Bug#653966: marked as done (yaws cross site scripting)

Debian Bug Tracking System Tue, 17 Jan 2012 22:21:24 -0800

Your message dated Wed, 18 Jan 2012 06:18:44 +0000
with message-id <e1rnor6-0001kk...@franck.debian.org>
and subject line Bug#653966: fixed in yaws 1.92-1
has caused the Debian Bug report #653966,
regarding yaws cross site scripting
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
653966: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653966
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: yaws
Severity: serious
Tags: security

Hi,

The following security issue has been reported against yaws:
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in 
Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via 
(1) the tag parameter to editTag.yaws, (2) the index parameter to 
showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text 
parameter to editPage.yaws.

This is tracked at:
http://security-tracker.debian.org/tracker/CVE-2011-5025

Can you please ensure that unstable is fixed for this issue and assert whether 
squeeze and/or lenny need to be fixed aswell?


Cheers,
Thijs

signature.asc
Description: This is a digitally signed message part.

--- End Message ---

--- Begin Message ---

Source: yaws
Source-Version: 1.92-1

We believe that the bug you reported is fixed in the latest version of
yaws, which is due to be installed in the Debian FTP archive:

erlang-yaws_1.92-1_i386.deb
  to main/y/yaws/erlang-yaws_1.92-1_i386.deb
yaws-chat_1.92-1_all.deb
  to main/y/yaws/yaws-chat_1.92-1_all.deb
yaws-doc_1.92-1_all.deb
  to main/y/yaws/yaws-doc_1.92-1_all.deb
yaws-mail_1.92-1_all.deb
  to main/y/yaws/yaws-mail_1.92-1_all.deb
yaws-wiki_1.92-1_all.deb
  to main/y/yaws/yaws-wiki_1.92-1_all.deb
yaws-yapp_1.92-1_all.deb
  to main/y/yaws/yaws-yapp_1.92-1_all.deb
yaws_1.92-1.diff.gz
  to main/y/yaws/yaws_1.92-1.diff.gz
yaws_1.92-1.dsc
  to main/y/yaws/yaws_1.92-1.dsc
yaws_1.92-1_all.deb
  to main/y/yaws/yaws_1.92-1_all.deb
yaws_1.92.orig.tar.gz
  to main/y/yaws/yaws_1.92.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 653...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sergei Golovan <sgolo...@debian.org> (supplier of updated yaws package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 18 Jan 2012 09:46:18 +0400
Source: yaws
Binary: yaws erlang-yaws yaws-doc yaws-chat yaws-mail yaws-wiki yaws-yapp
Architecture: source i386 all
Version: 1.92-1
Distribution: unstable
Urgency: low
Maintainer: Debian Erlang Packagers <pkg-erlang-de...@lists.alioth.debian.org>
Changed-By: Sergei Golovan <sgolo...@debian.org>
Description: 
 erlang-yaws - Erlang application which implements HTTP webserver
 yaws       - High performance HTTP 1.1 webserver written in Erlang
 yaws-chat  - Chat application for Yaws web server
 yaws-doc   - Documentation and examples for Yaws web server
 yaws-mail  - Webmail application for Yaws web server
 yaws-wiki  - Wiki application for Yaws web server
 yaws-yapp  - Provides an easy way to deploy applications for Yaws web server
Closes: 653966
Changes: 
 yaws (1.92-1) unstable; urgency=low
 .
   * New upstream release.
   * Removed patches which fix directory traversal bug and loading external
