CVE-2005-4501: XSS with Internet Explorer

Debian Bug report logs - #345280
CVE-2005-4501: XSS with Internet Explorer

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2005-4501: XSS with Internet Explorer

Date: Fri, 30 Dec 2005 02:41:37 +0100

Package: mediawiki
Severity: normal
Tags: security

MediaWiki 1.5.4 fixes an Internet Explorer specific XSS vulnerability.
I'm unsure, whether this is an issue that should be fixed in IE instead,
if this is not the case, please check, whether 1.4.* is affected.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Message #10 received at 345280-close@bugs.debian.org (full text, mbox, reply):

From: Marc Dequènes (Duck) <Duck@DuckCorp.org>

To: 345280-close@bugs.debian.org

Subject: Bug#345280: fixed in mediawiki 1.4.13-1

Date: Sat, 07 Jan 2006 04:32:13 -0800

Source: mediawiki
Source-Version: 1.4.13-1

We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:

mediawiki-math_1.4.13-1_i386.deb
  to pool/main/m/mediawiki/mediawiki-math_1.4.13-1_i386.deb
mediawiki_1.4.13-1.diff.gz
  to pool/main/m/mediawiki/mediawiki_1.4.13-1.diff.gz
mediawiki_1.4.13-1.dsc
  to pool/main/m/mediawiki/mediawiki_1.4.13-1.dsc
mediawiki_1.4.13-1_all.deb
  to pool/main/m/mediawiki/mediawiki_1.4.13-1_all.deb
mediawiki_1.4.13.orig.tar.gz
  to pool/main/m/mediawiki/mediawiki_1.4.13.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 345280@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Dequènes (Duck) <Duck@DuckCorp.org> (supplier of updated mediawiki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  7 Jan 2006 13:10:58 +0100
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source all i386
Version: 1.4.13-1
Distribution: unstable
Urgency: high
Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>
Changed-By: Marc Dequènes (Duck) <Duck@DuckCorp.org>
Description: 
 mediawiki  - website engine for collaborative work
 mediawiki-math - math rendering plugin for MediaWiki
Closes: 345280
Changes: 
 mediawiki (1.4.13-1) unstable; urgency=high
 .
   * New upstream security release (Closes: #345280).
   * Exclude texvc/texvc.bc from dh_shlibdeps processing, it now
     strangely fails (temporary solution for fast security upload,
     further analisys later).
Files: 
 1cbbc2521618cf0fca5a08debb68f8ec 899 web optional mediawiki_1.4.13-1.dsc
 c297ba65d88b380d0cc31366d90cb23b 1982615 web optional mediawiki_1.4.13.orig.tar.gz
 d7b4535533bfef10ec9b803280a58077 9929 web optional mediawiki_1.4.13-1.diff.gz
 82364f723ffab21bacf711b267bd550b 1946372 web optional mediawiki_1.4.13-1_all.deb
 06b3ad217110d960593d3108475d1ebd 117892 web optional mediawiki-math_1.4.13-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDv6/5sczZcpAmcIYRAqX3AJ9oUnDRDsGAroNNLfk3XulCkm2awgCePKlA
KOrQEBxB19GU5OBOJj+bu7E=
=vTbO
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.