Your message dated Sat, 14 Jan 2012 18:17:09 +0000
with message-id <[email protected]>
and subject line Bug#655694: fixed in mediawiki 1:1.15.5-2squeeze3
has caused the Debian Bug report #655694,
regarding mediawiki: cache poison vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
655694: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655694
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mediawiki
Version: 1:1.15.5
Severity: important
Tags: security
CVE-2012-0046 describes a cache poison vulnerability.
Roan Kattouw discovered an issue with the API, where prop=revisions would
expose deleted text to unprivileged users through cache pollution.
Refs:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-January/000107.html
https://bugzilla.wikimedia.org/show_bug.cgi?id=33117
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages mediawiki depends on:
ii apache2 2.2.21-5
ii apache2-mpm-prefork [httpd] 2.2.21-5
ii debconf [debconf-2.0] 1.5.41
ii mime-support 3.51-1
ii php5 5.3.8.0-1
ii php5-mysql 5.3.8.0-1+b1
ii php5-pgsql 5.3.8.0-1+b1
ii php5-sqlite 5.3.8.0-1+b1
Versions of packages mediawiki recommends:
ii mysql-server 5.1.58-1
ii mysql-server-5.1 [mysql-server] 5.1.58-1
ii php5-cli 5.3.8.0-1+b1
Versions of packages mediawiki suggests:
ii clamav 0.97.3+dfsg-2
ii imagemagick 8:6.6.9.7-5+b2
ii mediawiki-math <none>
ii memcached <none>
ii php5-gd 5.3.8.0-1+b1
-- Configuration Files:
/etc/mediawiki/apache.conf changed [not included]
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: mediawiki
Source-Version: 1:1.15.5-2squeeze3
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:
mediawiki-math_1.15.5-2squeeze3_amd64.deb
to main/m/mediawiki/mediawiki-math_1.15.5-2squeeze3_amd64.deb
mediawiki_1.15.5-2squeeze3.debian.tar.gz
to main/m/mediawiki/mediawiki_1.15.5-2squeeze3.debian.tar.gz
mediawiki_1.15.5-2squeeze3.dsc
to main/m/mediawiki/mediawiki_1.15.5-2squeeze3.dsc
mediawiki_1.15.5-2squeeze3_all.deb
to main/m/mediawiki/mediawiki_1.15.5-2squeeze3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <[email protected]> (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 13 Jan 2012 10:54:43 +0000
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source all amd64
Version: 1:1.15.5-2squeeze3
Distribution: stable
Urgency: low
Maintainer: Mediawiki Maintenance Team
<[email protected]>
Changed-By: Jonathan Wiltshire <[email protected]>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Closes: 655694
Changes:
mediawiki (1:1.15.5-2squeeze3) stable; urgency=low
.
* debian/patches/CVE-2012-0046.patch: security fix for unintended exposure
of hidden content through cache pollution, CVE-2012-0046 (Closes: #655694)
Checksums-Sha1:
5f0fc67533dfa438d12748b6f344c78ef552dd3f 2091 mediawiki_1.15.5-2squeeze3.dsc
8f493fbb0c2c156dd200e79c8f4b27d203ee755a 42657
mediawiki_1.15.5-2squeeze3.debian.tar.gz
b4fec7d3b9e98d64b504298ab844c62c2e38e9f5 11723208
mediawiki_1.15.5-2squeeze3_all.deb
dbba8cdc0b806f2671513be8ae9384658069ba42 319044
mediawiki-math_1.15.5-2squeeze3_amd64.deb
Checksums-Sha256:
a68663a38361d9f6324462c5bd6dda09bdade69aa78e545e86cd79fe92855501 2091
mediawiki_1.15.5-2squeeze3.dsc
8085db7b40f7480ebcf7db621207f722ba44a904ca6aa27f05522cdc34fc5ebe 42657
mediawiki_1.15.5-2squeeze3.debian.tar.gz
1913ae5fd9eba2d2fd6fb03d915f6a067214aef1160bc633407e379c947b8965 11723208
mediawiki_1.15.5-2squeeze3_all.deb
2bf34f3ca5ae0af703b48c4ceb509b7111251d24cf9cf968275a4cbbfeb5740d 319044
mediawiki-math_1.15.5-2squeeze3_amd64.deb
Files:
954d724364d61bc9ea00c0bc8a72f52e 2091 web optional
mediawiki_1.15.5-2squeeze3.dsc
20bc99d68c1f69506ce0f5ab6bb98625 42657 web optional
mediawiki_1.15.5-2squeeze3.debian.tar.gz
b75b5d7146e5aff42415e38b4ce646d2 11723208 web optional
mediawiki_1.15.5-2squeeze3_all.deb
2df9f4334f5ca039ade780695a37a7ec 319044 web optional
mediawiki-math_1.15.5-2squeeze3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJPELUsAAoJEFOUR53TUkxRmJIQAI+5vVyaj1oF53ts9zuY45wX
IZ9yhLSV9fpgFKHl48uGRynOkhyOI+ASoM3gZgdCjJfCS2KKl0GfO7baUvyEOuUB
jl511xF1oDeuzEVqfqpKRLZilJo2VjiM8/x0a0zAc09v0Y41CUJP8y/jDwZgVhOB
Agbx8300qLIp9kDCf9yT08WAvLtrFvY0DL3gk1ncwkI53HmV3CkIc0Dkr/XkN0Qr
7Da21KlX0A3SFsUiWrZQGUNpjHbikrrLXv7sdQNTWsZfKgC4Tc/yX38P08IrzS1u
KcDP4nyR/YhoXuAwYBBHePSGdu8LDiquJTBepVB+jsNpNjtc8PNDgWxY921bYuLn
CsN8icpfFs4oYVc9hN8r85ztgrbV3Tv1Xj5tu0w61Z8Gm1wcLr795Ttyh5zjWE5S
XK8MB9PUBk6IZTBaRDCJklURfrjFJECS2SUEfJ595QHG06UdJhr77uZRU63GvJMt
0xinXNsEnoYM901dzBzlgfyxsqMJ63rwQs6tG6w5e9mfgh5/avEIAyTgpA7qeIqC
z1iONxWmnKNzNy9vfwyh/FF2p80ffVU+DNxhbAnKOnOlfzupVpV66G7usqLGRUDK
OWvxOxDvteaM7cBtEehKL4x/4ZwmNqm2Ffd8iNBt2uLcnUmU2XoMclT5Uz/x+ajS
nStmZJ1vX+naWRcrHRMH
=rVsi
-----END PGP SIGNATURE-----
--- End Message ---
