Bug#706601: marked as done (mediawiki: CVE-2013-2031 CVE-2013-2032)

[Debian Bug Tracking System]

Your message dated Sat, 11 May 2013 15:49:12 +0000
with message-id <e1ubc2q-00043w...@franck.debian.org>
and subject line Bug#706601: fixed in mediawiki 1:1.19.6-1
has caused the Debian Bug report #706601,
regarding mediawiki: CVE-2013-2031 CVE-2013-2032
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
706601: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706601
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: mediawiki
Severity: important
Tags: security
Justification: user security hole

Please see http://www.openwall.com/lists/oss-security/2013/05/01/2 for
details.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: mediawiki
Source-Version: 1:1.19.6-1

We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 706...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated mediawiki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 11 May 2013 16:07:43 +0100
Source: mediawiki
Binary: mediawiki
Architecture: source all
Version: 1:1.19.6-1
Distribution: unstable
Urgency: low
Maintainer: Mediawiki Maintenance Team 
<pkg-mediawiki-de...@lists.alioth.debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description: 
 mediawiki  - website engine for collaborative work
Closes: 706601
Changes: 
 mediawiki (1:1.19.6-1) unstable; urgency=low
 .
   * New upstream security release (Closes: #706601):
     - SVG script filtering could be bypassed for Chrome and Firefox
       clients by using an encoding that MediaWiki understood, but these
       browsers interpreted as UTF-8. (CVE-2013-2031)
     - Internal review discovered that extensions were not given the
       opportunity to disable a password reset, which could lead to
       circumvention of two-factor authentication (CVE-2013-2032)
Checksums-Sha1: 
 3141fec52166a3919b1ab54d63cb1af862d8d6b2 2096 mediawiki_1.19.6-1.dsc
 4a04c2dc83180067a6d72624e5e9683dbacb5397 18550832 mediawiki_1.19.6.orig.tar.gz
 09c60b6746152d4e6cd6dffb7bf07e25a0d39e61 39387 mediawiki_1.19.6-1.debian.tar.gz
 1c21c1a3d64124e9c5e5e1d3dd76f8d12a19f18c 17750230 mediawiki_1.19.6-1_all.deb
Checksums-Sha256: 
 fb6689cbe7cc6a3858d456e458d2dd02e2e5736f9d9ce48cb46913faaee06111 2096 
mediawiki_1.19.6-1.dsc
 c5056635c099b8fc7362807047b1bd2e10c2e4fb12904bf4ace3b0b8474693a2 18550832 
mediawiki_1.19.6.orig.tar.gz
 34c83c17a42c9bc0ff47612c6605f22a2874a0fabd42977d93f7cff989872d89 39387 
mediawiki_1.19.6-1.debian.tar.gz
 f389504d1550192ddcc44438d99fdf73354d45508a0a3c726d29b8b5cac01eec 17750230 
mediawiki_1.19.6-1_all.deb
Files: 
 b2d241e6747b1eaa1bbb2fb802b4e6e7 2096 web optional mediawiki_1.19.6-1.dsc
 8e4c6896d3d1835bdf0f17da7dffb34e 18550832 web optional 
mediawiki_1.19.6.orig.tar.gz
 7ae27c8d23c590a1e1b17edb5076fb41 39387 web optional 
mediawiki_1.19.6-1.debian.tar.gz
 091c18803862207671508303e80e5db1 17750230 web optional 
mediawiki_1.19.6-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJRjmTUAAoJEFC7AtTIpr9htuEP/iBAmvF5B1jE91WPHK/qJoHs
i/qYBLfy+paEbBha8Ub8ocg2ocKmLdQkDl4CHRmwsCAc6CnHd1xjH6FWtqflAzPs
yjD2ss1Ui5fgUp3Q4BslXuOeWea4nlsaYUiGp9ismVscB1gGMXza9cc4EAKzerS5
MYGBT3bqhsOMqHOU4axo5kkm7ZQkUTUN5O0T/etGcqm4bqa8PN1aDYBlfmdoZ7lh
suH28d6OMgHQZ9efFszmiaBE/0CIvmdZKpEvgVChUQ9qOpSEDlbFxGVom1bZiU7O
wIeJXSPX6D95KrvWQNxwGfuxMxryqLnYaOLF3nS43S7usX1EPHbxN2ZQQBkxo0L5
FeiHDNxLAvvi3xA4NZSCqk6stnyTw2zbaRf3EJi7Cd304K/FQInYNSLsriFbmtaF
XGDRFVNzrKB3AsB+kexJVoarxnXVI1dbYbvxZxgkQtOifkdobrmYf5Q45zym86Mp
K+zFZKK9dpqr12GvzHPJ3sruTMKAXPY7zLLRXMBZrpKHRC+LATD9Y1VqQc9sB9Rd
xqp4470dUEy614ZQn598EFEzTMZDHpJq2DsbjYz5fbtSxmFOkKPsYR2Z3APSFRS8
14V2H1Gv7t6X9JrGJb4zIf6TTsaLrGEr9HxOJK4HLZgIYWmHtWPJlZ0ySLhFRhx/
zE9wn9pwI5O5noAJrx75
=qufW
-----END PGP SIGNATURE-----

--- End Message ---