Your message dated Tue, 11 Oct 2011 01:54:51 +0000
with message-id <e1rdryr-00085c...@franck.debian.org>
and subject line Bug#643904: fixed in moin 1.7.1-3+lenny6
has caused the Debian Bug report #643904,
regarding CVE-2011-1058: XSS vulnerability in the rst parser
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
643904: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643904
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: moin
Version: 1.9.3-2
Severity: serious
Tags: security patch
As already mentioned at
http://security-tracker.debian.org/tracker/CVE-2011-1058
there's a cross-site scripting vulnerability in the rst parser. Simple
patch at http://hg.moinmo.in/moin/1.9/rev/97208f67798f.
-- System Information:
Debian Release: 6.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: moin
Source-Version: 1.7.1-3+lenny6
We believe that the bug you reported is fixed in the latest version of
moin, which is due to be installed in the Debian FTP archive:
moin_1.7.1-3+lenny6.diff.gz
to main/m/moin/moin_1.7.1-3+lenny6.diff.gz
moin_1.7.1-3+lenny6.dsc
to main/m/moin/moin_1.7.1-3+lenny6.dsc
python-moinmoin_1.7.1-3+lenny6_all.deb
to main/m/moin/python-moinmoin_1.7.1-3+lenny6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 643...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve McIntyre <93...@debian.org> (supplier of updated moin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 04 Oct 2011 16:55:21 +0100
Source: moin
Binary: python-moinmoin
Architecture: source all
Version: 1.7.1-3+lenny6
Distribution: oldstable-security
Urgency: high
Maintainer: Jonas Smedegaard <d...@jones.dk>
Changed-By: Steve McIntyre <93...@debian.org>
Description:
python-moinmoin - Python clone of WikiWiki - library
Closes: 643904
Changes:
moin (1.7.1-3+lenny6) oldstable-security; urgency=high
.
* Non-maintainer upload.
* Add patch from upstream to fix a cross-site scripting vulnerability in
the rst parser (CVE-2011-1058). Closes: #643904
Checksums-Sha1:
88e60832d1e875763fb90637ef8d5fccbc6edcd4 1899 moin_1.7.1-3+lenny6.dsc
2368dc71a39c8cb58ff4eb6ac90211752e8a6732 91767 moin_1.7.1-3+lenny6.diff.gz
ab86a422e792e4762ba1ef6023a0a60eed7cc839 4508726
python-moinmoin_1.7.1-3+lenny6_all.deb
Checksums-Sha256:
2608508168762ef34bffe51f370da45aa64403e9a45e92e1c589161d0304ad5e 1899
moin_1.7.1-3+lenny6.dsc
a82f379d3a4d7e7047af58192212b2852cd6ec245213ffef32a68702db48d815 91767
moin_1.7.1-3+lenny6.diff.gz
efee602286f6c8d60692ec913090ff731c049f4954de2c165d57ec88fb3d0655 4508726
python-moinmoin_1.7.1-3+lenny6_all.deb
Files:
bf871541858714518bab50ed9da8a4dc 1899 net optional moin_1.7.1-3+lenny6.dsc
1158e164a06303b16a72ffd0daf3f01a 91767 net optional moin_1.7.1-3+lenny6.diff.gz
948b75ad16112f17a76c76c2327394e4 4508726 python optional
python-moinmoin_1.7.1-3+lenny6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJOizQsAAoJEFh5eVc0QmhOSyMP/2VUcMgmSTuToL0gbdgKS/9t
CatrpcUVcGB67CmDT0YKY0B187DRB18bDyCJdpZDneOeZ7qbhcPkqAcezumDHr+P
HBEqMPavqXuXK8SzI8d2H/vrQagsp1FRkxX5xIJ1RbqDjL2b3VriqkHsNSc+cAOu
6U1s0DDrDcrbs+8CjpKVBrLQzGy/l0X85X9gIjIfAijegtf2YA/uZ2OMQ27EKxHN
qWof7h0LfPGnKEywHf0/BltejHy5t7oWOfAfl7t5HtYHow2i96k4vd/NBSoCuFrD
h//V//wKkWaaLa3Wi52H5HeRL561WM+e7pkEE0syzdq/hhaKoLkr6eOCQ7E2DZkm
RB6q+eMZQdQ+l9k86kd3YjoqOaOCc6eMbskXdrycnxeyv9vkVsqmdI/eL186uOV+
3OKXqhITfvg6XRlmRb4ckh42fLioEMEXG7Puq+uHiuPTM5CItr3AL41/cITZxNa3
3y/e0xq/Vgf/uSqYZDYyts2RFPUV8zXYM/S6uTsnCyPIskcc0svy/xXxKv/HeAO2
4hV9VnfCzFygQ2qDdn8+QD/gBL+ji6CErJpYgD/JSixhTxGYeSly3C2ERKkmLdNO
57WP36yacRJiqPehGu17HFNOf4qhyLPFnD+GknBlRwGVqEN2FVrVva4Ca+WcVT0i
W2/HB/WFXs4cYzeAAWF8
=IUnI
-----END PGP SIGNATURE-----
--- End Message ---