     drivers for Erlang R15B because they are included into this upstream
     release.
   * Added a few more fixes for compatibility with Erlang R15B.
   * Removed patch which uses external mime.types.
   * Added a patch which fixes CVE-2011-5025 in the yaws-wiki package
     (closes: #653966).
   * Copied acceptor_pool_size option to yaws.conf from the upstream config.
Checksums-Sha1: 
 59c253143c01cb5c2a90de9c1f9efc7eae971bb9 1647 yaws_1.92-1.dsc
 5c3f566de15142520c3dee0080cc34c87e103bf2 892543 yaws_1.92.orig.tar.gz
 efd92fbc062824b9c7185f591e86c0d9f1571970 31736 yaws_1.92-1.diff.gz
 e5579738ea39c8c67b54b921dd6099f0e688a8ed 410256 erlang-yaws_1.92-1_i386.deb
 04cc7bc2aec01bc076128afe8bb0bcc43a3074c7 73972 yaws_1.92-1_all.deb
 dd76555de90cd4e2d2598f323cb2f4cd8ca38898 628998 yaws-doc_1.92-1_all.deb
 adafb7e4f43e68fdfe3d1fc0ddacca5301e5f89a 67318 yaws-chat_1.92-1_all.deb
 056853c9c722acdbfc31009608aff72a132fd9d7 168060 yaws-mail_1.92-1_all.deb
 0b87c0c71cc25207fb75458325aa574f4de9dfd5 211532 yaws-wiki_1.92-1_all.deb
 33a2601dfb8725407011b8cd85c98ff1f71978d2 70274 yaws-yapp_1.92-1_all.deb
Checksums-Sha256: 
 31271f400047ed257533b7e4b36fea312132e490715f5b56a2519a80f60de53e 1647 
yaws_1.92-1.dsc
 b694f14e0cd4fd8f8cc6876b2304c1c4b449443dcfabc66ed099181639e9296f 892543 
yaws_1.92.orig.tar.gz
 ff13aac7c5abdda4e44b7896d3cbbc9a4db10b89a2a470bb8e3a2081b7ab5cf1 31736 
yaws_1.92-1.diff.gz
 16e5c2daa9b2f3fd863e4855ca2995cc856efd6e5f8eb68982458abb444884a7 410256 
erlang-yaws_1.92-1_i386.deb
 b4a5d7d6db59e3a4f184b0b90d2bc75927864ebac637eedb5cd2084c8cf9b775 73972 
yaws_1.92-1_all.deb
 6b30f54fc11f87aeeafb806e1c971fc5cbaeeef611d86e3957a9ad216598f0b8 628998 
yaws-doc_1.92-1_all.deb
 dd1f3a7c9e6314d7190421e9510f85765aae4b18f593f7ce0dfb92e49f88c3db 67318 
yaws-chat_1.92-1_all.deb
 2ba9519745376579cc70480c7a7cbca79f3c6131d82922ea913565e809827c95 168060 
yaws-mail_1.92-1_all.deb
 dbfcdeb9fbca9584fa67a147f4b9c00a98073925eb7a9742d84f24789e42d95e 211532 
yaws-wiki_1.92-1_all.deb
 9434fd2e7cb2b0af5216851ac35404f14ec61797fdbf0d203cafc47aaf809cfd 70274 
yaws-yapp_1.92-1_all.deb
Files: 
 65511b42a846b0fe41369b8f592b01a4 1647 httpd optional yaws_1.92-1.dsc
 944bf64f53b84f665f8d1873ef11fc04 892543 httpd optional yaws_1.92.orig.tar.gz
 b91717307c775d87bc602abe800b0394 31736 httpd optional yaws_1.92-1.diff.gz
 042eb66536983bb76724d0b34d6878da 410256 httpd optional 
erlang-yaws_1.92-1_i386.deb
 782151326423e7c903bdfec47c30ad18 73972 httpd optional yaws_1.92-1_all.deb
 a722c88d4cd267f312e7c8ec7f02fccd 628998 doc optional yaws-doc_1.92-1_all.deb
 20533fad10fc33540149584f932b9ed3 67318 web optional yaws-chat_1.92-1_all.deb
 2456648927971130fe98de7724b164e6 168060 web optional yaws-mail_1.92-1_all.deb
 e320901df584ed08c2b506aadcd488eb 211532 web optional yaws-wiki_1.92-1_all.deb
 e74c4eabdf703c572bca72d7cb88175a 70274 web optional yaws-yapp_1.92-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFPFmACIcdH02pGEFIRAi7lAJ9iv72J4ccWCXcdi+LUW5F5j6CoAQCggfgo
Ayfs2NvHz9Dq/ZfQDIb1Nq8=
=UHc4
-----END PGP SIGNATURE-----

--- End Message ---

Bug#653966: marked as done (yaws cross site scripting)

Reply via email to