Your message dated Wed, 30 Nov 2011 23:02:30 +0000 with message-id <e1rvtac-0003wt...@franck.debian.org> and subject line Bug#650434: fixed in mediawiki 1:1.15.5-4 has caused the Debian Bug report #650434, regarding mediawiki: two security issues (fixed in 1.17.1) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 650434: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650434 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mediawiki Severity: grave Tags: security patch Hi Mediawiki Maintenance Team, In the 1.17.1 release announce, two grave vulnerabilities have been fixed: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011- November/000104.html Patches are included in the wikimedia bugzilla: https://bugzilla.wikimedia.org/show_bug.cgi?id=32276 https://bugzilla.wikimedia.org/show_bug.cgi?id=32616 Please, consider backport those patches to stable and oldstable since they look affected. Coordinate with the security team a DSA release. Regards, /luciano
--- End Message ---
--- Begin Message ---Source: mediawiki Source-Version: 1:1.15.5-4 We believe that the bug you reported is fixed in the latest version of mediawiki, which is due to be installed in the Debian FTP archive: mediawiki-math_1.15.5-4_amd64.deb to main/m/mediawiki/mediawiki-math_1.15.5-4_amd64.deb mediawiki_1.15.5-4.debian.tar.gz to main/m/mediawiki/mediawiki_1.15.5-4.debian.tar.gz mediawiki_1.15.5-4.dsc to main/m/mediawiki/mediawiki_1.15.5-4.dsc mediawiki_1.15.5-4_all.deb to main/m/mediawiki/mediawiki_1.15.5-4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 650...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonathan Wiltshire <j...@debian.org> (supplier of updated mediawiki package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 30 Nov 2011 22:42:52 +0000 Source: mediawiki Binary: mediawiki mediawiki-math Architecture: source all amd64 Version: 1:1.15.5-4 Distribution: unstable Urgency: low Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-de...@lists.alioth.debian.org> Changed-By: Jonathan Wiltshire <j...@debian.org> Description: mediawiki - website engine for collaborative work mediawiki-math - math rendering plugin for MediaWiki Closes: 615983 650434 Changes: mediawiki (1:1.15.5-4) unstable; urgency=low . [ Thorsten Glaser ] * debian/patches/fix_invalid_sql.patch: new (Closes: #615983) . [ Jonathan Wiltshire ] * Security fixes from upstream (Closes: #650434): CVE-2011-4360 - page titles on private wikis could be exposed bypassing different page ids to index.php CVE-2011-4361 - action=ajax requests were dispatched to the relevant function without any read permission checks being done Checksums-Sha1: 721badcb649f197f3d78705544dd499ef1a21574 2129 mediawiki_1.15.5-4.dsc af801e9595094076b47db833df7293a11e9ca741 38463 mediawiki_1.15.5-4.debian.tar.gz 34ab8776d7d9ce0a7226cac3502db0eac1e652dd 11717960 mediawiki_1.15.5-4_all.deb a3bc84e474980c3e702aeb212178d01b3ae6bdac 322448 mediawiki-math_1.15.5-4_amd64.deb Checksums-Sha256: b0bb0c9f2382bcde251b726ce60a1bd34d3e985bf0e78e073c78625c6ff53823 2129 mediawiki_1.15.5-4.dsc 9161f9d112a534e5f86c29ff6fa1acf7fd96ca988fd5de2a23190623d98bddc4 38463 mediawiki_1.15.5-4.debian.tar.gz 76c32db1d852c28096350496a26a57fd1e6be51a4d78fed8722d592accecda2e 11717960 mediawiki_1.15.5-4_all.deb 08c055ba17894ff0c97b05fc501964865bbffc6efcd6c7b878840304c93e720b 322448 mediawiki-math_1.15.5-4_amd64.deb Files: c077d8c1f8b3b4f57e37c89d60b43ce2 2129 web optional mediawiki_1.15.5-4.dsc 111f57f8d2fd625265fa578fb8df091d 38463 web optional mediawiki_1.15.5-4.debian.tar.gz 1b35894ae0d4297cf6981a720ee2b49f 11717960 web optional mediawiki_1.15.5-4_all.deb 8e024984eb458c2ee9f4a8db4923aa5f 322448 web optional mediawiki-math_1.15.5-4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJO1rGvAAoJEFOUR53TUkxREZIP/0XhK1ivIE5s0NsSRYlfwX0O kr3DR/0CJxbY2iSgGWcH7LwQiH+AAchgOwrCvw2qvgMPu6lsaQDDSScRK77Y20E7 0YJgpLvFPMdeCePphMLEtCKZTW+D0nV3qo7qxpytDRPXZ7PN6wR6FcZwdVgltGoq Abf2DiqTRkjAYwp3x+FP4qkQt5ku4deWcVFNZB2HoyWW0M0x3562Yz8kIE//8GOg eTSUXh1Vose2FherzbG7HzjAueBlwl1kTzMbkSI7Y4qSzlRhoFzNBOmG77xtGbdg hbD4OSN1MJ99xxQUY6Oxub6rc4w9/iZHM9t3SM7h2sxZFFvjnuApeiVP2WWCJR1x 49+Wrr5D3JRBsZpc/rY5oK8BUOeXxBXkdm7UH8UCuKcC0N4uL9YJCfLknnGuzXFM fSfPf6rsT3XZcc0nZRqqBVXJl9/xas74BdaUai572Dag7Vbwt1tTN5pAcfN34l4y DB8GBLLEZW2aKVyUs4gbH0sCJOh53RtMJ7TlWCdt1+Orapn6emLF0H02peKpV0DX QPHyawI9S6scAT3lkem2izDOcA1LuLEHu7gxwNK+Yen5y1EC+OKWpnSiLn6fGJ/H 2QLAvoA0VtkTSTv8AMFYQwcPtYOSOH7AoiKv5eJRDmaKTlRNbfisuPCG661Xt+jO OxazrIgxE7dYeNjDabXC =gnT+ -----END PGP SIGNATURE-----
--- End Message ---
