Bug#464778: marked as done (XSS issue in old tdiary version)

[Debian Bug Tracking System]

Your message dated Wed, 17 Dec 2008 21:03:18 +0000
with message-id <e1ld3y6-0006ib...@ries.debian.org>
and subject line Bug#464778: fixed in tdiary 2.0.2+20060303-6
has caused the Debian Bug report #464778,
regarding XSS issue in old tdiary version
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
464778: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464778
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tdiary
Severity: grave
Tags: security patch
Version: 2.0.1-1sarge1 2.0.2+20060303-5

Hi Daigo,
 
 You know, XSS issue was found in tdiary.
 It has already been fixed in unstable and testing but oldstable
 and stable is not fixed yet.

 see http://www.tdiary.org/20071215.html (in Japanese)
 It says 2.0.x has its bug and we can get patches for 2.0.x as
 
http://tdiary.cvs.sourceforge.net/tdiary/core/skel/category.rhtml?view=markup&pathrev=Stable-2_0
 
http://tdiary.cvs.sourceforge.net/tdiary/plugin/category.rb?revision=1.21.2.3&view=markup&pathrev=Stable-2_0

 Please check and apply those patches.

 And upstream says "we will close maitainance for tdiary 2.0.x"
 so maybe we should bump up its package version, next time.

-- 
Regards,

 Hideki Yamane

--- End Message ---

--- Begin Message ---

Source: tdiary
Source-Version: 2.0.2+20060303-6

We believe that the bug you reported is fixed in the latest version of
tdiary, which is due to be installed in the Debian FTP archive:

tdiary-contrib_2.0.2+20060303-6_all.deb
  to pool/main/t/tdiary/tdiary-contrib_2.0.2+20060303-6_all.deb
tdiary-mode_2.0.2+20060303-6_all.deb
  to pool/main/t/tdiary/tdiary-mode_2.0.2+20060303-6_all.deb
tdiary-plugin_2.0.2+20060303-6_all.deb
  to pool/main/t/tdiary/tdiary-plugin_2.0.2+20060303-6_all.deb
tdiary-theme_2.0.2+20060303-6_all.deb
  to pool/main/t/tdiary/tdiary-theme_2.0.2+20060303-6_all.deb
tdiary_2.0.2+20060303-6.diff.gz
  to pool/main/t/tdiary/tdiary_2.0.2+20060303-6.diff.gz
tdiary_2.0.2+20060303-6.dsc
  to pool/main/t/tdiary/tdiary_2.0.2+20060303-6.dsc
tdiary_2.0.2+20060303-6_all.deb
  to pool/main/t/tdiary/tdiary_2.0.2+20060303-6_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 464...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daigo Moriwaki <da...@debian.org> (supplier of updated tdiary package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 26 Oct 2008 08:33:31 -0400
Source: tdiary
Binary: tdiary-plugin tdiary tdiary-mode tdiary-contrib tdiary-theme
Architecture: source all
Version: 2.0.2+20060303-6
Distribution: stable-security
Urgency: low
Maintainer: Daigo Moriwaki <da...@debian.org>
Changed-By: Daigo Moriwaki <da...@debian.org>
Description: 
 tdiary     - a communication-friendly weblog system
 tdiary-contrib - Plugins of tDiary to add functionalities
 tdiary-mode - tDiary editing mode for Emacsen
 tdiary-plugin - Plugins of tDiary to add functionalities
 tdiary-theme - Themes of tDiary to change the design
Closes: 464778
Changes: 
 tdiary (2.0.2+20060303-6) stable-security; urgency=low
 .
   * Added debian/patches/20_xss_category.dpatch: Fixed a Cross Site
     Scripting (XSS) vulnerability, where any scripts may be embedded in
     "Category" pages generated by the category.rb plugin.
     (Closes: #464778)
Files: 
 9cb8e1fffccbf75d14cb0e9f36c14301 684 web optional tdiary_2.0.2+20060303-6.dsc
 bcbddf8f0e756708e3fb62138ba31863 29721 web optional 
tdiary_2.0.2+20060303-6.diff.gz
 2d7f3864fee05493140dac1d2db69769 161788 web optional 
tdiary_2.0.2+20060303-6_all.deb
 8f5f1a50bf9f92833ecb8354a7b36154 1920664 web optional 
tdiary-theme_2.0.2+20060303-6_all.deb
 99e6ed025879e40636086e46cfb87e0c 172166 web optional 
tdiary-plugin_2.0.2+20060303-6_all.deb
 c053c04b9f9f911cc6585845f5a283bd 29594 web optional 
tdiary-mode_2.0.2+20060303-6_all.deb
 c39c11238d26304fe642fd930a0170d1 158024 web optional 
tdiary-contrib_2.0.2+20060303-6_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkEgzIACgkQNcPj+ukc0lBpuQCgy71cu08u7GlQ/2wNix7C0ogd
5h4AoILyKQNtEs1vz/BxZ7RNYEpE5Lkr
=TTXI
-----END PGP SIGNATURE-----

--- End Message ---