Your message dated Sat, 11 Oct 2008 13:47:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#501115: fixed in mediawiki 1:1.13.2-1
has caused the Debian Bug report #501115,
regarding CVE-2008-4408: XSS in mediawiki
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
501115: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501115
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: mediawiki
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mediawiki.
CVE-2008-4408[0]:
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0,
and possibly other versions before 1.13.2 allows remote attackers
to inject arbitrary web script or HTML via the useskin parameter
to an unspecified component.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://web.nvd.nist.gov/view/vuln/detail?execution=e6s1
http://security-tracker.debian.net/tracker/CVE-2008-4408
--- End Message ---
--- Begin Message ---
Source: mediawiki
Source-Version: 1:1.13.2-1
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:
mediawiki-math_1.13.2-1_amd64.deb
to pool/main/m/mediawiki/mediawiki-math_1.13.2-1_amd64.deb
mediawiki_1.13.2-1.diff.gz
to pool/main/m/mediawiki/mediawiki_1.13.2-1.diff.gz
mediawiki_1.13.2-1.dsc
to pool/main/m/mediawiki/mediawiki_1.13.2-1.dsc
mediawiki_1.13.2-1_all.deb
to pool/main/m/mediawiki/mediawiki_1.13.2-1_all.deb
mediawiki_1.13.2.orig.tar.gz
to pool/main/m/mediawiki/mediawiki_1.13.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Romain Beauxis <[EMAIL PROTECTED]> (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 11 Oct 2008 15:02:39 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source all amd64
Version: 1:1.13.2-1
Distribution: unstable
Urgency: low
Maintainer: Mediawiki Maintenance Team <[EMAIL PROTECTED]>
Changed-By: Romain Beauxis <[EMAIL PROTECTED]>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Closes: 501115
Changes:
mediawiki (1:1.13.2-1) unstable; urgency=low
.
* New upstream release
* Fix CVE-2008-4408: XSS in mediawiki:
"Cross-site scripting (XSS) vulnerability allows remote attackers
to inject arbitrary web script or HTML via the useskin parameter
to an unspecified component."
Closes: #501115
Checksums-Sha1:
4182a4d59ac292fb86e68e37a9eb9f0076296494 1524 mediawiki_1.13.2-1.dsc
c6f6e404ee9152deeec63cdc3278a2a57d556efe 9050636 mediawiki_1.13.2.orig.tar.gz
e473990cf381b5bfc8f2871928a601d5a4a8dfcd 29040 mediawiki_1.13.2-1.diff.gz
150375e255d08a62398c2ea8cbccdf748674bb9e 9065566 mediawiki_1.13.2-1_all.deb
4d24ef9575df70cad1360459a74d60e278be3c60 155828
mediawiki-math_1.13.2-1_amd64.deb
Checksums-Sha256:
96bb918cc7d0349890812fdf0c2af474450a0aea5b89a02ea08adcd79773a64c 1524
mediawiki_1.13.2-1.dsc
8c6db8a15f538fe0d8f67f2bcc711929d38f87f99191474733cc218d91fb3792 9050636
mediawiki_1.13.2.orig.tar.gz
c7285d105b59fdb016484cf2687c70e34886de1d604e70dc4c7e4fa45802d16b 29040
mediawiki_1.13.2-1.diff.gz
3d6c40c4543a40a3ae557bafe82860534d369574bda9019491e0af4f6349aba9 9065566
mediawiki_1.13.2-1_all.deb
aa5672a235aa0879d77f65f39a9da223aea3859b5c947499280a9194cad9656c 155828
mediawiki-math_1.13.2-1_amd64.deb
Files:
82c1f2780c0444d2a6f4d42401d3f08b 1524 web optional mediawiki_1.13.2-1.dsc
e10f791ba9ecd02dd751a5676cc84405 9050636 web optional
mediawiki_1.13.2.orig.tar.gz
770da65c6365e29200980a1522ef2517 29040 web optional mediawiki_1.13.2-1.diff.gz
2526ca64528352ecbc91a288f8747279 9065566 web optional
mediawiki_1.13.2-1_all.deb
95bdd23f61663c689c6a5ade317fab33 155828 web optional
mediawiki-math_1.13.2-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJI8KnvAAoJEAC5aaocqV0ZO9oIAJ1lTe6Lo8t17p9tYuBBA1CX
Vz7oRe8enCvonqPO+G56gF/LNUdjIjgwKI4L0PtoPfkGURVig0QkRebkHPmcgVF6
yyZ457brA2NgIQx5KjnlFFVqNX+4ufSWnksmRHLSfikiEYleWd3nCTs4LErXfF/l
+5KkzKytQSjFtREkhwvvEPxM2d3WmGBob4hVBvDygK7nk/22yOoqHAU/zXjHeQID
wzEOlBfCxh6mXskG/1LjuLh/TVoygOxMwg4GOVYUAvyX/rOAVCTVV1EnmYqLCzus
+wP6CstgJn3ZvXk6IVGh9vzoayvdT+Mj0sduMYLmlHSN1VczNulBvDK3W7hhHt4=
=qgGp
-----END PGP SIGNATURE-----
--- End Message ---
