Your message dated Sat, 05 Sep 2015 14:33:54 +0100
with message-id <[email protected]>
and subject line Closing bugs for 7.9
has caused the Debian Bug report #782042,
regarding wheezy-pu: package ikiwiki/3.20120629.2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
782042: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782042
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: wheezy
User: [email protected]
Usertags: pu
Raghav Bisht reported a cross-site-scripting vulnerability in ikiwiki
(#781483, CVE-2015-2793). The security team have asked me to fix it
via wheezy-proposed-updates rather than wheezy-security.
OK to upload?
(As before, the double diff for the changelog is because CHANGELOG is a
symlink to debian/changelog.)
Thanks,
S
diffstat for ikiwiki-3.20120629.1 ikiwiki-3.20120629.2
CHANGELOG | 8 ++++++++
debian/changelog | 8 ++++++++
templates/openid-selector.tmpl | 2 +-
3 files changed, 17 insertions(+), 1 deletion(-)
diff -Nru ikiwiki-3.20120629.1/CHANGELOG ikiwiki-3.20120629.2/CHANGELOG
--- ikiwiki-3.20120629.1/CHANGELOG 2015-01-17 11:53:38.000000000 +0000
+++ ikiwiki-3.20120629.2/CHANGELOG 2015-04-06 21:15:31.000000000 +0100
@@ -1,3 +1,11 @@
+ikiwiki (3.20120629.2) wheezy; urgency=medium
+
+ [ Joey Hess ]
+ * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483;
+ CVE-2015-2793)
+
+ -- Simon McVittie <[email protected]> Mon, 06 Apr 2015 20:34:51 +0100
+
ikiwiki (3.20120629.1) wheezy; urgency=medium
Backport blogspam plugin from experimental, because the version in
diff -Nru ikiwiki-3.20120629.1/debian/changelog ikiwiki-3.20120629.2/debian/changelog
--- ikiwiki-3.20120629.1/debian/changelog 2015-01-17 11:53:38.000000000 +0000
+++ ikiwiki-3.20120629.2/debian/changelog 2015-04-06 21:15:31.000000000 +0100
@@ -1,3 +1,11 @@
+ikiwiki (3.20120629.2) wheezy; urgency=medium
+
+ [ Joey Hess ]
+ * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483;
+ CVE-2015-2793)
+
+ -- Simon McVittie <[email protected]> Mon, 06 Apr 2015 20:34:51 +0100
+
ikiwiki (3.20120629.1) wheezy; urgency=medium
Backport blogspam plugin from experimental, because the version in
diff -Nru ikiwiki-3.20120629.1/templates/openid-selector.tmpl ikiwiki-3.20120629.2/templates/openid-selector.tmpl
--- ikiwiki-3.20120629.1/templates/openid-selector.tmpl 2015-01-14 22:06:16.000000000 +0000
+++ ikiwiki-3.20120629.2/templates/openid-selector.tmpl 2015-04-06 21:15:27.000000000 +0100
@@ -23,7 +23,7 @@
</div>
<div id="openid_input_area">
<label for="openid_identifier" class="block">Enter your OpenID:</label>
- <input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR OPENID_URL>"/>
+ <input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR ESCAPE=HTML OPENID_URL>"/>
<input id="openid_submit" type="submit" value="Login"/>
</div>
<TMPL_IF OPENID_ERROR>
--- End Message ---
--- Begin Message ---
Version: 7.9
Hi,
These bugs relate to updates which were included in the 7.9 point
release.
Regards,
Adam
--- End Message ---
