Bug#514547: marked as done (mediawiki: new upstream release, fixes security issues in the installer)
Your message dated Sat, 11 Apr 2009 16:47:31 +
with message-id e1lsgmd-0001vq...@ries.debian.org
and subject line Bug#514547: fixed in mediawiki 1:1.12.0-2lenny3
has caused the Debian Bug report #514547,
regarding mediawiki: new upstream release, fixes security issues in the
installer
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
514547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: mediawiki
Version: 1:1.12.0-2lenny3
Severity: grave
Tags: security
Justification: user security hole
Hi all !
A new upstream release of mediawiki was done in order to fix security
issues in the installer:
This is a security release of 1.13.4, 1.12.4 and 1.6.12.
A number of cross-site scripting (XSS) security vulnerabilities were
discovered in the web-based installer (config/index.php). These vulnerabilities
all
require a live installer -- once the installer has been used to
install a wiki, it is deactivated.
Note that cross-site scripting vulnerabilities can be used to attack
any website in the same cookie domain. So if you have an uninstalled copy of
MediaWiki on the same site as an active web service, MediaWiki could be used to
attack the active service.
If you are hosting an old copy of MediaWiki that you have never
installed, we advise you to remove it from the web.
Additionally, we are releasing 1.14.0rc1, the first release candidate
of the 2009 Q1 branch. Brave souls are encouraged to download it and
try it out.
Note that we have disabled SQLite installation in 1.14, due to the
incompleteness of the implementation. We intend to restore it in 1.15.
We're not sure how many people are using SQLite, so contact us if our
treatment of it is causing you problems.
I have already imported the patch in the lenny/ branch on the SVN[1], but I
have absolutely
no time to do serious testings, so any interested contributor would be much
welcome :)
Romain
[1]: svn{+ssh}://svn.debian.org/svn/pkg-mediawiki/mediawiki/lenny
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages mediawiki depends on:
ii apache2-mpm-worker [httpd 2.2.11-1 Apache HTTP Server - high speed th
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii mime-support 3.44-1 MIME files 'mime.types' 'mailcap
ii php5 5.2.6.dfsg.1-2 server-side, HTML-embedded scripti
ii php5-mysql5.2.6.dfsg.1-2 MySQL module for php5
Versions of packages mediawiki recommends:
ii mysql-server-5.0 [mysql-s 5.0.67-1 MySQL database server binaries
ii php5-cli 5.2.6.dfsg.1-2 command-line interpreter for the p
Versions of packages mediawiki suggests:
pn clamavnone (no description available)
ii imagemagick 7:6.3.7.9.dfsg1-2.1+lenny1 image manipulation programs
pn mediawiki-mat none (no description available)
pn memcached none (no description available)
-- debconf information:
mediawiki/webserver: apache2
---End Message---
---BeginMessage---
Source: mediawiki
Source-Version: 1:1.12.0-2lenny3
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:
mediawiki-math_1.12.0-2lenny3_amd64.deb
to pool/main/m/mediawiki/mediawiki-math_1.12.0-2lenny3_amd64.deb
mediawiki_1.12.0-2lenny3.diff.gz
to pool/main/m/mediawiki/mediawiki_1.12.0-2lenny3.diff.gz
mediawiki_1.12.0-2lenny3.dsc
to pool/main/m/mediawiki/mediawiki_1.12.0-2lenny3.dsc
mediawiki_1.12.0-2lenny3_all.deb
to pool/main/m/mediawiki/mediawiki_1.12.0-2lenny3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 514...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Romain Beauxis to...@rastageeks.org (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bug#514547: marked as done (mediawiki: new upstream release, fixes security issues in the installer)
Your message dated Wed, 25 Mar 2009 19:53:58 +
with message-id e1lmzak-0005rb...@ries.debian.org
and subject line Bug#514547: fixed in mediawiki 1:1.12.0-2lenny3
has caused the Debian Bug report #514547,
regarding mediawiki: new upstream release, fixes security issues in the
installer
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
514547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: mediawiki
Version: 1:1.12.0-2lenny3
Severity: grave
Tags: security
Justification: user security hole
Hi all !
A new upstream release of mediawiki was done in order to fix security
issues in the installer:
This is a security release of 1.13.4, 1.12.4 and 1.6.12.
A number of cross-site scripting (XSS) security vulnerabilities were
discovered in the web-based installer (config/index.php). These vulnerabilities
all
require a live installer -- once the installer has been used to
install a wiki, it is deactivated.
Note that cross-site scripting vulnerabilities can be used to attack
any website in the same cookie domain. So if you have an uninstalled copy of
MediaWiki on the same site as an active web service, MediaWiki could be used to
attack the active service.
If you are hosting an old copy of MediaWiki that you have never
installed, we advise you to remove it from the web.
Additionally, we are releasing 1.14.0rc1, the first release candidate
of the 2009 Q1 branch. Brave souls are encouraged to download it and
try it out.
Note that we have disabled SQLite installation in 1.14, due to the
incompleteness of the implementation. We intend to restore it in 1.15.
We're not sure how many people are using SQLite, so contact us if our
treatment of it is causing you problems.
