Your message dated Fri, 13 Dec 2013 21:20:48 +0000 with message-id <e1vraac-0005jg...@franck.debian.org> and subject line Bug#729629: fixed in mediawiki 1:1.19.8+dfsg-2.2 has caused the Debian Bug report #729629, regarding mediawiki: CVE-2013-4567, CVE-2013-4568 and CVE-2013-4572 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 729629: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729629 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mediawiki Severity: grave Tags: security upstream patch fixed-upstream Hi To have this issues tracked: Upstream announced new security releases for mediawiki: http://lists.wikimedia.org/pipermail/wikitech-l/2013-November/073115.html for mediawiki these are: * Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist (CVE-2013-4567, CVE-2013-4568). <https://bugzilla.wikimedia.org/show_bug.cgi?id=55332> * Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users (CVE-2013-4572). <https://bugzilla.wikimedia.org/show_bug.cgi?id=53032> Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mediawiki Source-Version: 1:1.19.8+dfsg-2.2 We believe that the bug you reported is fixed in the latest version of mediawiki, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 729...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <taf...@debian.org> (supplier of updated mediawiki package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 08 Dec 2013 16:13:40 -0400 Source: mediawiki Binary: mediawiki mediawiki-classes Architecture: source all Version: 1:1.19.8+dfsg-2.2 Distribution: unstable Urgency: high Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-de...@lists.alioth.debian.org> Changed-By: David Prévot <taf...@debian.org> Description: mediawiki - website engine for collaborative work mediawiki-classes - website engine for collaborative work - standalone classes Closes: 729629 731381 Changes: mediawiki (1:1.19.8+dfsg-2.2) unstable; urgency=high . * Non-maintainer upload * Security fixes (Closes: #729629): - Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist [CVE-2013-4567, CVE-2013-4568] - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users [CVE-2013-4572] * New Polish debconf translation, thanks to Magdalena Z. Kubot (Closes: #731381) Checksums-Sha1: c48906798a9b1496d636660b46754f7adbb263ed 1853 mediawiki_1.19.8+dfsg-2.2.dsc 098bf5fb07ef0e5d7955a0328dc3af3a1ca7ed2c 53660 mediawiki_1.19.8+dfsg-2.2.debian.tar.gz b76ddf5c1024aa98125aae5b8f921532dca20998 11726608 mediawiki_1.19.8+dfsg-2.2_all.deb 23979f747a6d714ad258cbf08c9f665d3a17d5e7 236188 mediawiki-classes_1.19.8+dfsg-2.2_all.deb Checksums-Sha256: 835e60b6adaa7309750a03e3bb7c2f98f37558700c7c2a40d31ea0972488c95a 1853 mediawiki_1.19.8+dfsg-2.2.dsc f04460c72b51d5833a799a19fafc6187eded20f4f1ab519b5e9ae486f4601771 53660 mediawiki_1.19.8+dfsg-2.2.debian.tar.gz a5aedeb151b6a829ab529bd2785368df95c388975a9b82b6be841fb97dc957a1 11726608 mediawiki_1.19.8+dfsg-2.2_all.deb 73a3f5fd66bbd5211b2035593005e1be78cfd14a0d577e7c7e8e4575a3f8a198 236188 mediawiki-classes_1.19.8+dfsg-2.2_all.deb Files: 764e12343537c8c0257698ae6a2a8808 1853 web optional mediawiki_1.19.8+dfsg-2.2.dsc cd6ee552dc1d740542a9b55665547d8d 53660 web optional mediawiki_1.19.8+dfsg-2.2.debian.tar.gz de750724e828a2dbeeee803c77e24c67 11726608 web optional mediawiki_1.19.8+dfsg-2.2_all.deb 32c7cd5864cb4479dfa8b71d5d7cabd7 236188 web optional mediawiki-classes_1.19.8+dfsg-2.2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQEcBAEBCAAGBQJSpNToAAoJEAWMHPlE9r08wjcH/2NZDbXaa+00vaBZ3tA/r6eR FTGulRw5MzSgK3fJlcL3gwL+N6aLF6Bcul+bHEaP/Cqt7HTHNUjmPOPkR7V56vUg 93K07nHUDoznQlzkRZTBK2o6r9ykFjF7rBGXYFMCaS80fBFHiyZmIGRl6DCitZpg QJSo2AcRydWYhhO2ZlA6yGJOLQt26afnDtShJY9x9GFG4ooNW+UY5C+rhrBcwe0e uqNUdYrKvHI8RWjszFYm5PYQVsvZsLJDhj7rCKoq15H9roQECsMqpI2OY1SC0tcY 32BERCzQidB+JyKRPFvoPeoTohDle2m85PJrwWzIvJetyD2YD2+9ruAucVwWlWI= =mDul -----END PGP SIGNATURE-----
--- End Message ---
