Your message dated Sun, 29 Mar 2015 21:49:40 +0000 with message-id <e1ycl5q-00070f...@franck.debian.org> and subject line Bug#781483: fixed in ikiwiki 3.20150329 has caused the Debian Bug report #781483, regarding ikiwiki: cross-site scripting via openid_identifier to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781483: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ikiwiki Version: 3.20141016.1 Severity: serious Tags: security fixed-upstream pending Justification: cookie theft via XSS Raghav Bisht reported a cross-site scripting vulnerability in the handling of the openid_identifier parameter. Unfortunately this was reported in public and while I was 500 miles away from my computer, which is why it has taken me unacceptably long to do a release.
--- End Message ---
--- Begin Message ---Source: ikiwiki Source-Version: 3.20150329 We believe that the bug you reported is fixed in the latest version of ikiwiki, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 781...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie <s...@debian.org> (supplier of updated ikiwiki package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 29 Mar 2015 21:48:24 +0100 Source: ikiwiki Binary: ikiwiki Architecture: all source Version: 3.20150329 Distribution: experimental Urgency: high Maintainer: Simon McVittie <s...@debian.org> Changed-By: Simon McVittie <s...@debian.org> Closes: 776181 779365 781483 Description: ikiwiki - a wiki compiler Changes: ikiwiki (3.20150329) experimental; urgency=high . [ Joey Hess ] * Fix NULL ptr deref on ENOMEM in wrapper. (Thanks, igli) . [ Simon McVittie ] * Really don't double-decode CGI submissions, even on Perl versions that bundle an old enough Encode.pm for that not to be a problem: the system might have a newer Encode.pm installed separately, like Fedora 20. (Closes: #776181; thanks, Anders Kaseorg) * If neither timezone nor TZ is set, set both to :/etc/localtime if we're on a GNU system and that file exists, or GMT otherwise * t/inline.t: accept translations of "Add a new post titled:" (Closes: #779365) * Consistently document command-line options as e.g. --refresh, not -refresh . [ Amitai Schlair ] * In VCS-committed anonymous comments, link to url. . [ Joey Hess ] * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483) Checksums-Sha1: d314953c2f3ac533a435b1a0364e5c10acbfd060 1893 ikiwiki_3.20150329.dsc 413ec18620360070ab5f02554143b8420b6d96ab 3311195 ikiwiki_3.20150329.tar.gz 1edabc9b167d1b3f22563065bc486ea59dddc244 1993458 ikiwiki_3.20150329_all.deb Checksums-Sha256: 0a944808bbbabc0c924bbb9189bfeefd7d2ce829ba35960f974655833e424205 1893 ikiwiki_3.20150329.dsc c898001d8fcfa99e2abb7f804633f628f1c00f4be22adc60757014b3c10381d5 3311195 ikiwiki_3.20150329.tar.gz af4025b66eab0e3785ed494f3904b5fc7743a399212dbc51bdc258d3a565c62f 1993458 ikiwiki_3.20150329_all.deb Files: 84e03ed20489b982c83c247ce83f8868 1893 web optional ikiwiki_3.20150329.dsc 99ccfbca19be4ba6a67487607f62609e 3311195 web optional ikiwiki_3.20150329.tar.gz ac07d9d70eb40842cabe9a5469d53d5b 1993458 web optional ikiwiki_3.20150329_all.deb -----BEGIN PGP SIGNATURE----- iQIVAwUBVRhtWE3o/ypjx8yQAQi6BA//cMwdXyMDAxm4iV1FJkSiTyORLLs6mIfA fhlTKK4ilNM8uQz9XhHkfBPiq3PbaxPgq+Wo+A32pJ42L3iUUP2LXzfVIRZQOwPX VxO1nAPYSV7NJRgm3A9xcB+jKDUYPyOI8kEr86hY5Tl3DKrRVmZB15sP9qmV67x7 YvpRUJmCeuBIImLQNVVzW+gmT8dj2bHkYU1P93DJX+HiYSrr0EaZQjt3eQmUdLFu sCRDvBbY4BKfs/1YTGMViPlFX9b9hN/09ZBWedBt2VqHfx3eO2h7abjVN8Ee59lL SW5BSKH1fWgw0Aor61vXcWsr98YlEYbJZMq7T+SC/TOP156NpY1kiT8x5ASKTdYr tgLl5s3e9im6oM5TiivymIlRgVfW+O/IoQDGPse4h3X8H8WKY2+M0/GwieOoqUmH ++H85s1PU6JUKW8HTjXoeUD4aThX6UFDz7cXxsMQwFAu3iHzv5Y0TkSA6VqWyUe8 aERTjW2Y3uPVPEZVXwiPzj1u5gSdilz0MN5d8QQzHiBlIBu4dyrMOMsvyLI0alZE mnAtN1F/GeIwLUIubeatzwmhBMNHEQgn5YfhW79JQdh0nQQYIrnHXUwDEY46dAkc xh3ZPL28ysOZp2j7IDUimMzv7BRE/+1RjIdkb/Ii1hMuK/sLOn2z4UIDxgiGn/Yl GCJN5HunvmQ= =4x36 -----END PGP SIGNATURE-----
--- End Message ---
