Debian Bug report logs -
#345280
CVE-2005-4501: XSS with Internet Explorer
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 30 Dec 2005 01:48:15 UTC
Severity: normal
Tags: security
Fixed in version mediawiki/1.4.13-1
Done: Marc Dequènes (Duck) <Duck@DuckCorp.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>
:
Bug#345280
; Package mediawiki
.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mediawiki
Severity: normal
Tags: security
MediaWiki 1.5.4 fixes an Internet Explorer specific XSS vulnerability.
I'm unsure, whether this is an issue that should be fixed in IE instead,
if this is not the case, please check, whether 1.4.* is affected.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Reply sent to Marc Dequènes (Duck) <Duck@DuckCorp.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 345280-close@bugs.debian.org (full text, mbox, reply):
Source: mediawiki
Source-Version: 1.4.13-1
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:
mediawiki-math_1.4.13-1_i386.deb
to pool/main/m/mediawiki/mediawiki-math_1.4.13-1_i386.deb
mediawiki_1.4.13-1.diff.gz
to pool/main/m/mediawiki/mediawiki_1.4.13-1.diff.gz
mediawiki_1.4.13-1.dsc
to pool/main/m/mediawiki/mediawiki_1.4.13-1.dsc
mediawiki_1.4.13-1_all.deb
to pool/main/m/mediawiki/mediawiki_1.4.13-1_all.deb
mediawiki_1.4.13.orig.tar.gz
to pool/main/m/mediawiki/mediawiki_1.4.13.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 345280@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marc Dequènes (Duck) <Duck@DuckCorp.org> (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 7 Jan 2006 13:10:58 +0100
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source all i386
Version: 1.4.13-1
Distribution: unstable
Urgency: high
Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>
Changed-By: Marc Dequènes (Duck) <Duck@DuckCorp.org>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Closes: 345280
Changes:
mediawiki (1.4.13-1) unstable; urgency=high
.
* New upstream security release (Closes: #345280).
* Exclude texvc/texvc.bc from dh_shlibdeps processing, it now
strangely fails (temporary solution for fast security upload,
further analisys later).
Files:
1cbbc2521618cf0fca5a08debb68f8ec 899 web optional mediawiki_1.4.13-1.dsc
c297ba65d88b380d0cc31366d90cb23b 1982615 web optional mediawiki_1.4.13.orig.tar.gz
d7b4535533bfef10ec9b803280a58077 9929 web optional mediawiki_1.4.13-1.diff.gz
82364f723ffab21bacf711b267bd550b 1946372 web optional mediawiki_1.4.13-1_all.deb
06b3ad217110d960593d3108475d1ebd 117892 web optional mediawiki-math_1.4.13-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDv6/5sczZcpAmcIYRAqX3AJ9oUnDRDsGAroNNLfk3XulCkm2awgCePKlA
KOrQEBxB19GU5OBOJj+bu7E=
=vTbO
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 26 Jun 2007 18:00:53 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:12:16 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.