Your message dated Tue, 07 Apr 2015 19:47:05 +0000 with message-id <e1yfzsj-0000gf...@franck.debian.org> and subject line Bug#781483: fixed in ikiwiki 3.20120629.2 has caused the Debian Bug report #781483, regarding ikiwiki: CVE-2015-2793: cross-site scripting via openid_identifier to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781483: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ikiwiki Version: 3.20141016.1 Severity: serious Tags: security fixed-upstream pending Justification: cookie theft via XSS Raghav Bisht reported a cross-site scripting vulnerability in the handling of the openid_identifier parameter. Unfortunately this was reported in public and while I was 500 miles away from my computer, which is why it has taken me unacceptably long to do a release.
--- End Message ---
--- Begin Message ---Source: ikiwiki Source-Version: 3.20120629.2 We believe that the bug you reported is fixed in the latest version of ikiwiki, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 781...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie <s...@debian.org> (supplier of updated ikiwiki package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 06 Apr 2015 20:34:51 +0100 Source: ikiwiki Binary: ikiwiki Architecture: all source Version: 3.20120629.2 Distribution: wheezy Urgency: medium Maintainer: Simon McVittie <s...@debian.org> Changed-By: Simon McVittie <s...@debian.org> Closes: 781483 Description: ikiwiki - a wiki compiler Changes: ikiwiki (3.20120629.2) wheezy; urgency=medium . [ Joey Hess ] * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483; CVE-2015-2793) Checksums-Sha1: 00cc739fe41b410820e45c864dfdcba074852d31 1794 ikiwiki_3.20120629.2.dsc 9c2c6406b4f9b60475e7f950598d2be97349e627 2777104 ikiwiki_3.20120629.2.tar.gz e57ec19e21371c0a6f75cbde0821b2af866f6949 1802842 ikiwiki_3.20120629.2_all.deb Checksums-Sha256: a060f97be1455c005547d413534be48eb68e99f3f5dce9c8f8460840ea2c2e57 1794 ikiwiki_3.20120629.2.dsc 3d7261de05da5787731e2147ce53fbd2bc98b4e3138f62b3cf13d680079c689d 2777104 ikiwiki_3.20120629.2.tar.gz f42d2dcccd4882f8a85bc474e8183da7e810c2ec5c2871836eb439da510c1bea 1802842 ikiwiki_3.20120629.2_all.deb Files: 0a96ca1b26b5022dddaba0f9aa270b64 1794 web optional ikiwiki_3.20120629.2.dsc 13a9475c1c185267a3df377786803bd3 2777104 web optional ikiwiki_3.20120629.2.tar.gz e2c3158191f36f485e7d78198041ff5b 1802842 web optional ikiwiki_3.20120629.2_all.deb -----BEGIN PGP SIGNATURE----- iQIVAwUBVSOP1k3o/ypjx8yQAQhunw/8CMtU4cSRUd/A+elzNi+aF1uzWVBUZnHz e3c+Q7slTz20pN0nNtz+w2CWe5olvnOwt8wKDym/U077zCxkgqf5D8d6tYspKEU0 DiuycDYcmQbWkQcbiSGANmjUOJ/+4XMrepQsVW4sungcu0ZbVqzKSrHu0N2JOjKR ZM+5YCg2BuSpoazcRKIka65tLLQkrlesUen3d3RCfRoTjceQQxWqFILMJbS8mRBa yUaiIwQJvxTtPgl80lyZQ/Gx9wKxweezPpHpeClR9E4QZF/AeeptAyx/i0WFZOWP CVKEvDaWA3lHRHZsqX+qUPlB6RYs7p0dI8RCPcnKVJNMvm+MQ75+GzDfYKd+83AN QkXBRl/lX9XvKykv/CwtgkhusJczZNa/Xm8sY144JS6TpFLB+xvh1HSUrGh1i1sX FYJ/y51ioE/R/sMMcT51JaECx6hEYoSZpbLq9NS5+X0dGoYcYt/XMBQZ6eZnIMVI FIsCp0K9AhvQ8ZKcIdEIu1nTP53yoYnRpsDHTlQksJXmPati0ANbd9Oa4R+xBJo7 H7s8PWUl+B1d8qal+GPcyM+i4wJYl5vMdUGPaUEAmpZonpq8gcuRMLRahtbu04mS KoDuMaMLTsRTWgEVAhwYuGIsgPzZYAAJ/xSOvSnIzcbEKRAwzmsiJxGK/S4qyv7u jMugrphuHes= =GSip -----END PGP SIGNATURE-----
--- End Message ---
