Your message dated Thu, 23 Jun 2011 22:33:12 +0000
with message-id <[email protected]>
and subject line Bug#631437: fixed in movabletype-opensource 4.3.7+dfsg-1
has caused the Debian Bug report #631437,
regarding movabletype-opensource: information disclosure vulnerability fixed in 
4.37
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
631437: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631437
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: movabletype-opensource
Version: 4.3.6.1+dfsg-1
Severity: grave
Tags: security
Justification: user security hole

As reported in:
<http://www.movabletype.org/documentation/appendices/release-notes/512.html>

"Movable Type 5.12, 5.06, 4.37 were released as mandatory security updates. 
These updates resolve multiple vulnerabilities discovered in Movable Type 5.x 
and Movable Type 4.x. All users must upgrade to the latest release immediately."

"Under certain circumstances, a user who has "Create Entries" or "Manage Blog" 
pemissions may be able to read known files on the local file system."

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)



--- End Message ---
--- Begin Message ---
Source: movabletype-opensource
Source-Version: 4.3.7+dfsg-1

We believe that the bug you reported is fixed in the latest version of
movabletype-opensource, which is due to be installed in the Debian FTP archive:

movabletype-opensource_4.3.7+dfsg-1.debian.tar.gz
  to 
main/m/movabletype-opensource/movabletype-opensource_4.3.7+dfsg-1.debian.tar.gz
movabletype-opensource_4.3.7+dfsg-1.dsc
  to main/m/movabletype-opensource/movabletype-opensource_4.3.7+dfsg-1.dsc
movabletype-opensource_4.3.7+dfsg-1_all.deb
  to main/m/movabletype-opensource/movabletype-opensource_4.3.7+dfsg-1_all.deb
movabletype-opensource_4.3.7+dfsg.orig.tar.gz
  to main/m/movabletype-opensource/movabletype-opensource_4.3.7+dfsg.orig.tar.gz
movabletype-plugin-core_4.3.7+dfsg-1_all.deb
  to main/m/movabletype-opensource/movabletype-plugin-core_4.3.7+dfsg-1_all.deb
movabletype-plugin-zemanta_4.3.7+dfsg-1_all.deb
  to 
main/m/movabletype-opensource/movabletype-plugin-zemanta_4.3.7+dfsg-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominic Hargreaves <[email protected]> (supplier of updated movabletype-opensource 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 23 Jun 2011 22:53:29 +0100
Source: movabletype-opensource
Binary: movabletype-opensource movabletype-plugin-core 
movabletype-plugin-zemanta
Architecture: source all
Version: 4.3.7+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Dominic Hargreaves <[email protected]>
Changed-By: Dominic Hargreaves <[email protected]>
Description: 
 movabletype-opensource - A well-known blogging engine
 movabletype-plugin-core - Core Movable Type plugins
 movabletype-plugin-zemanta - Zemanta Movable Type plugin
Closes: 631437
Changes: 
 movabletype-opensource (4.3.7+dfsg-1) unstable; urgency=high
 .
   * New upstream release
     - fixes information disclosure vulnerability (closes: #631437)
Checksums-Sha1: 
 ecfdcd4740dce1cb2c0d4724754e05b1525a756b 1275 
movabletype-opensource_4.3.7+dfsg-1.dsc
 315299dd8cc121cbb0f7a3ab943f7b54b9f97f01 4739190 
movabletype-opensource_4.3.7+dfsg.orig.tar.gz
 12500753768d1bf0b67e96027d0088ee61893895 29020 
movabletype-opensource_4.3.7+dfsg-1.debian.tar.gz
 3b2e61f944dd638e3e256621e00c72204221bf8f 2897122 
movabletype-opensource_4.3.7+dfsg-1_all.deb
 111e061fb1b79662943893173c27f6687b2406b7 170588 
movabletype-plugin-core_4.3.7+dfsg-1_all.deb
 272beaf12906d0f02d5825301a5a76523bd4582c 14760 
movabletype-plugin-zemanta_4.3.7+dfsg-1_all.deb
Checksums-Sha256: 
 d131c10084a83fb0f0706e52dc4773ebb7ac3ff9eb1d943a22a1c00aa373bebd 1275 
movabletype-opensource_4.3.7+dfsg-1.dsc
 e22ef99817907c03165137d8b7391d084d2ebc3b449baffce8626237fbb54be9 4739190 
movabletype-opensource_4.3.7+dfsg.orig.tar.gz
 5e44dd248d4d4573ec7be8ec764a87c0fe15feed3fdfa8ceb3b05741b85ab071 29020 
movabletype-opensource_4.3.7+dfsg-1.debian.tar.gz
 023b0b8c4cfc50a1b2df41a586ee0258bb89417c44da43527f3671cb1c88b9f6 2897122 
movabletype-opensource_4.3.7+dfsg-1_all.deb
 0c9a5db7132590dad907eae26ea2af9bcbc405472ef2c67e3d372f3f728ba11a 170588 
movabletype-plugin-core_4.3.7+dfsg-1_all.deb
 d866947d0ad691b9e2e747478a387636b89381d8f9a1a51faf45d38a97dc26a9 14760 
movabletype-plugin-zemanta_4.3.7+dfsg-1_all.deb
Files: 
 6446933b48a33d4a7ce8cb20950819c2 1275 web optional 
movabletype-opensource_4.3.7+dfsg-1.dsc
 024194b5fe9276ecd79d759f9bc76312 4739190 web optional 
movabletype-opensource_4.3.7+dfsg.orig.tar.gz
 cb12a1979c29873889ee51cb27a3af84 29020 web optional 
movabletype-opensource_4.3.7+dfsg-1.debian.tar.gz
 96d471613c5a7249dff237773ccc26a8 2897122 web optional 
movabletype-opensource_4.3.7+dfsg-1_all.deb
 ffde69bbf0887d57a79885d978470221 170588 web optional 
movabletype-plugin-core_4.3.7+dfsg-1_all.deb
 f58250d58384e50434e6f2fb5e314eaf 14760 web optional 
movabletype-plugin-zemanta_4.3.7+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOA7lYYzuFKFF44qURAg4gAJwPkcWBoHlbbirEF3FKa41nqJOlFACggfMT
XmhatXAkKMjxlhpTYIXgQwU=
=UhRi
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to