Your message dated Wed, 21 Dec 2011 01:55:39 +0000 with message-id <e1rdbp9-0000bb...@franck.debian.org> and subject line Bug#650434: fixed in mediawiki 1:1.15.5-2squeeze2 has caused the Debian Bug report #650434, regarding mediawiki: two security issues (fixed in 1.17.1) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 650434: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650434 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mediawiki Severity: grave Tags: security patch Hi Mediawiki Maintenance Team, In the 1.17.1 release announce, two grave vulnerabilities have been fixed: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011- November/000104.html Patches are included in the wikimedia bugzilla: https://bugzilla.wikimedia.org/show_bug.cgi?id=32276 https://bugzilla.wikimedia.org/show_bug.cgi?id=32616 Please, consider backport those patches to stable and oldstable since they look affected. Coordinate with the security team a DSA release. Regards, /luciano
--- End Message ---
--- Begin Message ---Source: mediawiki Source-Version: 1:1.15.5-2squeeze2 We believe that the bug you reported is fixed in the latest version of mediawiki, which is due to be installed in the Debian FTP archive: mediawiki-math_1.15.5-2squeeze2_amd64.deb to main/m/mediawiki/mediawiki-math_1.15.5-2squeeze2_amd64.deb mediawiki_1.15.5-2squeeze2.debian.tar.gz to main/m/mediawiki/mediawiki_1.15.5-2squeeze2.debian.tar.gz mediawiki_1.15.5-2squeeze2.dsc to main/m/mediawiki/mediawiki_1.15.5-2squeeze2.dsc mediawiki_1.15.5-2squeeze2_all.deb to main/m/mediawiki/mediawiki_1.15.5-2squeeze2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 650...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonathan Wiltshire <j...@debian.org> (supplier of updated mediawiki package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 18 Dec 2011 23:17:47 +0000 Source: mediawiki Binary: mediawiki mediawiki-math Architecture: source all amd64 Version: 1:1.15.5-2squeeze2 Distribution: stable-security Urgency: low Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-de...@lists.alioth.debian.org> Changed-By: Jonathan Wiltshire <j...@debian.org> Description: mediawiki - website engine for collaborative work mediawiki-math - math rendering plugin for MediaWiki Closes: 650434 Changes: mediawiki (1:1.15.5-2squeeze2) stable-security; urgency=low . * Security fixes from upstream (Closes: #650434): CVE-2011-4360 - page titles on private wikis could be exposed bypassing different page ids to index.php CVE-2011-4361 - action=ajax requests were dispatched to the relevant function without any read permission checks being done CVE-2011-1578 - XSS for IE <= 6 CVE-2011-1579 - CSS validation error in wikitext parser CVE-2011-1580 - access control checks on transwiki import feature CVE-2011-1587 - fix incomplete patch for CVE-2011-1578 Checksums-Sha1: 6eec96a999fa6bcac790ffec4af4733dde62211b 2091 mediawiki_1.15.5-2squeeze2.dsc e850974e953145db159802636d6b674bbc3e00d4 41980 mediawiki_1.15.5-2squeeze2.debian.tar.gz d3828fa4fefaf34e90b6d16ad8433c6c88487d9e 11717010 mediawiki_1.15.5-2squeeze2_all.deb d828430ca3f11e6dee5918e73bc6ca5f6a0a1f74 319380 mediawiki-math_1.15.5-2squeeze2_amd64.deb Checksums-Sha256: 67d0e35865778e68ba67b76443cbeb100b7dbba338d5cbdda56a064493cd9945 2091 mediawiki_1.15.5-2squeeze2.dsc 405a3bedf088e61ecc27b3bba7e944ae985091a70a47c447276684f4212f26ce 41980 mediawiki_1.15.5-2squeeze2.debian.tar.gz b017094a155fcd715806310f7039f29c83e72de195bcab7cb464d1840abcab07 11717010 mediawiki_1.15.5-2squeeze2_all.deb b31ceb74880c589a223d3fa94603bfd9ec2c35dd211571e4e42d74a01f9a1d88 319380 mediawiki-math_1.15.5-2squeeze2_amd64.deb Files: 1c8c81d53be050e3494dda44eb95e6d9 2091 web optional mediawiki_1.15.5-2squeeze2.dsc ebce77dc776a1e7adb4bf9dc68389620 41980 web optional mediawiki_1.15.5-2squeeze2.debian.tar.gz a60185adf6d57748279f354f92bb48b5 11717010 web optional mediawiki_1.15.5-2squeeze2_all.deb 2ac70db4a8642556ec340f18e613a1d1 319380 web optional mediawiki-math_1.15.5-2squeeze2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJO7nYaAAoJEFOUR53TUkxRvswP/1zWG+Jq08h8MVJtga2CdiU6 8mimDwDLbaZ2mpXSdt1QtzKMni6pCMNMRjVxu8R12Kqg1gKAHUElksyyDJ4urSb9 GvcaD3Kz55f6RI6fyYwI2XOC0DfZcvf0Vqyf9Di0hwqvZ9OZW7OVZ0B5AOLXjh9p 6dD8JwTWSRDYzuRKmcUS1H4YgcnNY5NNXfXQGozS147C1OPlD2xS3ySY1sRGhcGz VC3dHtsU16aLDNZUieIB0XPMB+RmrjmFN3uIFdBPjESrrkbJwQjJFMRCxrrFTtGd x8IGO1J+moc6tIthVq3YTqJiH+00W/XtoLgoAYvdZnCDslPYyENbqx4vnQaN8Rug x0xm3dU3CRM+LvqN7uInpf+yK9XmwMH+aqfexU9BqFINcfCYwUDljlLYUfELdWVi EjZIvcR9hf4TAT5tjbc2libbrOWD5pYzKJJ/SJv/6/4yxQIwjwjg6pbUP2Sbizff Gz9YghokUKSTVFALaz4yn12sWlyf3rBPE7dkSU519caAP0ju2hiVT+v5NGnxwL6W JhMRPoOFVLDOC0Wu1Xvd7gMu31Ae0oWeKpjY1wZyVJoNIC/KOJgaT/gSGoJWjfi3 mhLuDZUuY/cbG+bj1I2HTHaZ7kopfDf0ehA7np30+gTndkdXe2wOkRkFLHtQ5jzG g9o6TPJoLMCvcvYGBH++ =ewaM -----END PGP SIGNATURE-----
--- End Message ---
