[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#782042: marked as done (wheezy-pu: package ikiwiki/3.20120629.2)



Your message dated Sat, 05 Sep 2015 14:33:54 +0100
with message-id <1441460034.2151.33.camel@adam-barratt.org.uk>
and subject line Closing bugs for 7.9
has caused the Debian Bug report #782042,
regarding wheezy-pu: package ikiwiki/3.20120629.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
782042: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782042
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Raghav Bisht reported a cross-site-scripting vulnerability in ikiwiki
(#781483, CVE-2015-2793). The security team have asked me to fix it
via wheezy-proposed-updates rather than wheezy-security.

OK to upload?

(As before, the double diff for the changelog is because CHANGELOG is a
symlink to debian/changelog.)

Thanks,
    S
diffstat for ikiwiki-3.20120629.1 ikiwiki-3.20120629.2

 CHANGELOG                      |    8 ++++++++
 debian/changelog               |    8 ++++++++
 templates/openid-selector.tmpl |    2 +-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff -Nru ikiwiki-3.20120629.1/CHANGELOG ikiwiki-3.20120629.2/CHANGELOG
--- ikiwiki-3.20120629.1/CHANGELOG	2015-01-17 11:53:38.000000000 +0000
+++ ikiwiki-3.20120629.2/CHANGELOG	2015-04-06 21:15:31.000000000 +0100
@@ -1,3 +1,11 @@
+ikiwiki (3.20120629.2) wheezy; urgency=medium
+
+  [ Joey Hess ]
+  * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483;
+    CVE-2015-2793)
+
+ -- Simon McVittie <smcv@debian.org>  Mon, 06 Apr 2015 20:34:51 +0100
+
 ikiwiki (3.20120629.1) wheezy; urgency=medium
 
   Backport blogspam plugin from experimental, because the version in
diff -Nru ikiwiki-3.20120629.1/debian/changelog ikiwiki-3.20120629.2/debian/changelog
--- ikiwiki-3.20120629.1/debian/changelog	2015-01-17 11:53:38.000000000 +0000
+++ ikiwiki-3.20120629.2/debian/changelog	2015-04-06 21:15:31.000000000 +0100
@@ -1,3 +1,11 @@
+ikiwiki (3.20120629.2) wheezy; urgency=medium
+
+  [ Joey Hess ]
+  * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483;
+    CVE-2015-2793)
+
+ -- Simon McVittie <smcv@debian.org>  Mon, 06 Apr 2015 20:34:51 +0100
+
 ikiwiki (3.20120629.1) wheezy; urgency=medium
 
   Backport blogspam plugin from experimental, because the version in
diff -Nru ikiwiki-3.20120629.1/templates/openid-selector.tmpl ikiwiki-3.20120629.2/templates/openid-selector.tmpl
--- ikiwiki-3.20120629.1/templates/openid-selector.tmpl	2015-01-14 22:06:16.000000000 +0000
+++ ikiwiki-3.20120629.2/templates/openid-selector.tmpl	2015-04-06 21:15:27.000000000 +0100
@@ -23,7 +23,7 @@
 		</div>
 		<div id="openid_input_area">
 			<label for="openid_identifier" class="block">Enter your OpenID:</label>
-			<input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR OPENID_URL>"/>
+			<input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR ESCAPE=HTML OPENID_URL>"/>
 			<input id="openid_submit" type="submit" value="Login"/>
 		</div>
 		<TMPL_IF OPENID_ERROR>

--- End Message ---
--- Begin Message ---
Version: 7.9

Hi,

These bugs relate to updates which were included in the 7.9 point
release.

Regards,

Adam

--- End Message ---

Reply to: