Debian Bug report logs -
#861585
mediawiki: CVE-2017-0372 (included in security release 1.27.3 and 1.28.2)
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 1 May 2017 04:54:02 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in version mediawiki/1:1.27.2-1
Fixed in version mediawiki/1:1.27.3-1
Done: Kunal Mehta <legoktm@member.fsf.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Kunal Mehta <legoktm@member.fsf.org>
:
Bug#861585
; Package src:mediawiki
.
(Mon, 01 May 2017 04:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Kunal Mehta <legoktm@member.fsf.org>
.
(Mon, 01 May 2017 04:54:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mediawiki
Version: 1:1.27.2-1
Severity: important
Tags: upstream security fixed-upstream
Hi
Due to a mistake in the packaging, cf. [1], the upstream releases
1.27.2 and 1.28.1 did not contain the fix for
https://phabricator.wikimedia.org/T158689 (which is CVE-2017-0372).
New releases were issued.
[1] https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html
Regards,
Salvatore
Reply sent
to Kunal Mehta <legoktm@member.fsf.org>
:
You have taken responsibility.
(Mon, 01 May 2017 21:54:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Mon, 01 May 2017 21:54:03 GMT) (full text, mbox, link).
Message #10 received at 861585-close@bugs.debian.org (full text, mbox, reply):
Source: mediawiki
Source-Version: 1:1.27.3-1
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 861585@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kunal Mehta <legoktm@member.fsf.org> (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 01 May 2017 13:20:11 -0700
Source: mediawiki
Binary: mediawiki mediawiki-classes
Architecture: source all
Version: 1:1.27.3-1
Distribution: unstable
Urgency: medium
Maintainer: Kunal Mehta <legoktm@member.fsf.org>
Changed-By: Kunal Mehta <legoktm@member.fsf.org>
Description:
mediawiki - website engine for collaborative work
mediawiki-classes - website engine for collaborative work - standalone classes
Closes: 861585
Changes:
mediawiki (1:1.27.3-1) unstable; urgency=medium
.
* Imported Upstream version 1.27.3 (security release), that
actually contains the fix for CVE-2017-0372 (Closes: #861585)
Checksums-Sha1:
a6c208ce7cf849857579492a11e0fa96999aee52 1942 mediawiki_1.27.3-1.dsc
17811421130e34507bbc7faa1ecad6e7f0a511bf 31509270 mediawiki_1.27.3.orig.tar.gz
c3db2156b67ad33a5b08bc2d924a6b7d3d76cc62 70916 mediawiki_1.27.3-1.debian.tar.xz
5ada66d4bbb83c1f5e2b324e6b0b631339c98ee1 406132 mediawiki-classes_1.27.3-1_all.deb
2d9ff179dede196a278c456ac6982696741d259f 20972426 mediawiki_1.27.3-1_all.deb
9d2a1f7189e89b97e1cd7eb738b435ac526199c3 6351 mediawiki_1.27.3-1_amd64.buildinfo
Checksums-Sha256:
ef6fb0d3c606cf57e8eb8c24b63a168ffa70a6ff007389b9be093483818b9ac9 1942 mediawiki_1.27.3-1.dsc
11d470582b52a471b4e99735b36a44b230681847a97ef032c2fc050fd8aea823 31509270 mediawiki_1.27.3.orig.tar.gz
b77b3d209cd754178c80981516d6d9f69c50cd857c5a9294ea21af60898bcb17 70916 mediawiki_1.27.3-1.debian.tar.xz
6465d7366b567e666f28eac25d313fd799c13fbf23eedd3e7416ff4a1b8b82f9 406132 mediawiki-classes_1.27.3-1_all.deb
c2453e6d1a1d2a85a805ef485fff94ad9a07ede7264e86aed8ddb3d0404163ec 20972426 mediawiki_1.27.3-1_all.deb
3f227d021090ed768e41dfcf1c359388d9f8691d22f8aa432b903f9c832cd38e 6351 mediawiki_1.27.3-1_amd64.buildinfo
Files:
ed66c3abf4120cf39ef70f23a3acb683 1942 web optional mediawiki_1.27.3-1.dsc
7aefefb0bd5ba8d08ed721f91f8b74ce 31509270 web optional mediawiki_1.27.3.orig.tar.gz
9d0efb39d69069a0c2ad47ebc65cba78 70916 web optional mediawiki_1.27.3-1.debian.tar.xz
800f6c6e728f7286c20a6bb8aa45db82 406132 web optional mediawiki-classes_1.27.3-1_all.deb
525b156bf3807b9090be0311c7d66e0b 20972426 web optional mediawiki_1.27.3-1_all.deb
84943fa9d36ffae2c74024fa6d527aee 6351 web optional mediawiki_1.27.3-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE+h6fmkHn9DUCyl1jUvyOe+23/KIFAlkHp7YACgkQUvyOe+23
/KKbag//TMBwa8iFQPzS8/U9kIqfqaIBOQeJC/2T99htM+PkM+6t2P4byewi9Ad6
F5O/w8WXMyD4n8OYC72x5eWCqm4MtdPrRKMKT+hqzer1+RcKmPd/pjPqzYbqABnu
RPeTa9ibAWhcIEBuJLgPABeR6dIGXFSP+vE+gnqO287zsdTibDJ+tybCU2Fw7zI3
pxVdT7XPqzMQy0ktl3C/LCBrxdWmoK1HfZr1ItB403f0Hj7Mf2WNCq6AAfs9D54c
2XTzLKvG3CkupToydFQFby/t+aayr01E/jtS4T/YgP36r7+NTETeAUcJ5fuiCkpd
/yW9G95VRREjy1sc4Po9QQUrs+UmWSXqk9iuziLKmvdShC/o8hdf/MmkCG5/sF+w
0BdgA/fgR5yl3uEqSf26qizrFDlipLceY1IDehnQv3JJXCinDyNaKfBiPX17JaxZ
jNhNk5wHeQL7jJeeKykftEvvpAMXAImkUgg+9Y9qhpJQCGD68TvoNzYUuGWpT9vK
jDSvJB1hCvteBvA2ygfM98psD1FInWWScfp1ZffQbVt0ryoFt1oE3YLqou+y2/fO
P2OKppYfU83RIzu8gHdzEj3P2c1SgVFeD1eycUd8xolBFssMXVrEhnh/+RixWOYa
SrCCTMqJtbK0o6QhJd4U2dyjxnig8TrdS7y8gaNASd0J/llp2Bo=
=YObw
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 05 Jun 2017 07:29:59 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:27:49 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.