I have already imported the patch in the lenny/ branch on the SVN[1], but I
have absolutely
no time to do serious testings, so any interested contributor would be much
welcome :)
Romain
[1]: svn{+ssh}://svn.debian.org/svn/pkg-mediawiki/mediawiki/lenny
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages mediawiki depends on:
ii apache2-mpm-worker [httpd 2.2.11-1 Apache HTTP Server - high speed th
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii mime-support 3.44-1 MIME files 'mime.types' 'mailcap
ii php5 5.2.6.dfsg.1-2 server-side, HTML-embedded scripti
ii php5-mysql5.2.6.dfsg.1-2 MySQL module for php5
Versions of packages mediawiki recommends:
ii mysql-server-5.0 [mysql-s 5.0.67-1 MySQL database server binaries
ii php5-cli 5.2.6.dfsg.1-2 command-line interpreter for the p
Versions of packages mediawiki suggests:
pn clamavnone (no description available)
ii imagemagick 7:6.3.7.9.dfsg1-2.1+lenny1 image manipulation programs
pn mediawiki-mat none (no description available)
pn memcached none (no description available)
-- debconf information:
mediawiki/webserver: apache2
---End Message---
---BeginMessage---
Source: mediawiki
Source-Version: 1:1.12.0-2lenny3
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:
mediawiki-math_1.12.0-2lenny3_amd64.deb
to pool/main/m/mediawiki/mediawiki-math_1.12.0-2lenny3_amd64.deb
mediawiki_1.12.0-2lenny3.diff.gz
to pool/main/m/mediawiki/mediawiki_1.12.0-2lenny3.diff.gz
mediawiki_1.12.0-2lenny3.dsc
to pool/main/m/mediawiki/mediawiki_1.12.0-2lenny3.dsc
mediawiki_1.12.0-2lenny3_all.deb
to pool/main/m/mediawiki/mediawiki_1.12.0-2lenny3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 514...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Romain Beauxis to...@rastageeks.org (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bug#514547: marked as done (mediawiki: new upstream release, fixes security issues in the installer)
Your message dated Fri, 06 Mar 2009 21:02:18 +
with message-id e1lfhbs-0005h7...@ries.debian.org
and subject line Bug#514547: fixed in mediawiki 1:1.14.0-1
has caused the Debian Bug report #514547,
regarding mediawiki: new upstream release, fixes security issues in the
installer
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
514547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: mediawiki
Version: 1:1.12.0-2lenny3
Severity: grave
Tags: security
Justification: user security hole
Hi all !
A new upstream release of mediawiki was done in order to fix security
issues in the installer:
This is a security release of 1.13.4, 1.12.4 and 1.6.12.
A number of cross-site scripting (XSS) security vulnerabilities were
discovered in the web-based installer (config/index.php). These vulnerabilities
all
require a live installer -- once the installer has been used to
install a wiki, it is deactivated.
Note that cross-site scripting vulnerabilities can be used to attack
any website in the same cookie domain. So if you have an uninstalled copy of
MediaWiki on the same site as an active web service, MediaWiki could be used to
attack the active service.
If you are hosting an old copy of MediaWiki that you have never
installed, we advise you to remove it from the web.
Additionally, we are releasing 1.14.0rc1, the first release candidate
of the 2009 Q1 branch. Brave souls are encouraged to download it and
try it out.
Note that we have disabled SQLite installation in 1.14, due to the
incompleteness of the implementation. We intend to restore it in 1.15.
We're not sure how many people are using SQLite, so contact us if our
treatment of it is causing you problems.
I have already imported the patch in the lenny/ branch on the SVN[1], but I
have absolutely
no time to do serious testings, so any interested contributor would be much
welcome :)
Romain
[1]: svn{+ssh}://svn.debian.org/svn/pkg-mediawiki/mediawiki/lenny
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages mediawiki depends on:
ii apache2-mpm-worker [httpd 2.2.11-1 Apache HTTP Server - high speed th
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii mime-support 3.44-1 MIME files 'mime.types' 'mailcap
ii php5 5.2.6.dfsg.1-2 server-side, HTML-embedded scripti
ii php5-mysql5.2.6.dfsg.1-2 MySQL module for php5
Versions of packages mediawiki recommends:
ii mysql-server-5.0 [mysql-s 5.0.67-1 MySQL database server binaries
ii php5-cli 5.2.6.dfsg.1-2 command-line interpreter for the p
Versions of packages mediawiki suggests:
pn clamavnone (no description available)
ii imagemagick 7:6.3.7.9.dfsg1-2.1+lenny1 image manipulation programs
pn mediawiki-mat none (no description available)
pn memcached none (no description available)
-- debconf information:
mediawiki/webserver: apache2
---End Message---
---BeginMessage---
Source: mediawiki
Source-Version: 1:1.14.0-1
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:
mediawiki-math_1.14.0-1_amd64.deb
to pool/main/m/mediawiki/mediawiki-math_1.14.0-1_amd64.deb
mediawiki_1.14.0-1.diff.gz
to pool/main/m/mediawiki/mediawiki_1.14.0-1.diff.gz
mediawiki_1.14.0-1.dsc
to pool/main/m/mediawiki/mediawiki_1.14.0-1.dsc
mediawiki_1.14.0-1_all.deb
to pool/main/m/mediawiki/mediawiki_1.14.0-1_all.deb
mediawiki_1.14.0.orig.tar.gz
to pool/main/m/mediawiki/mediawiki_1.14.0.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 514...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Romain Beauxis to...@rastageeks.org (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED
