Your message dated Sun, 22 Mar 2015 18:48:59 +0000 with message-id <[email protected]> and subject line Bug#780817: fixed in dokuwiki 0.0.20140929.d-1 has caused the Debian Bug report #780817, regarding dokuwiki: Insufficient escaping in user manager allows XSS attack to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 780817: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780817 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: dokuwiki Version: 0.0.20120125b-2+deb7u1 Severity: important Dear Maintainer, There's been a hotfix release for dokuwiki. >From the report: "The user's details were not properly escaped in the user manager's edit form. This allows a registered user to edit her own name (using the change profile option) to include malicious JavaScript code. The code is executed when a super user tries to edit the user via the user manager." You can see more details here: https://github.com/splitbrain/dokuwiki/issues/1081 This seems to affect the version in testing and unstable too. Let me know if I can help to solve it ASAP Thanks a lot, Rodrigo
--- End Message ---
--- Begin Message ---Source: dokuwiki Source-Version: 0.0.20140929.d-1 We believe that the bug you reported is fixed in the latest version of dokuwiki, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tanguy Ortolo <[email protected]> (supplier of updated dokuwiki package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 Mar 2015 17:00:41 +0100 Source: dokuwiki Binary: dokuwiki Architecture: source all Version: 0.0.20140929.d-1 Distribution: unstable Urgency: medium Maintainer: Tanguy Ortolo <[email protected]> Changed-By: Tanguy Ortolo <[email protected]> Description: dokuwiki - standards compliant simple to use wiki Closes: 773429 779547 780817 Changes: dokuwiki (0.0.20140929.d-1) unstable; urgency=medium . * New upstream hotfix releases: + prevent XSS attack via SWF uploads. (CVE-2014-9253) (Closes: #773429) + fix privilege escalation in RPC API (CVE-2015-2172) (Closes: #779547) + fix an XSS vulnerability in the user manager (Closes: #780817) Checksums-Sha1: f7f4d93aeb99880056a2fc3aca46d9861e8ed63c 2000 dokuwiki_0.0.20140929.d-1.dsc 623c9f1351b8df704abe64a49e16550e60623c86 3283317 dokuwiki_0.0.20140929.d.orig.tar.gz 21c3695e0a707b06f6e0e5d760147c1801a84416 94748 dokuwiki_0.0.20140929.d-1.debian.tar.xz 37c0071556effd725988fd4b2b769fe807428e1b 1688518 dokuwiki_0.0.20140929.d-1_all.deb Checksums-Sha256: 699448f5ea71147779a4c8b28da20b6b90dd34b599b26b8e4fc8953b68cf01cb 2000 dokuwiki_0.0.20140929.d-1.dsc 6fc6794e13c8e3fe07f5e02bd09cc3a167486a676e9822fa17aab0a45b094794 3283317 dokuwiki_0.0.20140929.d.orig.tar.gz e2023434920d5629e58924d9c4438c93179e79ffa451ff6170f8e98142fb9b3d 94748 dokuwiki_0.0.20140929.d-1.debian.tar.xz 9b56acc8574e75815ba42e467fe8b3c9f1cfd1f2edef0d07ddc736f0bd07c51b 1688518 dokuwiki_0.0.20140929.d-1_all.deb Files: da7a75494251ab1169d17b9553c64c9b 2000 web optional dokuwiki_0.0.20140929.d-1.dsc 2bf2d6c242c00e9c97f0647e71583375 3283317 web optional dokuwiki_0.0.20140929.d.orig.tar.gz 9adf20fbebbbca1a84bce8fe62dddf89 94748 web optional dokuwiki_0.0.20140929.d-1.debian.tar.xz dedab2fbe60ec10fd043558d95492ed2 1688518 web optional dokuwiki_0.0.20140929.d-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJVDwTlAAoJEOryzVHFAGgZEBcP/3NA9CuNFBY3wvvqsVhc7//0 TaWkWumN2IxciLAnhUsyTPR9zqRGsXHX5f7/4rA+5oOlFLVhW/QFcvLtOmz0BTbo Oan0ij7wGIl4iycaiKoonw8TtlFleu9G8relivJX6HQz9AxxS9Bn/RmI+NDlxgfG T8MyFNfXlCHtpE7eJF7qAQGWT/SB99AKpoQLljDaOPvkZSWMgmTmzH7Nr65fU55k QcLdQN1On+C/g3IbBHNfw+18j6MQUWTLD50oicBLpKY0hWTnYVrfNAdvNYVxj49X iUSoMMH4Nv4UAz0E0DqhhZA4C6td1c/fm7WUYBmq38J3ctNF2MnYSZbaQ5ppqlkp f6YBZMTR8QaFrGQXCJcjCKYaPIhw28Fc/7YyFfE7FWfFjvu+tXIyKHEa1LT1iEVC 5gHGVTg00Vz376B/+O5n+DtqTZX5SUpZhAKWp8ih124k5K2YGFLLHXBIYEJRdJ1L 1iEKz/Atr6BmJssPwVBugGGEnK8CoOIgQf7DEQxwuXGMiprNEVD7Pzv8wZQ6D8km ktTuo2thLJDLPtbso10tAfQcLtGtGefs7DrUytumGudseLiEND0BT/EA/IUCsI0f hQs6exXJanT0tSJj0QQKJeaMGv1j5h6O90UzTusAKY5tnydn/End4K8gq2Q1tAk9 ksTGVwNcl8b6OkCj9VvC =H0dC -----END PGP SIGNATURE-----
--- End Message ---

