Bug#591382: marked as done (mediawiki: Stable version missing recent security patches)

Debian Bug Tracking System Sun, 19 Dec 2010 06:00:24 -0800

Your message dated Sun, 19 Dec 2010 13:56:37 +0000
with message-id <e1pujkb-0003je...@franck.debian.org>
and subject line Bug#591382: fixed in mediawiki 1:1.12.0-2lenny6
has caused the Debian Bug report #591382,
regarding mediawiki: Stable version missing recent security patches
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
591382: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591382
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: mediawiki
Version: 1:1.12.0-2lenny5
Severity: grave
Tags: security
Justification: user security hole


The mediawiki version in lenny seems to be missing the security patches 
released with 1.15.4 and 1.15.5

For example, the changes of 
http://www.mediawiki.org/wiki/Special:Code/MediaWiki/66990 and 
http://www.mediawiki.org/wiki/Special:Code/MediaWiki/65760 have not been 
applied. This was also pointed out today on wikitech-l by Max Semenik.



-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mediawiki depends on:
ii  apache2-mpm-prefor 2.2.9-10+lenny8       Apache HTTP Server - traditional n
ii  debconf [debconf-2 1.5.24                Debian configuration management sy
ii  mime-support       3.44-1                MIME files 'mime.types' & 'mailcap
ii  php5               5.2.6.dfsg.1-1+lenny8 server-side, HTML-embedded scripti
ii  php5-mysql         5.2.6.dfsg.1-1+lenny8 MySQL module for php5

Versions of packages mediawiki recommends:
ii  mysql-server       5.0.51a-24+lenny4     MySQL database server (metapackage
ii  mysql-server-5.0 [ 5.0.51a-24+lenny4     MySQL database server binaries
ii  php5-cli           5.2.6.dfsg.1-1+lenny8 command-line interpreter for the p

Versions of packages mediawiki suggests:
pn  clamav          <none>                   (no description available)
ii  imagemagick     7:6.3.7.9.dfsg2-1~lenny3 image manipulation programs
pn  mediawiki-math  <none>                   (no description available)
pn  memcached       <none>                   (no description available)
ii  php5-gd         5.2.6.dfsg.1-1+lenny8    GD module for php5

-- debconf information excluded

--- End Message ---

--- Begin Message ---

Source: mediawiki
Source-Version: 1:1.12.0-2lenny6

We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:

