Your message dated Thu, 18 Dec 2008 02:02:05 +0000
with message-id <e1ld8df-0000g5...@ries.debian.org>
and subject line Bug#508868: fixed in mediawiki 1:1.13.3-1
has caused the Debian Bug report #508868,
regarding CVE-2008-5249: XSS vulnerability in MediaWiki
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
508868: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508868
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mediawiki
Version: 1:1.13.2-1
Severity: grave
Tags: security patch
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for
mediawiki.
[0]:
> * An XSS vulnerability affecting all MediaWiki installations between
> 1.13.0 and 1.13.2. [CVE-2008-5249]
A patch fixing this and other issues can be found at [0].
If you fix the vulnerability please also make sure to include the CVE id in
the changelog entry.
[0]http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5249
http://security-tracker.debian.net/tracker/CVE-2008-5249
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: mediawiki
Source-Version: 1:1.13.3-1
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:
mediawiki-math_1.13.3-1_amd64.deb
to pool/main/m/mediawiki/mediawiki-math_1.13.3-1_amd64.deb
mediawiki_1.13.3-1.diff.gz
to pool/main/m/mediawiki/mediawiki_1.13.3-1.diff.gz
mediawiki_1.13.3-1.dsc
to pool/main/m/mediawiki/mediawiki_1.13.3-1.dsc
mediawiki_1.13.3-1_all.deb
to pool/main/m/mediawiki/mediawiki_1.13.3-1_all.deb
mediawiki_1.13.3.orig.tar.gz
to pool/main/m/mediawiki/mediawiki_1.13.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 508...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Romain Beauxis <to...@rastageeks.org> (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 18 Dec 2008 02:37:58 +0100
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source all amd64
Version: 1:1.13.3-1
Distribution: unstable
Urgency: low
Maintainer: Mediawiki Maintenance Team
<pkg-mediawiki-de...@lists.alioth.debian.org>
Changed-By: Romain Beauxis <to...@rastageeks.org>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Closes: 508868 508869 508870
Changes:
mediawiki (1:1.13.3-1) unstable; urgency=low
.
* New upstream release.
* Fix CVE-2008-5249: XSS vulnerability in MediaWiki:
"An XSS vulnerability affecting all MediaWiki installations between
1.13.0 and 1.13.2."
Closes: #508868
* Fix CVE-2008-5250: several local script injection vulnerabilities
in MediaWiki:
"o A local script injection vulnerability affecting Internet Explorer
clients for all MediaWiki installations with uploads enabled.
o A local script injection vulnerability affecting clients with SVG
scripting capability (such as Firefox 1.5+), for all MediaWiki
installations with SVG uploads enabled."
Closes: #508869
* Fix CVE-2008-5252: CSRF vulnerability affecting the Special:Import
feature in MediaWiki:
"A CSRF vulnerability affecting the Special:Import feature, for all
MediaWiki installations since the feature was introduced in 1.3.0."
Closes: #508870
Checksums-Sha1:
3e135baf85c04b975023211c0f377bdf7709a337 1524 mediawiki_1.13.3-1.dsc
e6b19d170629c8657742236b9f827a6df0350efd 9252548 mediawiki_1.13.3.orig.tar.gz
774702edccd95d4359e733338c6bd80902fdfd77 29264 mediawiki_1.13.3-1.diff.gz
324c06f073e2f7c85c20ab05ec0eb260cd2e0e98 9232080 mediawiki_1.13.3-1_all.deb
1454f6a20f320ff82a436dae4a2d04e2d143048b 156108
mediawiki-math_1.13.3-1_amd64.deb
Checksums-Sha256:
f0774ca4cdb7829756e66386c90f3400b8454741ceace122c67893fdd2eb07f4 1524
mediawiki_1.13.3-1.dsc
da6962de7156def500ff926060d1d3d1db93ab94ee97620ca5ab8e444035a244 9252548
mediawiki_1.13.3.orig.tar.gz
0028de6fc2e5085549a8467b997d6fa73cd72ea8ea651e8d9e6a54419992d39c 29264
mediawiki_1.13.3-1.diff.gz
60fedf1897142f4ebf44ed1a679a9897f01262302321538c0197c539b8034401 9232080
mediawiki_1.13.3-1_all.deb
a99fd89945b28dc66db35cf7179f77ceb3a52949640e1e0d4ce2d5fc5192b478 156108
mediawiki-math_1.13.3-1_amd64.deb
Files:
5216b3c299a168a1d941d0cd61adfc45 1524 web optional mediawiki_1.13.3-1.dsc
01ecf3492ea92cea62da0a9381dc53e3 9252548 web optional
mediawiki_1.13.3.orig.tar.gz
eafc8c21576f059cedd3f9c1a084f673 29264 web optional mediawiki_1.13.3-1.diff.gz
2eda5f5c42ea32c1a8ad1607db07b1b3 9232080 web optional
mediawiki_1.13.3-1_all.deb
a8f08c9efdea29d3c08c2bb4806b07db 156108 web optional
mediawiki-math_1.13.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJSa0nAAoJEAC5aaocqV0Z7BcH/RQxTHk3QpC7SqOoCPCHdvNJ
D0LWdpOakbltNcGwbSR+yg//WFv0gfp28mGoVe639E5F1BIiBapmHpui3eb5rmpQ
SVZVcXlZpXuY2hdxmg15aOxql3D2HbUJ/q1OjK4Vasehg2Xzkw6NAwCXq4jJC94O
P8bC1PeIZcMG1Nk4+iTbR1hVuDMr7/Kzd6Q+oyuPaOh4VuIEF8glHAWgswqVlxLH
a2WyzF+73QWtl4YqidqDoDDivt2NVH7FqweyhdysVC0vIDBCknwtrVGX8KL0cu/u
hAJ00GASELZouT3jOWlSyXshQ+c+ubt8xgtPmKfOsUg3z1H6mL+K1VyZOy+G2oE=
=5IZk
-----END PGP SIGNATURE-----
--- End Message ---
