Your message dated Sun, 29 Mar 2015 22:06:40 +0000
with message-id <e1yclls-0002gi...@franck.debian.org>
and subject line Bug#781483: fixed in ikiwiki 3.20141016.2
has caused the Debian Bug report #781483,
regarding ikiwiki: cross-site scripting via openid_identifier
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781483: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ikiwiki
Version: 3.20141016.1
Severity: serious
Tags: security fixed-upstream pending
Justification: cookie theft via XSS
Raghav Bisht reported a cross-site scripting vulnerability in the handling
of the openid_identifier parameter. Unfortunately this was reported in
public and while I was 500 miles away from my computer, which is why
it has taken me unacceptably long to do a release.
--- End Message ---
--- Begin Message ---
Source: ikiwiki
Source-Version: 3.20141016.2
We believe that the bug you reported is fixed in the latest version of
ikiwiki, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 781...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <s...@debian.org> (supplier of updated ikiwiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 29 Mar 2015 22:28:15 +0100
Source: ikiwiki
Binary: ikiwiki
Architecture: all source
Version: 3.20141016.2
Distribution: unstable
Urgency: high
Maintainer: Simon McVittie <s...@debian.org>
Changed-By: Simon McVittie <s...@debian.org>
Closes: 781483
Description:
ikiwiki - a wiki compiler
Changes:
ikiwiki (3.20141016.2) unstable; urgency=high
.
[ Joey Hess ]
* Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483)
Checksums-Sha1:
d41cd68ab381ad609a874807d25cdcaece9a8cd1 1921 ikiwiki_3.20141016.2.dsc
b696f4171c63017d008b341ca1609b80667e597d 3257633 ikiwiki_3.20141016.2.tar.gz
707e67a0eb07c5084f9d2b06adcb73b16a512ab5 1981508 ikiwiki_3.20141016.2_all.deb
Checksums-Sha256:
0e5e69860310bdb12c4d2332ca81ab720a89afdb60d6f38893b1a99bf113ed91 1921
ikiwiki_3.20141016.2.dsc
53ff251cb4726f9b974190a270969c9bdebf96812760b6e28690a127b124227a 3257633
ikiwiki_3.20141016.2.tar.gz
6e3accdd8e89e9ad7b01b83fc41c530f2f5012cb0c1e81c77a62a61162723a78 1981508
ikiwiki_3.20141016.2_all.deb
Files:
d769de2dc317bc23347e8d238794d889 1921 web optional ikiwiki_3.20141016.2.dsc
0b55b03dbeac085235862f53788589dc 3257633 web optional
ikiwiki_3.20141016.2.tar.gz
e05e7a9cfbed4fbee6f179b3eb186782 1981508 web optional
ikiwiki_3.20141016.2_all.deb
-----BEGIN PGP SIGNATURE-----
iQIVAwUBVRhyak3o/ypjx8yQAQglOA/9EAgSnHeb/P1SzjQkBy08G++HjwnraBOp
GjaamDkBrL4xUB3cb1vXa/DVVfBFj1LfVmGG9AE8lZR8rogFzh06Mtg+jz/a+R1j
gBJ84W6v8hIFdSZLxju5ehaLMzCAaFN/YpwS1a/SZ1gYSiRIqgIWhmNzJUugGeS5
5O7XF5MHBHEKTd55J/ObMtF+3kiHF/rjz0wxjaJDP+pAG7M7dwmos3xQPCuWT45X
sd6fravpLjl+liZHGoXrEEyDyIBac87nT/vmSgbboHRw9RiPYVTV+okNjrVEn11R
Fm1RXWqK3n2hu43YiPTppwQlw2e1PlqbXNiOiKkHKDC9mhMIGN1OVfvd+xO4g1Ql
Bs3IPgdwVd0df3dOlfei5PTZjRC57FT0YHy9BSM2ojtwDXFQ12a3Di5IIcZFMoyP
HgZsYO1NQ0uDWen8a6MrTDitdTd5ZJgQvoJR9DiAmoca7qiWTQv3mipC6o1gtyMJ
zd+pQvZUmEAUyW9cYQvFNOCEuFP6WfaYYNfHSV2bddasvfl/NbX5mGdSzxJftJL3
SAlbIF8qRPf7+1+3Ymn5WIEPdOuAddDYqs6OlQhqCPXd8+9C5iNsmAmyQO8kyQm5
HanSyqgJwizqpFLmeqA0vn5Z9TyQVEmFhz/fTCgiFV5hd0Z2FXgwdm7jBb2/Dohu
sm+aze6ZHfY=
=0ZOe
-----END PGP SIGNATURE-----
--- End Message ---
