Your message dated Sat, 23 Sep 2017 20:02:51 +0000
with message-id <[email protected]>
and subject line Bug#874416: fixed in wordpress-shibboleth 1.4-2+deb8u1
has caused the Debian Bug report #874416,
regarding wordpress-shibboleth: CVE-2017-14313: XSS due to add_query_arg
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
874416: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874416
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wordpress-shibboleth
Version: 1.4-2
Severity: important
X-Debbugs-Cc: [email protected]
Tags: security

I have just become aware of an old security issue that was fixed
in upstream:

https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f5
6e2fd19188e7c26a

As far as I understand, this is 

https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_q
uery_arg-usage/

Given that noone has noticed and reported this as an issue for a year
in the Debian package, and I'm not completely sure of how easy it is
to exploit, I'm not exactly sure of the correct severity or whether
this warrants a DSA or just a point release update. I'm CCing
the Wordpress maintainer in case they have any ideas.

This bug will be fixed in unstable shortly.

--- End Message ---
--- Begin Message ---
Source: wordpress-shibboleth
Source-Version: 1.4-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
wordpress-shibboleth, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominic Hargreaves <[email protected]> (supplier of updated wordpress-shibboleth 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 14 Sep 2017 11:39:51 +0100
Source: wordpress-shibboleth
Binary: wordpress-shibboleth
Architecture: all source
Version: 1.4-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Dominic Hargreaves <[email protected]>
Changed-By: Dominic Hargreaves <[email protected]>
Closes: 874416
Description: 
 wordpress-shibboleth - Shibboleth plugin for WordPress
Changes:
 wordpress-shibboleth (1.4-2+deb8u1) jessie-security; urgency=high
 .
   * [CVE-2017-14313]: Fix XSS in login form (Closes: #874416)
Checksums-Sha1: 
 7d30a98757cc8f5164cf4085af4ff38f4582fd75 1978 
wordpress-shibboleth_1.4-2+deb8u1.dsc
 b2737ded5f53a45187d8ad79d6dbbcfc83b81308 2105 
wordpress-shibboleth_1.4-2+deb8u1.diff.gz
 a931727ba6c163ec1a3ddf5d1883ed5b192a4e3c 5809 
wordpress-shibboleth_1.4-2+deb8u1_source.buildinfo
 087c42e829ea89c3cd24206a65f540e458c8d35e 19202 
wordpress-shibboleth_1.4-2+deb8u1_all.deb
Checksums-Sha256: 
 f98faf2f010efd5429b8b677e358943c8ecc1a450c446d1ddd41805fa728a43e 1978 
wordpress-shibboleth_1.4-2+deb8u1.dsc
 23db1bc9894eb670a36859fafd6647079c5fbbf73ebe345061728dc0563aef6e 2105 
wordpress-shibboleth_1.4-2+deb8u1.diff.gz
 66754f82213c42039a34049560699b3852c50b13790cf7467e8db1b78d160331 5809 
wordpress-shibboleth_1.4-2+deb8u1_source.buildinfo
 073f3d78f6ba56e56f1abfbdd6f33e9cbb877d8437479e1dcfe87529606b4ce9 19202 
wordpress-shibboleth_1.4-2+deb8u1_all.deb
Files: 
 f98107a4fb81c2c4738dba6917593ac3 1978 php optional 
wordpress-shibboleth_1.4-2+deb8u1.dsc
 fe7f268d1323796e3a681e0d66b3f614 2105 php optional 
wordpress-shibboleth_1.4-2+deb8u1.diff.gz
 b29ad07329b1263af2f36988e9523bd3 5809 php optional 
wordpress-shibboleth_1.4-2+deb8u1_source.buildinfo
 f7531d6ce5f3a21ed15ce5a4f4519ad9 19202 php optional 
wordpress-shibboleth_1.4-2+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQJBBAEBCAArFiEEy0llJ/kAnyscGnbawAV+cU1pT7IFAlm6XhcNHGRvbUBlYXJ0
aC5saQAKCRDABX5xTWlPshFZD/9egrUlqq2iGp/lSkjJ4eY5nvd1NK2tFG2TfPYi
iJkJT75/P0kaOpCA4rPtVm5AAdKywCkpTF3NSiMLSF78bmyXOZzEJqQ2cjAa32uM
ufHtp/vzvmKyXpbs7uTuyPM+fLx51DKT/4oNph8XtDQaW1PWEPWP+8C4TnG9mTN6
SeJ0ZP8N2D5e5++P6AgzPdDPT+sZ1NbwKg9frpDbJY51iA1rs0+qv0wfMs+LCWE2
2oni4wgYq67a6R3T7tNLiwP7CIQ6gTqSbukTC5Wht7l8z/e/5jbuJ6a+hO4Q4xah
EMtf/nS1vSJOrq5Ls3HupWnU1Z8xQ5FPOPTAHURWgcDbGiQoyiWIB+hVQ9+skyqZ
kjcqnNUfUFGnbBOd+l02ptbGkX00zLGUe6vmaycNsGoCzCyaYprWhfYXX28VqF/U
dhaJh8lr7sO0WdBGTUz0iwwbFr+EXxmz4bSpbzswfUHNFouyIEYp69NurG3kdV58
6umo6EL5T9ywTf+3FFthWZ3sfSiFQaSxMeYm8Yahuyj4fV+C/08GTcaxR5DLEOXN
HhiDP8jazeLifPnOM1YszKTjS18/1vkdKJ3ByNla+stp4fukYa/MTQKRZf6GghKv
pDNpXCvGf6HcZihg9btu/dHdgFvyAxdPmUveAuNZ7hW2/0Zi7+Jx2/mD6u69/BSZ
GXCkAQ==
=jP7I
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to