Your message dated Mon, 18 Jun 2012 15:33:57 +0000
with message-id <[email protected]>
and subject line Bug#677895: fixed in mediawiki 1:1.19.1-1
has caused the Debian Bug report #677895,
regarding CVE-2012-2698: unescaped lang and dir
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
677895: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677895
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mediawiki
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mediawiki.
CVE-2012-2698
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For a patch see:
https://bugzilla.wikimedia.org/show_bug.cgi?id=36938
https://gerrit.wikimedia.org/r/#/c/7979/
Note that for older versions you might need to use lang and dir instead
of userlang and userdir.
For further information see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2698
http://security-tracker.debian.org/tracker/CVE-2012-2698
Cheers
Luk
--- End Message ---
--- Begin Message ---
Source: mediawiki
Source-Version: 1:1.19.1-1
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:
mediawiki_1.19.1-1.debian.tar.gz
to main/m/mediawiki/mediawiki_1.19.1-1.debian.tar.gz
mediawiki_1.19.1-1.dsc
to main/m/mediawiki/mediawiki_1.19.1-1.dsc
mediawiki_1.19.1-1_all.deb
to main/m/mediawiki/mediawiki_1.19.1-1_all.deb
mediawiki_1.19.1.orig.tar.gz
to main/m/mediawiki/mediawiki_1.19.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <[email protected]> (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 18 Jun 2012 15:25:25 +0100
Source: mediawiki
Binary: mediawiki
Architecture: source all
Version: 1:1.19.1-1
Distribution: unstable
Urgency: low
Maintainer: Mediawiki Maintenance Team
<[email protected]>
Changed-By: Jonathan Wiltshire <[email protected]>
Description:
mediawiki - website engine for collaborative work
Closes: 672818 677895
Changes:
mediawiki (1:1.19.1-1) unstable; urgency=low
.
* New upstream bug fix release
Closes: #672818, 677895 (CVE-2012-2698)
- debian/rules: remove all .gitignore files too, since upstream
switched to git VCS
* Remove last traces of mediaiki-math binary package
* Remove CDBS logic and dependencies and use dh
auto-sequencer instead
* Depend on debhelper >=9 and use compat level 9; this
stops dh_pysupport adding files to the build
* Do not run update debconf translations on clean
* Disable patch texvc_location.patch; this really belongs in mediawiki-math
now and especially considering <[email protected]>
* Add a versioned Breaks on fusionforge-plugin-mediawiki
* Upload to unstable
Checksums-Sha1:
b8bfe516bc321e1f12a362c747d33e3487a34182 2064 mediawiki_1.19.1-1.dsc
7e827714aab2110719bb13ae0f10919ed01c08d7 17929538 mediawiki_1.19.1.orig.tar.gz
59a0bf7d1a465c6b6620b5492c19ff0da8a9f57b 31550 mediawiki_1.19.1-1.debian.tar.gz
f378d2891eb30dac2cb31b6e9155a1ce63330fa2 17123684 mediawiki_1.19.1-1_all.deb
Checksums-Sha256:
3c4208329c4f11ebc38e25544cd31b14796bf71d85d35168986b30955b31353e 2064
mediawiki_1.19.1-1.dsc
3f4e254b5a7fd74f9f623736d56e6ae40acad3d69c10d80cd7bc9b8b588d461a 17929538
mediawiki_1.19.1.orig.tar.gz
190a0576254e0dc8b6c6e4683ebfad66aa74314926891cee98609e376a04c12b 31550
mediawiki_1.19.1-1.debian.tar.gz
234a2f66962b8d0206afcd570f4c232b7b3c40de3b7d33fd6d8f71642fee4a95 17123684
mediawiki_1.19.1-1_all.deb
Files:
d66e118a66199bda7f6353420d96629f 2064 web optional mediawiki_1.19.1-1.dsc
a4ece78bedeb025403b56864ffff41eb 17929538 web optional
mediawiki_1.19.1.orig.tar.gz
c2f3d91205c03bbb1e09e8aa11051db0 31550 web optional
mediawiki_1.19.1-1.debian.tar.gz
961b190f6a9689641cff8b2d28b310f0 17123684 web optional
mediawiki_1.19.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJP30bFAAoJEFOUR53TUkxRynAP/18sbqkMd60OB4pUl8kj043p
5TJiMkFDyXKztpxB/MmlFAtmySeOiH1gBmxTesfqsXIgnDznM0yPPuwkYiBqNH/S
o/XeV4CVmY2drBD9jj5hV/UlpVi8a0ZC5Vm0bDLFn6RTSy5cjOitpFCHXIMpRu83
eER1ZU1Yx+MDjWZdgKccg9UnAsY2zeaUopctPasQb6HXJ39FCFN9k7ngUKguTFvV
fbpYLpdVs4Ox/vZWd5ehJuCUfbZuE6hvltC9Dc6M+PYeroXkhT24Ix7yNtDwPkMr
OfXQ+tlvo9gfMk6uxAiowc40OnrAQV0XMyNDAYDXOCkOtnJFJrUkcVbf+GGBhtmg
7ngi/lX+d5bQeYcaRZp4Y0Fxhh32jRYWT1BQWogrBK5zEVtUBh/TC2X/CiaVcGRV
PGObRjFqdjeMwLWnsfW9CXdpHh3ULon1aadpjuxMFRR4hX7sUsLAn4e/0obO6JXO
pshZf3VQ8KEypFNCBXkx7ySPnzYjrshsllpu7Lmv+XQk0GurpzcnoyX7HUbuWJXw
+M6KZ/bHF207zs9HAK1TnHnWcS2QlEx8sBQpDYVDf77C/5y+kXhyBXvVKD0DEnwD
fDU0U1qLlMypnsZc4EC2XTgFgutkLWsO7R0uR2mQZzBO7VU2sZMRL8P/2MKRAMJO
DQpRZOhxxQBgHCyFIg5Q
=Z+a1
-----END PGP SIGNATURE-----
--- End Message ---
