Bug#683378: marked as done (CVE-2012-0283)

[Debian Bug Tracking System]

Your message dated Wed, 15 Aug 2012 13:47:39 +0000
with message-id <e1t1dwh-0007hd...@franck.debian.org>
and subject line Bug#683378: fixed in dokuwiki 0.0.20120125b-1
has caused the Debian Bug report #683378,
regarding CVE-2012-0283
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
683378: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683378
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: dokuwiki
Severity: important
Tags: security

Please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0283
http://secunia.com/secunia_research/2012-24/
http://bugs.dokuwiki.org/index.php?do=details&task_id=2561

This doesn't warrant a DSA, but you can fix it through a stable point update.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: dokuwiki
Source-Version: 0.0.20120125b-1

We believe that the bug you reported is fixed in the latest version of
dokuwiki, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 683...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tanguy Ortolo <tanguy+deb...@ortolo.eu> (supplier of updated dokuwiki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Aug 2012 11:46:36 +0200
Source: dokuwiki
Binary: dokuwiki
Architecture: source all
Version: 0.0.20120125b-1
Distribution: unstable
Urgency: high
Maintainer: Tanguy Ortolo <tanguy+deb...@ortolo.eu>
Changed-By: Tanguy Ortolo <tanguy+deb...@ortolo.eu>
Description: 
 dokuwiki   - standards compliant simple to use wiki
Closes: 683378
Changes: 
 dokuwiki (0.0.20120125b-1) unstable; urgency=high
 .
   * New upstream bugfix release: sanitize a POST parameter that could be used
     to inject artitrary HTML and JavaScript, leading to an XSS vulnerability.
     (CVE-2012-0283) (Closes: #683378)
Checksums-Sha1: 
 b7179002aec5caf85b8a0b22b37092d5406e7ccd 1990 dokuwiki_0.0.20120125b-1.dsc
 662c805de802e5889820eb911e3431f18003328a 2507783 
dokuwiki_0.0.20120125b.orig.tar.gz
 648953bda17b019f68834d0ba4add0f5fbefc9f4 89167 
dokuwiki_0.0.20120125b-1.debian.tar.gz
 77c20726166be9d369ea24af6dea43afb58b67fb 1773466 
dokuwiki_0.0.20120125b-1_all.deb
Checksums-Sha256: 
 475071ff6d75803614d528405d374e888c2ab4bd88a50eced41d761f103c19f8 1990 
dokuwiki_0.0.20120125b-1.dsc
 0231fd4fabdb14a05628fad60a6d68017b7664b645662d4dfdb5f2f704ca165a 2507783 
dokuwiki_0.0.20120125b.orig.tar.gz
 515f82605c2d941083e9acd7488e25989eb36f0f491cd05a0094d46cdf0b4d04 89167 
dokuwiki_0.0.20120125b-1.debian.tar.gz
 3ae712614ef7a7c1e75e71e14bddbdfee7de882c7f1e4f9d1a23c62de3949c33 1773466 
dokuwiki_0.0.20120125b-1_all.deb
Files: 
 1f73a70990d2e052c8e04868cd0c5e61 1990 web optional dokuwiki_0.0.20120125b-1.dsc
 6bceed04c3c38b3b251c70dfe2f9fca0 2507783 web optional 
dokuwiki_0.0.20120125b.orig.tar.gz
 ce1cf3934aa76c351600190e40c72e0a 89167 web optional 
dokuwiki_0.0.20120125b-1.debian.tar.gz
 a44e37a031d6c2c2d3c09aee17f316d9 1773466 web optional 
dokuwiki_0.0.20120125b-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQK6R6AAoJEOryzVHFAGgZsywQAKaemcFLnfRUjcH1zjXRJ6OW
4y4/HDa6rG/0wTcVbUFVh93OgykAOLtcZFcRh4ygl+L0uYtGhPsZUPH+RslIkbHj
iTEpMEjC3xljfHma60TBnw+aYB5YySNg2uYibMIinjaf1R/yUgWuHP4IMTJfDUHH
fPiYQUOpqyTj44sRQ1kPXyJoutYo8TOD2zs5Zdx8+HZpfpJ1NLG4+2uLw42rrEn2
wuC1ASEHWCRqtV8o7mc0n+ZdgLC361q/bPJSpI1B6QAG2l3rXsgGRprufTCGtYKg
xOUGqa7gX97GuLjC/VgeQNAsIwY5JJUp3FoYdoilCuXRufh6dnjfIYoE77s0QqgT
a2iLTsrR/hyIZL1FnOG1FQYarOXuim/6zwLXKnJKeIJhrueGou4QVZCj8MkjyBgC
ABZQiSFf9uFCj6l5qGrJPho8aokMiwx2iaviTRu0ED3GPiYPL668SG/nWVWu3sgO
ef3uC+Ylq2uLrDfkNHLtHGg57OQUiQwQg/9s11ZOidAfgojB/nooh3HIMKrbmPAo
zAlzMyp5nPIPwgnGwl8B+8XSm6mcFz53F/PaAIypkngqvMr7X1BbZvK+6PdAtWXg
9ClRWqMRhXM1y6FjqKZdrSv+ctGJYc4FFNQ8Ls3LEGA+GGgB1cKcyVd6wSymcfcL
jk2vN5QrEwshzCo86mmP
=y/32
-----END PGP SIGNATURE-----

--- End Message ---