Your message dated Sun, 30 Dec 2012 16:43:24 +0000 with message-id <[email protected]> and subject line Re: Bug#696999: [[email protected]: Re: Bug#696999: unblock: mediawiki-extensions/2.11] has caused the Debian Bug report #696999, regarding unblock: mediawiki-extensions/2.11 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 696999: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696999 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock Please unblock mediawiki-extensions to fix the security bug #696179 (no CVE has been assigned yet). This resolves an XSS attack on any user of a wiki importing a malicious RSS feed (insufficient escaping). It has been uploaded as urgency=medium but could be aged to high if you wish. Thanks, -- Jonathan Wiltshire [email protected] Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 <directhex> i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---On Sun, 2012-12-30 at 16:33 +0000, Thorsten Glaser wrote: > Jonathan Wiltshire dixit: > > >Any idea what the comment in > > > >++ array('a', /* does not work */ 'img'))); > > > >is about? > > The MediaWiki HTML sanitiser accepts an array of tags to also > accept in the output. I’ve tried whitelisting 'a' and 'img', > but the latter does not currently work. I hope this will be > addressed in a future version of MediaWiki (actually, I could > probably cook up a patch), and right now, its presence there > is a nop. Hmmm, okay. Unblocked. Regards, Adam
--- End Message ---
