Your message dated Mon, 15 Jan 2007 16:47:05 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#406238: fixed in mediawiki1.7 1.7.1-6 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: mediawiki Version: 1:1.7 Severity: important Tags: security I don't know if mediawiki is vunerable with this bug. A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that $wgUseAjax is set to true, which is not its default setting. The vulnerability is reported in the 1.6.x branch before 1.6.9, the 1.7.x branch before 1.7.2, and the 1.8.x branch before 1.8.3. Solution: Update to version 1.6.9, 1.7.2 or 1.8.3. Thanks in advanced. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) regards, -- .''`. : :' : Alex de Oliveira Silva | enerv `. `' www.enerv.net `-
--- End Message ---
--- Begin Message ---Source: mediawiki1.7 Source-Version: 1.7.1-6 We believe that the bug you reported is fixed in the latest version of mediawiki1.7, which is due to be installed in the Debian FTP archive: mediawiki1.7-math_1.7.1-6_i386.deb to pool/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-6_i386.deb mediawiki1.7_1.7.1-6.diff.gz to pool/main/m/mediawiki1.7/mediawiki1.7_1.7.1-6.diff.gz mediawiki1.7_1.7.1-6.dsc to pool/main/m/mediawiki1.7/mediawiki1.7_1.7.1-6.dsc mediawiki1.7_1.7.1-6_all.deb to pool/main/m/mediawiki1.7/mediawiki1.7_1.7.1-6_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Romain Beauxis <[EMAIL PROTECTED]> (supplier of updated mediawiki1.7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 11 Jan 2007 01:35:34 +0100 Source: mediawiki1.7 Binary: mediawiki1.7 mediawiki1.7-math Architecture: source all i386 Version: 1.7.1-6 Distribution: unstable Urgency: high Maintainer: Mediawiki Maintenance Team <[EMAIL PROTECTED]> Changed-By: Romain Beauxis <[EMAIL PROTECTED]> Description: mediawiki1.7 - website engine for collaborative work mediawiki1.7-math - math rendering plugin for MediaWiki Closes: 404798 406238 Changes: mediawiki1.7 (1.7.1-6) unstable; urgency=high . * Backported security fix from 1.7.2 release "An XSS injection vulnerability was located in the AJAX support module, affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled." See: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES Closes: #406238 * Added spanish debconf translation update, thanks to Javier Fernández-Sanguino Peña (Closes: #404798) Files: 07eabef80fe6e2a61d4a16677d80db16 892 web optional mediawiki1.7_1.7.1-6.dsc 65e570cac5d9a5fdb4f6552361db5b06 19568 web optional mediawiki1.7_1.7.1-6.diff.gz deb1fa2f82642b43d3f76b5bb579e662 3260222 web optional mediawiki1.7_1.7.1-6_all.deb 0810e066ec323bcaa5a67a364efabd48 121644 web optional mediawiki1.7-math_1.7.1-6_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFq64hsczZcpAmcIYRAvFOAJ4oWu+VhxQJPwlVkczBmeBSq5HXlQCghnkc XEQewU1cTYEluc0S2ZP2FHI= =51Sd -----END PGP SIGNATURE-----
--- End Message ---
