Bug#643904: marked as done (CVE-2011-1058: XSS vulnerability in the rst parser)

[Debian Bug Tracking System]

Your message dated Tue, 04 Oct 2011 12:48:46 +0000
with message-id <e1rb4qq-0005gp...@franck.debian.org>
and subject line Bug#643904: fixed in moin 1.9.3-3
has caused the Debian Bug report #643904,
regarding CVE-2011-1058: XSS vulnerability in the rst parser
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
643904: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643904
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: moin
Version: 1.9.3-2
Severity: serious
Tags: security patch

As already mentioned at

  http://security-tracker.debian.org/tracker/CVE-2011-1058

there's a cross-site scripting vulnerability in the rst parser. Simple
patch at http://hg.moinmo.in/moin/1.9/rev/97208f67798f.

-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: moin
Source-Version: 1.9.3-3

We believe that the bug you reported is fixed in the latest version of
moin, which is due to be installed in the Debian FTP archive:

moin_1.9.3-3.debian.tar.gz
  to main/m/moin/moin_1.9.3-3.debian.tar.gz
moin_1.9.3-3.dsc
  to main/m/moin/moin_1.9.3-3.dsc
python-moinmoin_1.9.3-3_all.deb
  to main/m/moin/python-moinmoin_1.9.3-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 643...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve McIntyre <93...@debian.org> (supplier of updated moin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 04 Oct 2011 13:14:09 +0100
Source: moin
Binary: python-moinmoin
Architecture: source all
Version: 1.9.3-3
Distribution: unstable
Urgency: high
Maintainer: Jonas Smedegaard <d...@jones.dk>
Changed-By: Steve McIntyre <93...@debian.org>
Description: 
 python-moinmoin - Python clone of WikiWiki - library
Closes: 643904
Changes: 
 moin (1.9.3-3) unstable; urgency=high
 .
   [ Steve McIntyre ]
   * Add myself to Uploaders
   * Add patch from upstream to fix a cross-site scripting vulnerability in
     the rst parser (CVE-2011-1058). Closes: #643904
Checksums-Sha1: 
 293a730e1e0795f006dd8d07c1b115d511b1b9c4 1949 moin_1.9.3-3.dsc
 bc4f0c2c7f5209bb17c247bbbfdf3b9a21a97679 125770 moin_1.9.3-3.debian.tar.gz
 7eebf608bd6082553df5e4599a24c6ed9831167c 15004692 
python-moinmoin_1.9.3-3_all.deb
Checksums-Sha256: 
 ff204cecf6e167aca46a817afd7afeecfb4cf6912abbe8fb20c3d9b5e87c5fba 1949 
moin_1.9.3-3.dsc
 daf0af1fe5a728cdf4692bdf4cc6d7ea5151f008d4806448312bcc638b372968 125770 
moin_1.9.3-3.debian.tar.gz
 b4d0e5f3b15cc488f3d678bec6558caf8402cd3dc3f591807526703869bd5f52 15004692 
python-moinmoin_1.9.3-3_all.deb
Files: 
 c49bbf0a9eba4120221e64637f77da1c 1949 net optional moin_1.9.3-3.dsc
 976093d81ac15a9b32403f2baaa2ba1a 125770 net optional moin_1.9.3-3.debian.tar.gz
 f9c54fa608b0869e3fc6f437f6024b5b 15004692 python optional 
python-moinmoin_1.9.3-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJOivuGAAoJEFh5eVc0QmhO3eQQALs2lS1Ke1gdR8Bi4uuj+KLz
hs7xqr7jP18CVsFVg5KKqz89OS2Quf2YMnrOB95kbFSt4z2ZTzwqQsCNwbCzcYfW
3WI50Zv0sY1dQ5UI/a3FH3nAhjxoTI7xMI2Hzxpzbt1Rw+oR6GBlVou4iTp9ZPlJ
ApLIg/ROdbpEOkAM3mBa8r/jTAR7kv6SpVkYLf9uEdgJNVKRAD7COiRN4a7nOTGY
mmNxpyyWgQ6p3U/O0ayLyjZuOJsGr3jsXPz0noUL/ANFDHMrr9Dgdj4yyynZAxzu
eGVLsfBDeWZC0kF5NfrUmJ0JeX1crAY09TEOM9BF9wVb71Y1pyExY1uDuARq/lZv
St9NdyChx5czO+4IDLpcfnVJIOD3yn9D/LtFN5q5bs37zzLNARzsc/vN2JkTK8F3
oZ9BXWTyrzhdOTCEW46jWVzKQ9MAUC22WpG0HlBnZIUAt/7EAj4OEbbdHv4a/CmU
IfpsW89xUN49o/o1RYK+U4BmbhqnHBhC286CWU0EeRV5rkF3F3x8yumY3AsRwNwT
CIIwkD4mVooHp/tqTnVXNgUIiuoIbBY5fp9P6BgfINgZAN1tREAloOQzgOTNQInF
puLq8D1bghajzZi9yOAlhuQFmCdr/7msiwc9duDAqz9Bxbp4+TpZohO1LjeUvxkm
XEvq/0qj6cxOBNxgZHk1
=uXiw
-----END PGP SIGNATURE-----

--- End Message ---