Your message dated Wed, 08 Dec 2010 22:49:53 +0000
with message-id <e1pqspd-0003jt...@franck.debian.org>
and subject line Bug#606311: fixed in movabletype-opensource 4.3.5+dfsg-1
has caused the Debian Bug report #606311,
regarding movabletype-opensource: Unspecified XSS and SQL injection
vulnerabilities fixed in 4.35
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
606311: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606311
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: movabletype-opensource
Version: 4.3.4+dfsg-2
Severity: grave
Tags: security
Justification: user security hole
>From
><http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html>:
"Movable Type 5.04 and Movable Type 4.35 are mandatory security updates
for all users. These updates resolve multiple vulnerabilities discovered
in the previous versions of Movable Type 5.x and Movable Type 4.x.
Impact
A remote attacker could execute arbitrary code in a logged-in users' web
browser (XSS). A remote attacker could read or modify the contents in the
system under certain circumstances (SQL injection)."
I will look at uploading 4.35 to unstable, and assessing the impact on
stable, this evening.
--- End Message ---
--- Begin Message ---
Source: movabletype-opensource
Source-Version: 4.3.5+dfsg-1
We believe that the bug you reported is fixed in the latest version of
movabletype-opensource, which is due to be installed in the Debian FTP archive:
movabletype-opensource_4.3.5+dfsg-1.diff.gz
to main/m/movabletype-opensource/movabletype-opensource_4.3.5+dfsg-1.diff.gz
movabletype-opensource_4.3.5+dfsg-1.dsc
to main/m/movabletype-opensource/movabletype-opensource_4.3.5+dfsg-1.dsc
movabletype-opensource_4.3.5+dfsg-1_all.deb
to main/m/movabletype-opensource/movabletype-opensource_4.3.5+dfsg-1_all.deb
movabletype-opensource_4.3.5+dfsg.orig.tar.gz
to main/m/movabletype-opensource/movabletype-opensource_4.3.5+dfsg.orig.tar.gz
movabletype-plugin-core_4.3.5+dfsg-1_all.deb
to main/m/movabletype-opensource/movabletype-plugin-core_4.3.5+dfsg-1_all.deb
movabletype-plugin-zemanta_4.3.5+dfsg-1_all.deb
to
main/m/movabletype-opensource/movabletype-plugin-zemanta_4.3.5+dfsg-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 606...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <d...@earth.li> (supplier of updated movabletype-opensource
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 08 Dec 2010 20:34:44 +0000
Source: movabletype-opensource
Binary: movabletype-opensource movabletype-plugin-core
movabletype-plugin-zemanta
Architecture: source all
Version: 4.3.5+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Dominic Hargreaves <d...@earth.li>
Changed-By: Dominic Hargreaves <d...@earth.li>
Description:
movabletype-opensource - A well-known blogging engine
movabletype-plugin-core - Core Movable Type plugins
movabletype-plugin-zemanta - Zemanta Movable Type plugin
Closes: 606311
Changes:
movabletype-opensource (4.3.5+dfsg-1) unstable; urgency=high
.
* New upstream release
- fixes various unspecified XSS/SQL vulnerabilities (closes: #606311)
Checksums-Sha1:
d2a1c3af869e8047a2ca1aa2e5707e4cfe607897 1253
movabletype-opensource_4.3.5+dfsg-1.dsc
01d1324b54d240f7dfeb3c790c67511ca29eefe4 4746966
movabletype-opensource_4.3.5+dfsg.orig.tar.gz
f7a69cff3a91a0938825feba0d015e677586ce76 26521
movabletype-opensource_4.3.5+dfsg-1.diff.gz
ccdacc1cfdf0e41838a8722a79110010568772f0 2899046
movabletype-opensource_4.3.5+dfsg-1_all.deb
c241d9ccfbd8a5a4c15eea2021d5ce701e67de74 170598
movabletype-plugin-core_4.3.5+dfsg-1_all.deb
b6b5602469ec214767e2d4153b978e67f7d08788 14492
movabletype-plugin-zemanta_4.3.5+dfsg-1_all.deb
Checksums-Sha256:
f8e5387bde0830a608ca894a1b0411b8a176fd417c9378b841f4f0be98fa6963 1253
movabletype-opensource_4.3.5+dfsg-1.dsc
f8ee104eba635f7f85aeeedcaadfbc0201f4ec7e8461d49724ea546526991de4 4746966
movabletype-opensource_4.3.5+dfsg.orig.tar.gz
a14c74526a768d166564471d7a6514b4cbef7f78d2a920c9564509dc847622b5 26521
movabletype-opensource_4.3.5+dfsg-1.diff.gz
cc5ecfe0bc61d07cc3700fa4a494afa06e1ecb06c11eac211eaf29ac90fbe446 2899046
movabletype-opensource_4.3.5+dfsg-1_all.deb
311436ea091e414828ba7c4770caff3543c140f8274362f30d79b7ee102f1013 170598
movabletype-plugin-core_4.3.5+dfsg-1_all.deb
1e1b50a2abc11c33db277b572a1eff48dc33134352cc680989501e744086c671 14492
movabletype-plugin-zemanta_4.3.5+dfsg-1_all.deb
Files:
25bde0f9029e497b46a2bcc8be06e5b5 1253 web optional
movabletype-opensource_4.3.5+dfsg-1.dsc
3c8d230eefe9e814c8f643ad29a566b7 4746966 web optional
movabletype-opensource_4.3.5+dfsg.orig.tar.gz
69ccddda70ffd782315f66353dea5e32 26521 web optional
movabletype-opensource_4.3.5+dfsg-1.diff.gz
27954073cd94329821ef80913f0e75a7 2899046 web optional
movabletype-opensource_4.3.5+dfsg-1_all.deb
e2061207590ca3e62ebf72d6f5d85b3c 170598 web optional
movabletype-plugin-core_4.3.5+dfsg-1_all.deb
0d87f42de429ae03ce83b127097eae74 14492 web optional
movabletype-plugin-zemanta_4.3.5+dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFNAAdgYzuFKFF44qURAtJrAKDo9cEG4CYjib+a+cEgdatAA+hIfgCgh5S9
IL/s737Fbr54LQrexiZ+PCY=
=KjU7
-----END PGP SIGNATURE-----
--- End Message ---