mediawiki-math_1.12.0-2lenny6_amd64.deb
  to main/m/mediawiki/mediawiki-math_1.12.0-2lenny6_amd64.deb
mediawiki_1.12.0-2lenny6.diff.gz
  to main/m/mediawiki/mediawiki_1.12.0-2lenny6.diff.gz
mediawiki_1.12.0-2lenny6.dsc
  to main/m/mediawiki/mediawiki_1.12.0-2lenny6.dsc
mediawiki_1.12.0-2lenny6_all.deb
  to main/m/mediawiki/mediawiki_1.12.0-2lenny6_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 591...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated mediawiki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 17 Dec 2010 23:32:46 +0000
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source all amd64
Version: 1:1.12.0-2lenny6
Distribution: stable
Urgency: high
Maintainer: Mediawiki Maintenance Team 
<pkg-mediawiki-de...@lists.alioth.debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description: 
 mediawiki  - website engine for collaborative work
 mediawiki-math - math rendering plugin for MediaWiki
Closes: 585918 590669 591382
Changes: 
 mediawiki (1:1.12.0-2lenny6) stable; urgency=high
 .
   * Stable upload. Closes: #591382
   * Fixed CSRF vulnerability in "e-mail me my password",
     "create account" and "create by e-mail" features of
     [[Special:Userlogin]]. CVE-2010-1648
   * Fixed XSS vulnerability affecting IE clients only, due to a CSS
     validation issue. CVE-2010-1647 (Closes: #585918)
   * Fixed an XSS vulnerability in profileinfo.php for installations
     with $wgEnableProfileInfo = true (false by default) (Closes: #590669)
Checksums-Sha1: 
 43a4da5649c6c60d8a392b98907696b899e3cfe2 1895 mediawiki_1.12.0-2lenny6.dsc
 8cae2ed164a5b7c34c89ded43b7c76d05afe306c 67414 mediawiki_1.12.0-2lenny6.diff.gz
 67a704f6debb1d31bc4dd5e99fc540a2396868e7 7229428 
mediawiki_1.12.0-2lenny6_all.deb
 c4d033013401861242b45480e220c60445fc69c6 157458 
mediawiki-math_1.12.0-2lenny6_amd64.deb
Checksums-Sha256: 
 3522e51eff5c8881809564398ee1bb5b9fc54db786fb5d51f087f35f38cfec63 1895 
mediawiki_1.12.0-2lenny6.dsc
 d3fed631d4f4e6d92c6c7a598481e575cc4fe8c2a7157b9a0cbb44e9bbd66c04 67414 
mediawiki_1.12.0-2lenny6.diff.gz
 2d3db39ce7925fc6c78ec8921900ad99788b7cdf0b1bf63e7e2f93354063a90d 7229428 
mediawiki_1.12.0-2lenny6_all.deb
 e3a908fdd9535be5a615090c1b77993896e321de92409ef504925db47317784c 157458 
mediawiki-math_1.12.0-2lenny6_amd64.deb
Files: 
 90dc6f497eba201a970141c53427d68c 1895 web optional mediawiki_1.12.0-2lenny6.dsc
 fc840b059b2785ff1f38a03b0d93cbbb 67414 web optional 
mediawiki_1.12.0-2lenny6.diff.gz
 1e5a3ee0354b601cd13e5b6bd87db6c0 7229428 web optional 
mediawiki_1.12.0-2lenny6_all.deb
 f0cee15142a92b3af49184883f26c7e0 157458 web optional 
mediawiki-math_1.12.0-2lenny6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJNC/qPAAoJEFOUR53TUkxR2o4P/iIDvnFeo/yt0MOX+11W2mXh
aMgPgmGUU9sCikyy5moKmIejYV+KYCw7tjIEEem7DaK3RUyDecVggzeyC7oG8yt9
5g67opT2usok9Lo3ereFMYEWZLk0arv0exa9iCRrZjwgPXu25yWcEfPQNYOBjYnJ
m1je7k+IQpdT3nEJv05UPAndCGtGk0YEjTpd/GPYWSGptUYqjQcGEl8qXQANt050
486g/ZT3ND5RaByxVbOiGORVEMUoI7hmYY7hs3x/lWk5PfBX9nZKZQK7wmEqSq7s
7inP9d6MPDwjaq4hG4xfiHOGRrqHlEzHtOuXu81553aNdMUcryPEiPfMPJKp8MXj
FSwtFd9Uz3URskU8gRwiQ33hkxlNh0BCG2COhm6tuHFmsJZjuEkpJvssT8I++82C
zzCmwHbvc+RSqgQRm0XfhDTqudrythLFjAI/ZMUKZyvk3xkgNlWq1AsaatYVK3M3
A799Ad4YQNcIcmd/8Nv42J+kVt/uq3xZzzBYJ4blqJVL9a2xYs3lx4S9Q9tMSr+y
fwLjzV7BKNsd0jHqWL/Bp+htRuEpyJOl68kxtEGZCbXQfjl6CARwzuj7C/2rvlJ3
cjbIMDd75kOtpgt0bNgh0jSSik4OUCqtpPLgY6WOQTjoEFsnPNgGshcuETdsRjOM
QsizlKK9fxuM94zWplB2
=4BtY
-----END PGP SIGNATURE-----

--- End Message ---

Bug#591382: marked as done (mediawiki: Stable version missing recent security patches)

Reply via email to