Your message dated Fri, 22 Aug 2025 11:53:15 +0000
with message-id <[email protected]>
and subject line Bug#1111589: fixed in shaarli 0.15.0+dfsg-1
has caused the Debian Bug report #1111589,
regarding shaarli: CVE-2025-55291
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111589: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111589
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: shaarli
Version: 0.14.0+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for shaarli.
CVE-2025-55291[0]:
| Shaarli is a minimalist bookmark manager and link sharing service.
| Prior to 0.15.0, the input string in the cloud tag page is not
| properly sanitized. This allows the </title> tag to be prematurely
| closed, leading to a reflected Cross-Site Scripting (XSS)
| vulnerability. This vulnerability is fixed in 0.15.0.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-55291
https://www.cve.org/CVERecord?id=CVE-2025-55291
[1] https://github.com/shaarli/Shaarli/security/advisories/GHSA-7w7w-pw4j-265h
[2]
https://github.com/shaarli/Shaarli/commit/66faa61335a6e72184be64092ff1242ffa4fe5b6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: shaarli
Source-Version: 0.15.0+dfsg-1
Done: James Valleroy <[email protected]>
We believe that the bug you reported is fixed in the latest version of
shaarli, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James Valleroy <[email protected]> (supplier of updated shaarli package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 22 Aug 2025 07:20:50 -0400
Source: shaarli
Architecture: source
Version: 0.15.0+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: James Valleroy <[email protected]>
Closes: 1111589
Changes:
shaarli (0.15.0+dfsg-1) unstable; urgency=high
.
* New upstream version 0.15.0 (Closes: #1111589, CVE-2025-55291)
* Update patches
Checksums-Sha1:
8b4c5893f6e90afeab10fa5eff713b8fedcf664d 2656 shaarli_0.15.0+dfsg-1.dsc
2bc78e953a96cfb2c7c46448b80e23c7558cd22e 893636 shaarli_0.15.0+dfsg.orig.tar.xz
cb86d466c4e58eb17ad7e43bb7177268d91f7ba0 31236
shaarli_0.15.0+dfsg-1.debian.tar.xz
5affb2b2140eb1f890f8272e316f17fb24579b7a 24126
shaarli_0.15.0+dfsg-1_amd64.buildinfo
Checksums-Sha256:
d70beb0f14e06ca5ebaff2474445605eaf7a7333db215a2952cde459769325ea 2656
shaarli_0.15.0+dfsg-1.dsc
01a8678a0ad36b154c4549b0fe12fea5c38e2164a570b3ef338320738afa1ed6 893636
shaarli_0.15.0+dfsg.orig.tar.xz
ac6e09998db0114d3db636bfb4ed912b05536e3259c977a3bc8e8a933c591890 31236
shaarli_0.15.0+dfsg-1.debian.tar.xz
68f6df5025dcd2f4e3534cc57ba69c587737888c0f4d95dffd19244d1bd5ae2a 24126
shaarli_0.15.0+dfsg-1_amd64.buildinfo
Files:
be0d86aa68fe70d242469f8f2f9b33d2 2656 web optional shaarli_0.15.0+dfsg-1.dsc
9681cf6286b0c077e6e0eccf22a8c7ac 893636 web optional
shaarli_0.15.0+dfsg.orig.tar.xz
23b1a3132b02b6e9a6d15adb41b54d2d 31236 web optional
shaarli_0.15.0+dfsg-1.debian.tar.xz
836301d58083576ab8c376372c25e903 24126 web optional
shaarli_0.15.0+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCgA0FiEEfWrbdQ+RCFWJSEvmd8DHXntlCAgFAmioVQAWHGp2YWxsZXJv
eUBtYWlsYm94Lm9yZwAKCRB3wMdee2UICCuED/9meUBgHhQaV9BbXICNRIwbXr6j
f5CHB69dkG79fmP9aLoHFh8DLGthnW8bREi4mqRBL13p0FJQi/nZVIGKgumCRP04
oM77MX3y4iN+hTEQ4gj90O34Kqp0lmvU22D9O1+S6T7Lcdl8IChYh5OArjwgIGly
Y+BRpeXPq43g6qRPlCuwrUSU+WTKOzRm7DJL5/w9/MdVvjNKiWQJ1nbVYZrPbLe3
oQAsHd6x0PfqAuRNhmToFWDMgEGf7pTAHSmHDnvaGIhorI5YIwzRO6mYZtX0HavF
ItcINBUMXxt7Ufa4no6yROk7C2XX74e/e9653mvvhspbiSTsJKkeoj8r1gSLcbhb
mOTYL6n0xaoDWRlGbcmswcIyA3WwLku8FeYUXzN1JDOGH/gffmQT9aCXaS1lZ940
K/8udoFcm0kaRxnwRJbbugUWJjv+tUcbeAm6YNBhvXznGl54ixatxXe04LNQ6qYS
1O0z8DWtBVNDJN2yfX1zymZgZk5eeBnWu+vSSVICAvH1qkvKhQ7j3acAl7Pb7EWp
MDXl1sNS1PeYaP07OHE+95YzVDKM8KrDHqTdBrBVxXL1q/sQ97kIZo9AxCoFQa/b
ntGPl5FweBaPwUNfK8j15FEYmX/iRJt34uAeyeSPcAAriT1+/75KwuBNWdgGBBXP
SPfoA/SBBrzarGe95w==
=7iQt
-----END PGP SIGNATURE-----
pgpRsLYdABmNx.pgp
Description: PGP signature
--- End Message ---
