2187ebd9c76a8f6ebfcada5950df224935588216c1a2a47ba 4436148
pootle_2.0.5-0.3_all.deb
Files:
59e4a05cc89ff921072bbe65c1312fdb 1938 python optional pootle_2.0.5-0.3.dsc
f8395f60b05b5c30e0a4c8beec4a479c 21517 python optional pootle_2.0.5-0.3.diff.gz
bf992d87148404259c66bba63cc02af5 4436148 python optional
pootle_2.0.5-0.3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJM89ubAAoJEMJLZaJnLIsSY7YP/3z35xMT/A6g9VQmn1dI/24M
IYlgXtCS2pGy56vKUXPKLiGrjiQ7EulYw8AJdOSlwjObMis2Vp7+cY8T3Ij6+AJi
tbUA5bI29eNqp4F7ZMm/qzbLvsp+MlEZR4+8ZBG8rWrmb7SFeMLc4RWn8tiVmKOh
vOPzEX5h7tS/RUPEmIC065lk4V/SmjcpDLmHIdXgoDKZRMrPlc1/ChOJJ5u+IPYN
0rjtYA2Z21s3ViMjBI4dKUW/MzCv660od3lNc6ge8D4KiX/xGFrdjmGc/4zuxWcs
/wvqlbSWVZs39BVSOESMNKH+E9SKig0L6nHHfjsawRO7dNisidZuWQ9V8sh9xldQ
WCf23ZfCl1OFST+zRZgdGpiPBvPF3ZOxfL7nq90+CqB8L/CtjY/wsFQSJwoOXK0s
ARgEuYu4UBQ7Qs0zPPYa6Pklf45DYofxkAo4oYo0RVEdFepuAgncwbbCW0OF/Ru6
Vd8x//fykBMJituDQtsP+PI/AkA7R0y7CF2rWyx6PHS6Jt/VrQNW6k+qeB6x+HIp
f1UIvNq0SNmhY2J9Wa23fglbMmio+MQ7vWQ20fBfJxtdfpyhq6UgkqOp5PUP2ra1
9nkGal+zjo26wtLYhHnPz2vTf0GbHXba/DXjhhKjNE1tOoaATIJD22b9K+NHqf+9
syADWphbMFcEmsaA2Jjs
=9SxA
-----END PGP SIGNATURE-----
--- End Message ---
