Debian Bug report logs - #537634
mediawiki: multiple vulnerabilities fixed in new upstreams

version graph

Package: mediawiki; Maintainer for mediawiki is Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>; Source for mediawiki is src:mediawiki.

Reported by: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

Date: Mon, 20 Jul 2009 00:12:02 UTC

Severity: serious

Tags: security

Found in version mediawiki/1:1.15.0-1

Fixed in version mediawiki/1:1.15.0-1.1

Done: Nico Golde <nion@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>:
Bug#537634; Package mediawiki. (Mon, 20 Jul 2009 00:12:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>. (Mon, 20 Jul 2009 00:12:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: mediawiki: multiple vulnerabilities fixed in new upstreams
Date: Sun, 19 Jul 2009 20:07:34 -0400
package: mediawiki
version: 1:1.15.0-1
severity: serious
tags: security

hello, multiple vulnerabilies have been fixed in upstream mediawiki
1.15.1 (these problems did not exist before 1.14.0, so lenny/etch are
not vulnerable) [0]. please update unstable to this version. thanks.

[0]
http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html




Information forwarded to debian-bugs-dist@lists.debian.org, Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>:
Bug#537634; Package mediawiki. (Sun, 26 Jul 2009 16:18:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>. (Sun, 26 Jul 2009 16:18:02 GMT) Full text and rfc822 format available.

Message #10 received at 537634@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 537634@bugs.debian.org
Subject: intent to NMU
Date: Sun, 26 Jul 2009 18:12:24 +0200
[Message part 1 (text/plain, inline)]
Hi,
intent to upload a 0-day NMU to fix this bug.

Patch available on:
http://people.debian.org/~nion/nmu-diff/mediawiki-1.15.0-1_1.15.0-1.1.patch

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Sun, 26 Jul 2009 16:45:03 GMT) Full text and rfc822 format available.

Notification sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Sun, 26 Jul 2009 16:45:03 GMT) Full text and rfc822 format available.

Message #15 received at 537634-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 537634-close@bugs.debian.org
Subject: Bug#537634: fixed in mediawiki 1:1.15.0-1.1
Date: Sun, 26 Jul 2009 16:32:10 +0000
Source: mediawiki
Source-Version: 1:1.15.0-1.1

We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:

mediawiki-math_1.15.0-1.1_amd64.deb
  to pool/main/m/mediawiki/mediawiki-math_1.15.0-1.1_amd64.deb
mediawiki_1.15.0-1.1.diff.gz
  to pool/main/m/mediawiki/mediawiki_1.15.0-1.1.diff.gz
mediawiki_1.15.0-1.1.dsc
  to pool/main/m/mediawiki/mediawiki_1.15.0-1.1.dsc
mediawiki_1.15.0-1.1_all.deb
  to pool/main/m/mediawiki/mediawiki_1.15.0-1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 537634@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated mediawiki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 26 Jul 2009 18:11:07 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source all amd64
Version: 1:1.15.0-1.1
Distribution: unstable
Urgency: high
Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 mediawiki  - website engine for collaborative work
 mediawiki-math - math rendering plugin for MediaWiki
Closes: 537634
Changes: 
 mediawiki (1:1.15.0-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix cross-site scripting in [[Special:Block]]
     (No CVE id yet; XSS-no-CVE.patch; Closes: #537634).
Checksums-Sha1: 
 a2d957fdda64dfbbf3cba09b140896d2176cdbd9 1243 mediawiki_1.15.0-1.1.dsc
 6a4b70e1e66668e0d787859a26800d4f88ca6dd4 29062 mediawiki_1.15.0-1.1.diff.gz
 be0ef1297a8e729b0f569181c2f283328676f38c 10809884 mediawiki_1.15.0-1.1_all.deb
 4007340be8d9d158423e8c19ac4a1f39c0b56f98 179938 mediawiki-math_1.15.0-1.1_amd64.deb
Checksums-Sha256: 
 55c61e6abf438a45edff19e1b301ff879281c35fa78ad8d0e9dab4bc7867958b 1243 mediawiki_1.15.0-1.1.dsc
 83a29c7954daea1f996bff9f0bed46a3155b951b4816ec8a1dd21cb2cc731085 29062 mediawiki_1.15.0-1.1.diff.gz
 93bf9830cd2438703843ecaec5cb9e233d248cd50d7d16abe1ee7da5e74ec27c 10809884 mediawiki_1.15.0-1.1_all.deb
 77bbe5f61e90b039a10f556fd80052789e67f596988e3d3d2018b00c04a6975a 179938 mediawiki-math_1.15.0-1.1_amd64.deb
Files: 
 64b614da88af8b538b188a5ebd4e3fd2 1243 web optional mediawiki_1.15.0-1.1.dsc
 c753bd2d1cf549335f0e313015c4f4bc 29062 web optional mediawiki_1.15.0-1.1.diff.gz
 8c1926b470ba8b1296a5505189302d3e 10809884 web optional mediawiki_1.15.0-1.1_all.deb
 662d5d31dc7734b25eb4d37984bf7b2b 179938 web optional mediawiki-math_1.15.0-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpsgkIACgkQHYflSXNkfP82hwCgs+NVzUfr0a6vLoauhqntXY79
XfYAoKZPeutJd+cj+t0097qUfj2hfsxk
=Fjdd
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>:
Bug#537634; Package mediawiki. (Sun, 26 Jul 2009 19:03:20 GMT) Full text and rfc822 format available.

Acknowledgement sent to Romain Beauxis <toots@rastageeks.org>:
Extra info received and forwarded to list. Copy sent to Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>. (Sun, 26 Jul 2009 19:03:20 GMT) Full text and rfc822 format available.

Message #20 received at 537634@bugs.debian.org (full text, mbox):

From: Romain Beauxis <toots@rastageeks.org>
To: Nico Golde <nion@debian.org>, 537634@bugs.debian.org, Maintenance team for the mediawiki package <pkg-mediawiki-devel@lists.alioth.debian.org>
Subject: Re: [Pkg-mediawiki-devel] Bug#537634: intent to NMU
Date: Sun, 26 Jul 2009 20:46:10 +0200
Le dimanche 26 juillet 2009 18:12:24, Nico Golde a écrit :
> Hi,

	Hi !

> intent to upload a 0-day NMU to fix this bug.
>
> Patch available on:
> http://people.debian.org/~nion/nmu-diff/mediawiki-1.15.0-1_1.15.0-1.1.patch

Ok, thanks. I am very busy these days...


Romain





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 31 Aug 2009 07:33:38 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 21:48:49 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.