Your message dated Sat, 05 Sep 2015 14:33:54 +0100 with message-id <1441460034.2151.33.camel@adam-barratt.org.uk> and subject line Closing bugs for 7.9 has caused the Debian Bug report #782042, regarding wheezy-pu: package ikiwiki/3.20120629.2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 782042: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782042 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: wheezy-pu: package ikiwiki/3.20120629.2
- From: Simon McVittie <smcv@debian.org>
- Date: Mon, 6 Apr 2015 21:55:55 +0100
- Message-id: <20150406205547.GA23183@perpetual.pseudorandom.co.uk>
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian.org@packages.debian.org Usertags: pu Raghav Bisht reported a cross-site-scripting vulnerability in ikiwiki (#781483, CVE-2015-2793). The security team have asked me to fix it via wheezy-proposed-updates rather than wheezy-security. OK to upload? (As before, the double diff for the changelog is because CHANGELOG is a symlink to debian/changelog.) Thanks, Sdiffstat for ikiwiki-3.20120629.1 ikiwiki-3.20120629.2 CHANGELOG | 8 ++++++++ debian/changelog | 8 ++++++++ templates/openid-selector.tmpl | 2 +- 3 files changed, 17 insertions(+), 1 deletion(-) diff -Nru ikiwiki-3.20120629.1/CHANGELOG ikiwiki-3.20120629.2/CHANGELOG --- ikiwiki-3.20120629.1/CHANGELOG 2015-01-17 11:53:38.000000000 +0000 +++ ikiwiki-3.20120629.2/CHANGELOG 2015-04-06 21:15:31.000000000 +0100 @@ -1,3 +1,11 @@ +ikiwiki (3.20120629.2) wheezy; urgency=medium + + [ Joey Hess ] + * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483; + CVE-2015-2793) + + -- Simon McVittie <smcv@debian.org> Mon, 06 Apr 2015 20:34:51 +0100 + ikiwiki (3.20120629.1) wheezy; urgency=medium Backport blogspam plugin from experimental, because the version in diff -Nru ikiwiki-3.20120629.1/debian/changelog ikiwiki-3.20120629.2/debian/changelog --- ikiwiki-3.20120629.1/debian/changelog 2015-01-17 11:53:38.000000000 +0000 +++ ikiwiki-3.20120629.2/debian/changelog 2015-04-06 21:15:31.000000000 +0100 @@ -1,3 +1,11 @@ +ikiwiki (3.20120629.2) wheezy; urgency=medium + + [ Joey Hess ] + * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483; + CVE-2015-2793) + + -- Simon McVittie <smcv@debian.org> Mon, 06 Apr 2015 20:34:51 +0100 + ikiwiki (3.20120629.1) wheezy; urgency=medium Backport blogspam plugin from experimental, because the version in diff -Nru ikiwiki-3.20120629.1/templates/openid-selector.tmpl ikiwiki-3.20120629.2/templates/openid-selector.tmpl --- ikiwiki-3.20120629.1/templates/openid-selector.tmpl 2015-01-14 22:06:16.000000000 +0000 +++ ikiwiki-3.20120629.2/templates/openid-selector.tmpl 2015-04-06 21:15:27.000000000 +0100 @@ -23,7 +23,7 @@ </div> <div id="openid_input_area"> <label for="openid_identifier" class="block">Enter your OpenID:</label> - <input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR OPENID_URL>"/> + <input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR ESCAPE=HTML OPENID_URL>"/> <input id="openid_submit" type="submit" value="Login"/> </div> <TMPL_IF OPENID_ERROR>
--- End Message ---
--- Begin Message ---
- To: 725661-done@bugs.debian.org, 770955-done@bugs.debian.org, 773796-done@bugs.debian.org, 774773-done@bugs.debian.org, 774820-done@bugs.debian.org, 774850-done@bugs.debian.org, 774921-done@bugs.debian.org, 775380-done@bugs.debian.org, 775603-done@bugs.debian.org, 775664-done@bugs.debian.org, 775825-done@bugs.debian.org, 776095-done@bugs.debian.org, 776734-done@bugs.debian.org, 776781-done@bugs.debian.org, 776884-done@bugs.debian.org, 777046-done@bugs.debian.org, 777047-done@bugs.debian.org, 777372-done@bugs.debian.org, 777553-done@bugs.debian.org, 778622-done@bugs.debian.org, 779083-done@bugs.debian.org, 779622-done@bugs.debian.org, 779926-done@bugs.debian.org, 780191-done@bugs.debian.org, 780471-done@bugs.debian.org, 780798-done@bugs.debian.org, 780924-done@bugs.debian.org, 781281-done@bugs.debian.org, 781406-done@bugs.debian.org, 781542-done@bugs.debian.org, 781885-done@bugs.debian.org, 781965-done@bugs.debian.org, 782042-done@bugs.debian.org, 782165-done@bugs.debian.org, 782409-done@bugs.debian.org, 782600-done@bugs.debian.org, 782663-done@bugs.debian.org, 782848-done@bugs.debian.org, 783659-done@bugs.debian.org, 783749-done@bugs.debian.org, 784102-done@bugs.debian.org, 785155-done@bugs.debian.org, 785348-done@bugs.debian.org, 785735-done@bugs.debian.org, 786691-done@bugs.debian.org, 786830-done@bugs.debian.org, 786919-done@bugs.debian.org, 787076-done@bugs.debian.org, 787403-done@bugs.debian.org, 787933-done@bugs.debian.org, 787947-done@bugs.debian.org, 788064-done@bugs.debian.org, 788242-done@bugs.debian.org, 788558-done@bugs.debian.org, 788664-done@bugs.debian.org, 790692-done@bugs.debian.org, 790940-done@bugs.debian.org, 793028-done@bugs.debian.org, 794962-done@bugs.debian.org, 795166-done@bugs.debian.org, 795892-done@bugs.debian.org, 797079-done@bugs.debian.org, 797213-done@bugs.debian.org
- Subject: Closing bugs for 7.9
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 05 Sep 2015 14:33:54 +0100
- Message-id: <1441460034.2151.33.camel@adam-barratt.org.uk>
Version: 7.9 Hi, These bugs relate to updates which were included in the 7.9 point release. Regards, Adam
--- End Message ---