Your message dated Fri, 13 Mar 2015 22:02:24 +0000 with message-id <e1ywxey-0005g0...@franck.debian.org> and subject line Bug#774192: fixed in movabletype-opensource 5.1.4+dfsg-4+deb7u2 has caused the Debian Bug report #774192, regarding movabletype-opensource: CVE-2014-9057 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 774192: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774192 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: movabletype-opensource Severity: grave Tags: security Hi, please see https://movabletype.org/news/2014/12/6.0.6.html Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: movabletype-opensource Source-Version: 5.1.4+dfsg-4+deb7u2 We believe that the bug you reported is fixed in the latest version of movabletype-opensource, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 774...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated movabletype-opensource package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Mar 2015 10:56:52 +0100 Source: movabletype-opensource Binary: movabletype-opensource movabletype-plugin-core movabletype-plugin-zemanta Architecture: source all Version: 5.1.4+dfsg-4+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Movable Type and OpenMelody team <pkg-mt-om-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: movabletype-opensource - Well-known blogging engine movabletype-plugin-core - Core Movable Type plugins movabletype-plugin-zemanta - Zemanta Movable Type plugin Closes: 712602 774192 Changes: movabletype-opensource (5.1.4+dfsg-4+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-9057.patch patch. CVE-2014-9057: SQL injection vulnerability in the XML-RPC interface. (Closes: #774192) * Add CVE-2015-1592.patch patch. CVE-2015-1592: The Perl Storable::thaw function is not properly used, allowing remote attackers to include and execute arbitrary local Perl files and possibly remotely execute arbitrary code. * Add CVE-2013-2184.patch patch. CVE-2013-2184: Unsafe use of Storable::thaw in the handling of comments to blog posts. (Closes: #712602) Checksums-Sha1: 20d4e16c77e79d69504f7c8e63288498a6c248ef 2327 movabletype-opensource_5.1.4+dfsg-4+deb7u2.dsc 7b7a022018a5a97a6eda2af8c480e6bbdfafdc67 40969 movabletype-opensource_5.1.4+dfsg-4+deb7u2.debian.tar.gz 790733117b23c4152b394b1e000f52484f675a06 4117052 movabletype-opensource_5.1.4+dfsg-4+deb7u2_all.deb 0877defaf8a32fe817482624aaddf31eae003bb0 170524 movabletype-plugin-core_5.1.4+dfsg-4+deb7u2_all.deb 70590d268d6fc3ab644d6dcd478bd034359f8c2f 16728 movabletype-plugin-zemanta_5.1.4+dfsg-4+deb7u2_all.deb Checksums-Sha256: da5fbced85f5324ef3bcb45eb69589c30b6a2c1e8639c2286146062a5fb3dd08 2327 movabletype-opensource_5.1.4+dfsg-4+deb7u2.dsc a7c15e9ad68f7687bc4ea2a1b26fc9731e3a21a9a3d722935673cf71af591dc7 40969 movabletype-opensource_5.1.4+dfsg-4+deb7u2.debian.tar.gz af9f4ccd3553288245907aab500c57b4e7697d9d841085fd5954fb0233d5b148 4117052 movabletype-opensource_5.1.4+dfsg-4+deb7u2_all.deb 5ab71123ce322b11a8cf78a8dc2e2719022abf265f5d048e427aae23a9c06393 170524 movabletype-plugin-core_5.1.4+dfsg-4+deb7u2_all.deb 17cb69b87da8c886ab3838a2ffee87bcf316b50289e22d05db661787ba79d7c2 16728 movabletype-plugin-zemanta_5.1.4+dfsg-4+deb7u2_all.deb Files: ab66733c94cc8d8e929c26bf51150684 2327 web optional movabletype-opensource_5.1.4+dfsg-4+deb7u2.dsc cb943096d059f244f34773a47ada102d 40969 web optional movabletype-opensource_5.1.4+dfsg-4+deb7u2.debian.tar.gz 24100dd1a007e25e566a38256936f697 4117052 web optional movabletype-opensource_5.1.4+dfsg-4+deb7u2_all.deb 7174613894012ed0bee524cdcb4aa2c1 170524 web optional movabletype-plugin-core_5.1.4+dfsg-4+deb7u2_all.deb 110306048da7047291a4aeb34aa5d93c 16728 web optional movabletype-plugin-zemanta_5.1.4+dfsg-4+deb7u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVAaGsAAoJEAVMuPMTQ89EnNkQAJT5RXlQ4YvvDVcwm/8Cncfh eOF+BToFMZpuCo61bmzrLnec/S2LSd6NvIjQT5FcUcFckR/iwPHK84KGKb0mwa/r nPWuIjcaxgoijs2h0dC02Bx40mHIW8i2fFH7ytT7GJMBs7rO91z9UAdpwrKnw5xg YEB7JnJSDOlr2eFYLU0Z4qgxAVGoI/n5AGXyZYNqwzARSNVKD5FBvR5SJM+huz9f Aj+q6XS49LrQOEXok76OGhE6Q6YYIBNJnHQaChDsf0l6TAsfgaGyBlLleOIBIG1E XtiitXwUjE2XuC6coKUH1IaXmupuUQUbCFnzm3WRgTTceFbcEFgegbEgk6usGPWD sulyRDMblZhOC7mN9PRIsSJk0i6GvywWiBepS898Z+MyM/edEy0f//fjIIMd5CwL v0doN7lBS+gQexHzfJN8PKzDEOt+Ga2DAgLeSQ9zgx2MwycxRhvE88UrkSdMMFEF Gr0oEDentWXMHVRK82PDgycACaTBfxvlqTSjozqFZhR5lOMnyrVCdMMgTJaCzY8w 9IHwFKbk+fZUX+BQ4Tf2YlbC22ZxRUgTq+2YMizmX66HfmrBqf3abuwBUAn6eH6W vQEg92M1ducEDaCZdYzTe2n41XWOynDNN9HZQG235A3xyWwqlrRIKcRA9bIvZlpn ulv96bHNFI3TK+hYuivl =UrVV -----END PGP SIGNATURE-----
--- End Message ---
