Your message dated Tue, 22 Jan 2013 21:32:04 +0000
with message-id <e1txlrs-0001qc...@franck.debian.org>
and subject line Bug#697666: fixed in movabletype-opensource
4.3.8+dfsg-0+squeeze3
has caused the Debian Bug report #697666,
regarding movabletype-opensource: mt-upgrade.cgi vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
697666: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697666
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: movabletype-opensource
Version: 4.3.8+dfsg-0+squeeze2
Severity: grave
Justification: remote command execution
Tags: security patch
----- Forwarded message from Takeshi Nick Osanai <tosa...@sixapart.com> -----
Date: Tue, 8 Jan 2013 11:26:38 +0900
From: Takeshi Nick Osanai <tosa...@sixapart.com>
To: mtos-dev <mtos-...@ml.sixapart.com>
Subject: [Mtos-dev] Movable Type 4.38 patch to fix a known upgrading
security issue
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
version=3.3.1
X-Urchin-Spam-Score-Int: -18
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.2
Dear MT community members,
Six Apart has found a security issue and fixed it in Movable Type 4.2
and MT 4.3.
For those of you who use Movable Type 4.2 and 4.3, Six Apart strongly
recommends that you upgrade to the latest released version of Movable
Type or execute the steps written in below entry.
This vulnerability does not exist in Movable Type versions 5.0 or
later, including the latest Movable Type, version 5.2.2.
For more detail information, please see the entry.
http://www.movabletype.org/2013/01/movable_type_438_patch.html
--
------------------------------------------------------------------------
Takeshi "Nick" Osanai
Movable Type Product and Marketing Manager
Six Apart, Ltd.
tosa...@sixapart.com
http://www.movabletype.org
http://www.movabletype.jp
------------------------------------------------------------------------
_______________________________________________
Mtos-dev mailing list
mtos-...@ml.sixapart.com
http://ml.sixapart.com/mailman/listinfo/mtos-dev
----- End forwarded message -----
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--- End Message ---
--- Begin Message ---
Source: movabletype-opensource
Source-Version: 4.3.8+dfsg-0+squeeze3
We believe that the bug you reported is fixed in the latest version of
movabletype-opensource, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 697...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <d...@earth.li> (supplier of updated movabletype-opensource
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 20 Jan 2013 21:18:47 +0000
Source: movabletype-opensource
Binary: movabletype-opensource movabletype-plugin-core
movabletype-plugin-zemanta
Architecture: source all
Version: 4.3.8+dfsg-0+squeeze3
Distribution: stable-security
Urgency: low
Maintainer: Dominic Hargreaves <d...@earth.li>
Changed-By: Dominic Hargreaves <d...@earth.li>
Description:
movabletype-opensource - A well-known blogging engine
movabletype-plugin-core - Core Movable Type plugins
movabletype-plugin-zemanta - Zemanta Movable Type plugin
Closes: 697666
Changes:
movabletype-opensource (4.3.8+dfsg-0+squeeze3) stable-security; urgency=low
.
* Include patch fixing remote execution and SQL injection
vulnerability in mt-upgrade.cgi (closes: #697666)
Checksums-Sha1:
84077f7f480078b541a9367bea145632c002161f 1289
movabletype-opensource_4.3.8+dfsg-0+squeeze3.dsc
3ec3fd401226f54aa7c3336427f788e04cec48cb 27786
movabletype-opensource_4.3.8+dfsg-0+squeeze3.diff.gz
7e1f90db2cc666a389ffa11828b3a92a9ac0e452 2917350
movabletype-opensource_4.3.8+dfsg-0+squeeze3_all.deb
ca2952765aa9c5ceb87347fdec2e9dfabc65d614 172016
movabletype-plugin-core_4.3.8+dfsg-0+squeeze3_all.deb
0b0e62338171442560ed515d1fb1c03957db9fc5 14992
movabletype-plugin-zemanta_4.3.8+dfsg-0+squeeze3_all.deb
Checksums-Sha256:
a0055942344a9fd669713b933db7f545bf2100be156b80e9854da74df5d88c90 1289
movabletype-opensource_4.3.8+dfsg-0+squeeze3.dsc
226cd31d211e586d6c3cdf9b3cbf27eec263dec718e1f654ac5d3f1fff38c4c1 27786
movabletype-opensource_4.3.8+dfsg-0+squeeze3.diff.gz
39eaf88166697e5d2f8985bc13f299da8bcd103a060d372f5482cb553ae99cd5 2917350
movabletype-opensource_4.3.8+dfsg-0+squeeze3_all.deb
402336e17c253c7fb3b33649c6388067c26ce781dcbefbfb474ec9b7926a5102 172016
movabletype-plugin-core_4.3.8+dfsg-0+squeeze3_all.deb
253f6154bed98fa766e0ae093f9e5f587d0ea8a0fa23085784906b45d3c942c2 14992
movabletype-plugin-zemanta_4.3.8+dfsg-0+squeeze3_all.deb
Files:
4812fbddfc6101da8a9913b981065fdb 1289 web optional
movabletype-opensource_4.3.8+dfsg-0+squeeze3.dsc
b03f119ed02949d7e7e5a4f6fca88816 27786 web optional
movabletype-opensource_4.3.8+dfsg-0+squeeze3.diff.gz
a36eee2c2ac3300791915bbba68e548e 2917350 web optional
movabletype-opensource_4.3.8+dfsg-0+squeeze3_all.deb
5e73a3114a57c79b8920d1921402478a 172016 web optional
movabletype-plugin-core_4.3.8+dfsg-0+squeeze3_all.deb
3ce4053a08e22f554e3dcb874775b6da 14992 web optional
movabletype-plugin-zemanta_4.3.8+dfsg-0+squeeze3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFQ/GBZYzuFKFF44qURAj40AKD1cJ4x7E40khtEXU6LYrxkw83bMwCgh4yM
D5b7IrSGHx2BUyw+t1cnvdg=
=wPcZ
-----END PGP SIGNATURE-----
--- End Message ---
