Your message dated Fri, 08 May 2026 21:12:49 +0000
with message-id <[email protected]>
and subject line Bug#1136000: fixed in wlc 2.0.0-1
has caused the Debian Bug report #1136000,
regarding wlc: CVE-2026-42150
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1136000: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136000
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wlc
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for wlc.
CVE-2026-42150[0]:
| wlc is a Weblate command-line client using Weblate's REST API. Prior
| to version 2.0.0, the HTML output format in wlc embeds API response
| data into HTML without escaping, allowing cross-site scripting when
| the output is rendered in a browser. This issue has been patched in
| version 2.0.0.
https://github.com/WeblateOrg/wlc/security/advisories/GHSA-gx2m-mcc2-r4p3
https://github.com/WeblateOrg/wlc/pull/1327
https://github.com/WeblateOrg/wlc/commit/0f3e58f6d7457b05d48ef40f579a172c4c8b8469
(2.0.0)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-42150
https://www.cve.org/CVERecord?id=CVE-2026-42150
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: wlc
Source-Version: 2.0.0-1
Done: Alexandre Detiste <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wlc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexandre Detiste <[email protected]> (supplier of updated wlc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 08 May 2026 22:18:48 +0200
Source: wlc
Architecture: source
Version: 2.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Alexandre Detiste <[email protected]>
Closes: 1136000
Changes:
wlc (2.0.0-1) unstable; urgency=medium
.
* New upstream version 2.0.0
CVE-2026-42150: properly escape generated HTML (Closes: #1136000)
* Rename file under debian/ for debhelper 14/15 compatibility
Checksums-Sha1:
b37659fcfdc4439f67804271d99d7366fed276bd 2266 wlc_2.0.0-1.dsc
17a5fee6abd09730640d840f0231a9dd8c6c7443 95676 wlc_2.0.0.orig.tar.gz
c1f1912ce5901d040503eaa4703ad0554cd9fc8a 5436 wlc_2.0.0-1.debian.tar.xz
9796bcd4e724a69d207d24b34e59790d9ce4ad46 7970 wlc_2.0.0-1_source.buildinfo
Checksums-Sha256:
15423f39f0e5c376f5f0a23735059d925bb27286a8efc0bac4214389eb573ad5 2266
wlc_2.0.0-1.dsc
bd499954d3e27e8bb211d2eb9bb5a91cdd4120ed9d5fb8c273296ff22f97d826 95676
wlc_2.0.0.orig.tar.gz
09f22705182832c0fb50825927b7b70d7f4295d5e499448e73d851c50d8d1cdb 5436
wlc_2.0.0-1.debian.tar.xz
02a33a11b58e64d94e908fa8b76276979c450e75d6745f6d3ff2ad4dbc6656a7 7970
wlc_2.0.0-1_source.buildinfo
Files:
ca4dd022df4244944cc8f5eaf5d18c76 2266 python optional wlc_2.0.0-1.dsc
4719b7dcf6d21e31236b855bf1b91b4c 95676 python optional wlc_2.0.0.orig.tar.gz
97f1be9607c9c6422d541feac14ed06f 5436 python optional wlc_2.0.0-1.debian.tar.xz
ef19a8171a685b63ce3cee6f53493a96 7970 python optional
wlc_2.0.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEj23hBDd/OxHnQXSHMfMURUShdBoFAmn+R84RHHRjaGV0QGRl
Ymlhbi5vcmcACgkQMfMURUShdBrNhQ//T6iPHYiJBkMpqLgPvKnD3VvzHYOHW1yG
ypgayPI8exeV7l+D/dBCTe/IT2KhMOed25m//PUBs5A2FV76CBmJkjA5lhDSDgaa
Z9L6isY9wxyafe/TtuaGmtWv3GHpvHdF3cABGRM8J0Fk6LL+UsXjpwLti39GilI+
UppzHYR42Ri3DkvyU5OPYIWml+jm8YelGVgJlhMEaS9Vh/fIjwpSxceDstv4dqha
QIHaPwws85dpREeVIfh/3pTvK6KNChlXSm8yWJYqlYDpO5WlFPX6m2+JVNnKMAzN
vDH60G/wJJTRv9UO7IbYVgDp5kt0iWQ6zcOTpsObz7OMZtA8JOBSwz8LPVUg6eXd
ebc4k4Jf0puQWHaQDgA3OlfVo45MPe54LKU9GhwG1j+1FAlaTQ+nHSo8WgqY3urh
scUn76yPJyRj16yO24JisHb4IelSCyWMYfTh//M6sG9KPySBpgBUpKTNc5sUf52F
L2tg08IGnpqz9xbgK1kcoixdtzdLGmbaFjazjcPWFfOx1MhDrJbQyjF1TkNie/zS
4cZLNVmIPb4SuPlFH3cEUzq15ETH+/PzC2G7KH73JZ9egVvno1UQjkt3SkIt9uOU
SyIrYL8wouJAdclVy5vnaAR+0y2hSUxjRDfFaCJf+qJ70gqD2mtIJUJ1ervx+al4
5onIayolTuo=
=KNfJ
-----END PGP SIGNATURE-----
pgpbw3uVF297K.pgp
Description: PGP signature
--- End Message ---
