Your message dated Tue, 20 Dec 2011 01:54:50 +0000 with message-id <e1rcouo-0007vh...@franck.debian.org> and subject line Bug#650434: fixed in mediawiki 1:1.12.0-2lenny9 has caused the Debian Bug report #650434, regarding mediawiki: two security issues (fixed in 1.17.1) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 650434: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650434 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mediawiki Severity: grave Tags: security patch Hi Mediawiki Maintenance Team, In the 1.17.1 release announce, two grave vulnerabilities have been fixed: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011- November/000104.html Patches are included in the wikimedia bugzilla: https://bugzilla.wikimedia.org/show_bug.cgi?id=32276 https://bugzilla.wikimedia.org/show_bug.cgi?id=32616 Please, consider backport those patches to stable and oldstable since they look affected. Coordinate with the security team a DSA release. Regards, /luciano
--- End Message ---
--- Begin Message ---Source: mediawiki Source-Version: 1:1.12.0-2lenny9 We believe that the bug you reported is fixed in the latest version of mediawiki, which is due to be installed in the Debian FTP archive: mediawiki-math_1.12.0-2lenny9_amd64.deb to main/m/mediawiki/mediawiki-math_1.12.0-2lenny9_amd64.deb mediawiki_1.12.0-2lenny9.diff.gz to main/m/mediawiki/mediawiki_1.12.0-2lenny9.diff.gz mediawiki_1.12.0-2lenny9.dsc to main/m/mediawiki/mediawiki_1.12.0-2lenny9.dsc mediawiki_1.12.0-2lenny9_all.deb to main/m/mediawiki/mediawiki_1.12.0-2lenny9_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 650...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonathan Wiltshire <j...@debian.org> (supplier of updated mediawiki package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 18 Dec 2011 23:19:40 +0000 Source: mediawiki Binary: mediawiki mediawiki-math Architecture: source all amd64 Version: 1:1.12.0-2lenny9 Distribution: oldstable-security Urgency: low Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-de...@lists.alioth.debian.org> Changed-By: Jonathan Wiltshire <j...@debian.org> Description: mediawiki - website engine for collaborative work mediawiki-math - math rendering plugin for MediaWiki Closes: 650434 Changes: mediawiki (1:1.12.0-2lenny9) oldstable-security; urgency=low . * Security fixes from upstream (Closes: #650434): CVE-2011-4360 - page titles on private wikis could be exposed bypassing different page ids to index.php CVE-2011-4361 - action=ajax requests were dispatched to the relevant function without any read permission checks being done CVE-2011-1578 - XSS for IE <= 6 CVE-2011-1579 - CSS validation error in wikitext parser CVE-2011-1580 - access control checks on transwiki import feature CVE-2011-1587 - fix incomplete patch for CVE-2011-1578 Checksums-Sha1: 5865bc011fc1095fa78bac7bddd0c6488992eade 1895 mediawiki_1.12.0-2lenny9.dsc 8cd9cdf675913e9fed1b2a3796176d9bc3f8d577 73638 mediawiki_1.12.0-2lenny9.diff.gz f5c84b2b0aad8907c6002d8ddf77ae1636337643 7231350 mediawiki_1.12.0-2lenny9_all.deb 729adfd860f8d85bc11100dd71d25068994ae1e5 157926 mediawiki-math_1.12.0-2lenny9_amd64.deb Checksums-Sha256: d675dc32841de0dfec738ae3282e3cc621f23659a5115776540d565977ae4857 1895 mediawiki_1.12.0-2lenny9.dsc 6451c6d1b4212bd95b74e33aaaf8251b6e9eb370e7c17133fa19a326b7de5032 73638 mediawiki_1.12.0-2lenny9.diff.gz 5750a8c318dd8bb0f55d1c0e6483ad34531cafcb99fbd8d3e82da71a9f4ba7a4 7231350 mediawiki_1.12.0-2lenny9_all.deb 4094da7ab23827836c109d770f2ff93c49538d0a419fac81627355d248c80447 157926 mediawiki-math_1.12.0-2lenny9_amd64.deb Files: 8ed9208eacb07476c37e99f050d6d254 1895 web optional mediawiki_1.12.0-2lenny9.dsc 33c029bce8be2b7b2c9c305d0a310b54 73638 web optional mediawiki_1.12.0-2lenny9.diff.gz e43455d71cbc095aee96c6f518c8f78e 7231350 web optional mediawiki_1.12.0-2lenny9_all.deb 80569a9c31c0e73616a97b1c5c128eda 157926 web optional mediawiki-math_1.12.0-2lenny9_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJO7nY8AAoJEFOUR53TUkxRoPgP/j0hrNjF2I51x8GTM3qUSTF4 NhOvmi2CjuqAdKG6ZnfL+PXohRZiC5+MEQF16QRzhjXO7rmd8Xbxzpbibw47r+2k LWKFyQVsSorXcaVk7RuC71WfDxnMkjoZmKY5NTbQIWuaPpHqEbtPkL1YyvXn6Z30 uyj3bdHd/31OMz5f2MEKj5UMAHw01fhGh0pV+O4gZahv8g7u8vfaT7p/MMalb0Vc Lbbjq2Vg7BoGbagJQogbdKrmSmAIocUZ13tGL5oB4g+M6mEbH1jWZDoODgYMHXl1 XKiK53znsjXqBA9k5/ImwggC1VxPeAK5C1Pv8f+nhoKv396qnFLF04wPIyPZgtzH 91IwfKt7+DYm59xm1QtufwhPUdcO6mAZ4WPGswWiyKBJo1izV292u5TlCGcyZCi1 O+pQABdhNVexLL7TSh3pKP9OhcuoeXwzbVWveYPeBCJQHX3NCTWvtzp7Y1pxCBqs yAMYAzUKIphaBxiq8czjrCHkmdaQJ291gaEVBdq5XVStQaBTmK0fOpvysUg3t/8I Wl5EiQ3acOxLrU84LZuQNzoCb4UoD3tF42dyPFVZywkpXtzh/CvoSuMkWeaneqe+ zIpguHPhrkG30zTko6oFmh78WWkGH2Z5CrvRgvREM8X3hOk8LWw67Y9K4TARhUg0 52l0SWCA8OVuWJYkSGLi =RNKA -----END PGP SIGNATURE-----
--- End Message ---
