Your message dated Tue, 09 Mar 2010 10:43:29 +0000
with message-id <[email protected]>
and subject line Bug#572417: fixed in tdiary 2.2.1-1.1
has caused the Debian Bug report #572417,
regarding [security]: limited XSS vulnerability with IE7, fixed in new upstream
release 2.2.3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
572417: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572417
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tdiary
Version: 2.2.1-1
Severity: important
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
XSS vulnerability was found in tdiary 2.2.2 or earlier (=<2.2.2).
It is caused
- with Internet Explorer 7
- using trackback plugin
- access certain URL to update blog
New upstream release 2.2.3 was released, so update debian package to
that (in sid/squeeze). And we need a patch for lenny as well.
For more detail, see http://www.tdiary.org/20100225.html (in Japanese)
- --
Regards,
Hideki Yamane
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuOVY4ACgkQIu0hy8THJkuPdQCgj1k6sP/Cyelw7DZ9qCztI/WZ
1rYAn0GsBCsjBQLTCEgjUzZGcp3w46/1
=fgJb
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: tdiary
Source-Version: 2.2.1-1.1
We believe that the bug you reported is fixed in the latest version of
tdiary, which is due to be installed in the Debian FTP archive:
tdiary-contrib_2.2.1-1.1_all.deb
to main/t/tdiary/tdiary-contrib_2.2.1-1.1_all.deb
tdiary-mode_2.2.1-1.1_all.deb
to main/t/tdiary/tdiary-mode_2.2.1-1.1_all.deb
tdiary-plugin_2.2.1-1.1_all.deb
to main/t/tdiary/tdiary-plugin_2.2.1-1.1_all.deb
tdiary-theme_2.2.1-1.1_all.deb
to main/t/tdiary/tdiary-theme_2.2.1-1.1_all.deb
tdiary_2.2.1-1.1.diff.gz
to main/t/tdiary/tdiary_2.2.1-1.1.diff.gz
tdiary_2.2.1-1.1.dsc
to main/t/tdiary/tdiary_2.2.1-1.1.dsc
tdiary_2.2.1-1.1_all.deb
to main/t/tdiary/tdiary_2.2.1-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <[email protected]> (supplier of updated tdiary package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 09 Mar 2010 18:54:19 +1100
Source: tdiary
Binary: tdiary tdiary-theme tdiary-plugin tdiary-mode tdiary-contrib
Architecture: source all
Version: 2.2.1-1.1
Distribution: unstable
Urgency: high
Maintainer: Daigo Moriwaki <[email protected]>
Changed-By: Steffen Joeris <[email protected]>
Description:
tdiary - a communication-friendly weblog system
tdiary-contrib - Plugins of tDiary to add functionalities
tdiary-mode - tDiary editing mode for Emacsen
tdiary-plugin - Plugins of tDiary to add functionalities
tdiary-theme - Themes of tDiary to change the design
Closes: 572417
Changes:
tdiary (2.2.1-1.1) unstable; urgency=high
.
* Non-maintainer upload by the security team
* Fix XSS issue in tb-send.rb (Closes: #572417)
Fixes: CVE-2010-0726
Thanks to Hideki Yamane
Checksums-Sha1:
0fe8572de7a343f27ff684881e1a614f94c07d03 1063 tdiary_2.2.1-1.1.dsc
c6b110e799945d32382a0cf9aa7a468b764ac869 28836 tdiary_2.2.1-1.1.diff.gz
3fda506f11c8a75bbb121d8e029e7f9e96efb474 201712 tdiary_2.2.1-1.1_all.deb
175a253320d3b5b461adfa4b59a866524c7c4082 3671572 tdiary-theme_2.2.1-1.1_all.deb
db100491781b4a7b8a9556a1af15735507335ac7 270074 tdiary-plugin_2.2.1-1.1_all.deb
86f66b574a7a5364e82d4cda97f06870fd51ecb7 36904 tdiary-mode_2.2.1-1.1_all.deb
51e4faf0bdc37ae1cb9c82e6994fba431ccad1f7 209252
tdiary-contrib_2.2.1-1.1_all.deb
Checksums-Sha256:
cc302c8e69ac85220c212a7bfb0d9f75ef4ab91ad838c08bf9f6a37dc09645f2 1063
tdiary_2.2.1-1.1.dsc
c2a537bd005743d6324d8904cae8adafa1f692b943786765667c79dfd8f43af6 28836
tdiary_2.2.1-1.1.diff.gz
034e681cc4d58b0e86af9f0afa375d13c2bf55bf73a75ede1784fb67e7811054 201712
tdiary_2.2.1-1.1_all.deb
e0b0e0182411cbbc55d5051af30a9d668ab8c0f07a3fbd96b3fe3d286364a99d 3671572
tdiary-theme_2.2.1-1.1_all.deb
7989219d059b8d100a1961e1dc4d0afbad75fcf0d7e3221b8e278419ec49566e 270074
tdiary-plugin_2.2.1-1.1_all.deb
3ecde24bd4d0f0e10fc9115599da2ceb9cb2754d500d6eee22450c4a566b2f18 36904
tdiary-mode_2.2.1-1.1_all.deb
2fe2a24c1eabd1cf9e1e6654d0bb0bba2afa4dcb8fa09df374542ba89f90f744 209252
tdiary-contrib_2.2.1-1.1_all.deb
Files:
bd63579483d6206a9b5db8a059be2cc3 1063 web optional tdiary_2.2.1-1.1.dsc
25d81b1be26bf4840ec5f22134e19dc3 28836 web optional tdiary_2.2.1-1.1.diff.gz
bd9a7852d0dd843e5bb577824fe4c817 201712 web optional tdiary_2.2.1-1.1_all.deb
a5f31190766e3008b4574ef2b04d8dc4 3671572 web optional
tdiary-theme_2.2.1-1.1_all.deb
f315a9a0c5896be76e81b06c90ad6708 270074 web optional
tdiary-plugin_2.2.1-1.1_all.deb
9aa4f71d05730793b378f41e20a94f70 36904 web optional
tdiary-mode_2.2.1-1.1_all.deb
b295182815de1eee0586006f94f78dec 209252 web optional
tdiary-contrib_2.2.1-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuWG+MACgkQ62zWxYk/rQcF7gCffMkTUYombFEeKRTjMGjeELm4
1wcAnjr02pA/1D/SMAV0ZHTEyX/fzfVL
=4In4
-----END PGP SIGNATURE-----
--- End Message ---