Your message dated Sun, 09 Jan 2011 01:54:21 +0000
with message-id <e1pbku9-0008pq...@franck.debian.org>
and subject line Bug#606311: fixed in movabletype-opensource 4.2.3-1+lenny2
has caused the Debian Bug report #606311,
regarding movabletype-opensource: Unspecified XSS and SQL injection
vulnerabilities fixed in 4.35
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
606311: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606311
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: movabletype-opensource
Version: 4.3.4+dfsg-2
Severity: grave
Tags: security
Justification: user security hole
>From
><http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html>:
"Movable Type 5.04 and Movable Type 4.35 are mandatory security updates
for all users. These updates resolve multiple vulnerabilities discovered
in the previous versions of Movable Type 5.x and Movable Type 4.x.
Impact
A remote attacker could execute arbitrary code in a logged-in users' web
browser (XSS). A remote attacker could read or modify the contents in the
system under certain circumstances (SQL injection)."
I will look at uploading 4.35 to unstable, and assessing the impact on
stable, this evening.
--- End Message ---
--- Begin Message ---
Source: movabletype-opensource
Source-Version: 4.2.3-1+lenny2
We believe that the bug you reported is fixed in the latest version of
movabletype-opensource, which is due to be installed in the Debian FTP archive:
movabletype-opensource_4.2.3-1+lenny2.diff.gz
to main/m/movabletype-opensource/movabletype-opensource_4.2.3-1+lenny2.diff.gz
movabletype-opensource_4.2.3-1+lenny2.dsc
to main/m/movabletype-opensource/movabletype-opensource_4.2.3-1+lenny2.dsc
movabletype-opensource_4.2.3-1+lenny2_all.deb
to main/m/movabletype-opensource/movabletype-opensource_4.2.3-1+lenny2_all.deb
movabletype-plugin-core_4.2.3-1+lenny2_all.deb
to
main/m/movabletype-opensource/movabletype-plugin-core_4.2.3-1+lenny2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 606...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <d...@earth.li> (supplier of updated movabletype-opensource
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 10 Dec 2010 22:16:07 +0000
Source: movabletype-opensource
Binary: movabletype-opensource movabletype-plugin-core
Architecture: source all
Version: 4.2.3-1+lenny2
Distribution: stable
Urgency: low
Maintainer: Dominic Hargreaves <d...@earth.li>
Changed-By: Dominic Hargreaves <d...@earth.li>
Description:
movabletype-opensource - A well-known blogging engine
movabletype-plugin-core - Core Movable Type plugins
Closes: 606311
Changes:
movabletype-opensource (4.2.3-1+lenny2) stable; urgency=low
.
* Various XSS/SQL security fixes backported from 4.35 (closes: #606311)
Checksums-Sha1:
c4bbb3dfab7f45a7efbeea66254e4708df1fe263 1217
movabletype-opensource_4.2.3-1+lenny2.dsc
4cb4b50040aba0dfad71b8d3fead4378fc65c7cb 22354
movabletype-opensource_4.2.3-1+lenny2.diff.gz
c9edd189a2fd35eaa10fa432b23514e24cb3a495 2945014
movabletype-opensource_4.2.3-1+lenny2_all.deb
30a84e196d2d96da7e72d8540263ebb82c2a89c7 165936
movabletype-plugin-core_4.2.3-1+lenny2_all.deb
Checksums-Sha256:
e94ecc80e10ac0d2f10623b8a783f3a703194bf3fd7cb13d22127669b56097d4 1217
movabletype-opensource_4.2.3-1+lenny2.dsc
c911d7c3e10d60c5d09baa366fe4610bada9b4b8ed2721b97cece8a6e0f3921e 22354
movabletype-opensource_4.2.3-1+lenny2.diff.gz
b7e6ca027a2d8d85c055f589dc76051fb965e193906016c63cff910a2d5326e1 2945014
movabletype-opensource_4.2.3-1+lenny2_all.deb
75d2af0f6e13ea9314e661d506e4ce9edf954ac1ee3152586eccbfe3a5f8b3e1 165936
movabletype-plugin-core_4.2.3-1+lenny2_all.deb
Files:
7a7680d24e8577d0e342b10054968906 1217 web optional
movabletype-opensource_4.2.3-1+lenny2.dsc
714e9e9e856a9f937668e402541ca9cb 22354 web optional
movabletype-opensource_4.2.3-1+lenny2.diff.gz
340355d4cc33fe87b0414158d828c70d 2945014 web optional
movabletype-opensource_4.2.3-1+lenny2_all.deb
271b3f5605c0bf385872607d4a756ca1 165936 web optional
movabletype-plugin-core_4.2.3-1+lenny2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNKKopYzuFKFF44qURAhtCAKDeW31fzm3X3B16h6AoALu9AW+kcQCgtGQE
wGbCgEibKa0CYxAyNfvX7Dg=
=bzuo
-----END PGP SIGNATURE-----
--- End Message ---
