Your message dated Fri, 13 Jan 2012 10:18:15 +0000
with message-id <[email protected]>
and subject line Bug#655694: fixed in mediawiki 1:1.15.5-6
has caused the Debian Bug report #655694,
regarding mediawiki: cache poison vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
655694: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655694
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mediawiki
Version: 1:1.15.5
Severity: important
Tags: security
CVE-2012-0046 describes a cache poison vulnerability.
Roan Kattouw discovered an issue with the API, where prop=revisions would
expose deleted text to unprivileged users through cache pollution.
Refs:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-January/000107.html
https://bugzilla.wikimedia.org/show_bug.cgi?id=33117
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages mediawiki depends on:
ii apache2 2.2.21-5
ii apache2-mpm-prefork [httpd] 2.2.21-5
ii debconf [debconf-2.0] 1.5.41
ii mime-support 3.51-1
ii php5 5.3.8.0-1
ii php5-mysql 5.3.8.0-1+b1
ii php5-pgsql 5.3.8.0-1+b1
ii php5-sqlite 5.3.8.0-1+b1
Versions of packages mediawiki recommends:
ii mysql-server 5.1.58-1
ii mysql-server-5.1 [mysql-server] 5.1.58-1
ii php5-cli 5.3.8.0-1+b1
Versions of packages mediawiki suggests:
ii clamav 0.97.3+dfsg-2
ii imagemagick 8:6.6.9.7-5+b2
ii mediawiki-math <none>
ii memcached <none>
ii php5-gd 5.3.8.0-1+b1
-- Configuration Files:
/etc/mediawiki/apache.conf changed [not included]
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: mediawiki
Source-Version: 1:1.15.5-6
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:
mediawiki-math_1.15.5-6_amd64.deb
to main/m/mediawiki/mediawiki-math_1.15.5-6_amd64.deb
mediawiki_1.15.5-6.debian.tar.gz
to main/m/mediawiki/mediawiki_1.15.5-6.debian.tar.gz
mediawiki_1.15.5-6.dsc
to main/m/mediawiki/mediawiki_1.15.5-6.dsc
mediawiki_1.15.5-6_all.deb
to main/m/mediawiki/mediawiki_1.15.5-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <[email protected]> (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 13 Jan 2012 09:54:41 +0000
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source all amd64
Version: 1:1.15.5-6
Distribution: unstable
Urgency: low
Maintainer: Mediawiki Maintenance Team
<[email protected]>
Changed-By: Jonathan Wiltshire <[email protected]>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Closes: 652948 655694
Changes:
mediawiki (1:1.15.5-6) unstable; urgency=low
.
[ Thorsten Glaser ]
* debian/patches/khtml_not_ff9.patch: new (Closes: #652948)
.
[ Jonathan Wiltshire ]
* debian/patches/CVE-2012-0046.patch: security fix for unintended exposure
of hidden content through cache pollution, CVE-2012-0046 (Closes: #655694)
Checksums-Sha1:
75f6d789a9afdc517a7f0ae83790298be4807d1d 2129 mediawiki_1.15.5-6.dsc
b5db7f1a7b08e09bbfc4cc901d4ca322f98e2868 43235 mediawiki_1.15.5-6.debian.tar.gz
f3e1af06cfe69fc197fabe458a413edfe0c4155d 11723334 mediawiki_1.15.5-6_all.deb
9a14921221893d2138ebfdf2f07ea1a3f93c9ef5 320418
mediawiki-math_1.15.5-6_amd64.deb
Checksums-Sha256:
ac8db0354e97608b9f6947d52db866ee6ca807490682b4be08a99b862c978579 2129
mediawiki_1.15.5-6.dsc
271d1506070674665feaa60bf6b454f70ae9d054181c8a68259e72463d75312c 43235
mediawiki_1.15.5-6.debian.tar.gz
f84484c463c598f172db888865547ea7fd42da1b6d4e6a25a7a16eaeb8598e4f 11723334
mediawiki_1.15.5-6_all.deb
7b9985ea5cdc94b08c6cff30159f11276aafeec6ffcb158055d6a9c93689568b 320418
mediawiki-math_1.15.5-6_amd64.deb
Files:
3bf347040123d18fe27b7c3813929472 2129 web optional mediawiki_1.15.5-6.dsc
f048a74e2055a583853c8fa58d85ecc7 43235 web optional
mediawiki_1.15.5-6.debian.tar.gz
125211b3e2e48f948c19780471c61b5a 11723334 web optional
mediawiki_1.15.5-6_all.deb
a4f4e3a9d55d2c1573f5143b00b57f45 320418 web optional
mediawiki-math_1.15.5-6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJPEABpAAoJEFOUR53TUkxR9CEP/1/4TgswvSuih46LrR9FGsrc
joWHgeFEq7yVjOI7O8R3aYrcZmzHHOXUDNOv4a06XvR/SXZLB/0TZuewT2K42FaZ
YNWrnnM5kt4SbtFaGDpC+jzuLeFRytJCVyy85864w3dD/ROdjaHROERx7gxn4KqX
+jNOTFdC7uKzi0ic8aQQoM5Mzorp3Nbu4IhzNxqPbODVcHcN9a5pacdwtPBmw5yL
of2mZrHqZCQ40xa5zwUMlx3TTBkB6nG+c5v1WZsfBRufNiKOdur0MkHArs3MDube
n2ia6w8u9xFSU6+2edGQhXm7gXHb6I0qRehANGC4w0QLC1ZMdgh82AgdcLUzz4RT
gej7SaJMtlrJ4XsBE+wxUetabe2iO7QYYEuvKHXZKJb+eT5yKcNF/7Qu0LkUjnYp
hBh30KXZy4xK1xgHX0x7XV6BfTa70THmrbMikXprmIcXRQDkc0n5GX80u3p7pFjm
IC4CHsE6cy3+8rVIQ9gxRrEhX6JojaG2AvkuJnsNAne5mE8QIaC6FbSf4jMPSBGo
CbDqU2o/b4yapGnR1lX7ESn08FIwRXkzIOPNUU6I/gqBF1C1UDssntSmcONHQlR+
2lIjXuYMc8i/dEFmFFTG1iTlCnsnsLcGXUWcdSFNRTbiCU+VuLeWfMLaeG5xlZW4
9LSUzNhoIG/XTDKmx9yV
=3OgE
-----END PGP SIGNATURE-----
--- End Message ---
