[Pkg-mediawiki-devel] Bug#345280: marked as done (CVE-2005-4501: XSS with Internet Explorer)

Debian Bug Tracking System owner at bugs.debian.org
Sat Jan 7 13:03:23 UTC 2006 

Your message dated Sat, 07 Jan 2006 04:32:13 -0800
with message-id <E1EvDEz-0002q9-Jo at spohr.debian.org>
and subject line Bug#345280: fixed in mediawiki 1.4.13-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 30 Dec 2005 01:43:22 +0000
>From jmm at inutil.org Thu Dec 29 17:43:22 2005
Return-path: <jmm at inutil.org>
Received: from inutil.org ([193.22.164.111] helo=vserver151.vserver151.serverflex.de)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1Es9Ig-0001Rd-7l
	for submit at bugs.debian.org; Thu, 29 Dec 2005 17:43:22 -0800
Received: from hacker-224-228.congress.ccc.de ([81.163.228.224] helo=localhost.localdomain)
	by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(Exim 4.50)
	id 1Es9Id-0002Ch-A4
	for submit at bugs.debian.org; Fri, 30 Dec 2005 02:43:19 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.60)
	(envelope-from <jmm at inutil.org>)
	id 1Es9H0-0004OF-3s; Fri, 30 Dec 2005 02:41:38 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <jmm at inutil.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: CVE-2005-4501: XSS with Internet Explorer
Message-ID: <20051230014137.16530.84703.reportbug at localhost.localdomain>
X-Mailer: reportbug 3.18
Date: Fri, 30 Dec 2005 02:41:37 +0100
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
X-SA-Exim-Connect-IP: 81.163.228.224
X-SA-Exim-Mail-From: jmm at inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
	X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: mediawiki
Severity: normal
Tags: security

MediaWiki 1.5.4 fixes an Internet Explorer specific XSS vulnerability.
I'm unsure, whether this is an issue that should be fixed in IE instead,
if this is not the case, please check, whether 1.4.* is affected.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)

---------------------------------------
Received: (at 345280-close) by bugs.debian.org; 7 Jan 2006 12:45:52 +0000
>From katie at ftp-master.debian.org Sat Jan 07 04:45:52 2006
Return-path: <katie at ftp-master.debian.org>
Received: from katie by spohr.debian.org with local (Exim 4.50)
	id 1EvDEz-0002q9-Jo; Sat, 07 Jan 2006 04:32:13 -0800
From: =?utf-8?b?TWFyYyBEZXF1w6huZXMgKER1Y2sp?= <Duck at DuckCorp.org>
To: 345280-close at bugs.debian.org
X-Katie: $Revision: 1.65 $
Subject: Bug#345280: fixed in mediawiki 1.4.13-1
Message-Id: <E1EvDEz-0002q9-Jo at spohr.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Sat, 07 Jan 2006 04:32:13 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: mediawiki
Source-Version: 1.4.13-1

We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:

mediawiki-math_1.4.13-1_i386.deb
  to pool/main/m/mediawiki/mediawiki-math_1.4.13-1_i386.deb
mediawiki_1.4.13-1.diff.gz
  to pool/main/m/mediawiki/mediawiki_1.4.13-1.diff.gz
mediawiki_1.4.13-1.dsc
  to pool/main/m/mediawiki/mediawiki_1.4.13-1.dsc
mediawiki_1.4.13-1_all.deb
  to pool/main/m/mediawiki/mediawiki_1.4.13-1_all.deb
mediawiki_1.4.13.orig.tar.gz
  to pool/main/m/mediawiki/mediawiki_1.4.13.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 345280 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Dequènes (Duck) <Duck at DuckCorp.org> (supplier of updated mediawiki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  7 Jan 2006 13:10:58 +0100
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source all i386
Version: 1.4.13-1
Distribution: unstable
Urgency: high
Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel at lists.alioth.debian.org>
Changed-By: Marc Dequènes (Duck) <Duck at DuckCorp.org>
Description: 
 mediawiki  - website engine for collaborative work
 mediawiki-math - math rendering plugin for MediaWiki
Closes: 345280
Changes: 
 mediawiki (1.4.13-1) unstable; urgency=high
 .
   * New upstream security release (Closes: #345280).
   * Exclude texvc/texvc.bc from dh_shlibdeps processing, it now
     strangely fails (temporary solution for fast security upload,
     further analisys later).
Files: 
 1cbbc2521618cf0fca5a08debb68f8ec 899 web optional mediawiki_1.4.13-1.dsc
 c297ba65d88b380d0cc31366d90cb23b 1982615 web optional mediawiki_1.4.13.orig.tar.gz
 d7b4535533bfef10ec9b803280a58077 9929 web optional mediawiki_1.4.13-1.diff.gz
 82364f723ffab21bacf711b267bd550b 1946372 web optional mediawiki_1.4.13-1_all.deb
 06b3ad217110d960593d3108475d1ebd 117892 web optional mediawiki-math_1.4.13-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDv6/5sczZcpAmcIYRAqX3AJ9oUnDRDsGAroNNLfk3XulCkm2awgCePKlA
KOrQEBxB19GU5OBOJj+bu7E=
=vTbO
-----END PGP SIGNATURE-----

More information about the Pkg-mediawiki-devel mailing list