Your message dated Fri, 18 Nov 2016 15:02:32 +0000 with message-id <e1c7kgs-00071b...@fasolo.debian.org> and subject line Bug#844340: fixed in moin 1.9.8-1+deb8u1 has caused the Debian Bug report #844340, regarding moin: CVE-2016-7146: XSS in GUI editor's attachment dialogue to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 844340: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844340 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: moin Version: 1.9.8-1 Severity: important Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for moin. CVE-2016-7146[0]: XSS in GUI editor's attachment dialogue If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7146 [1] http://hg.moinmo.in/moin/1.9/rev/1563d6db198c Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: moin Source-Version: 1.9.8-1+deb8u1 We believe that the bug you reported is fixed in the latest version of moin, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 844...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated moin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 14 Nov 2016 21:24:29 +0100 Source: moin Binary: python-moinmoin Architecture: all source Version: 1.9.8-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Steve McIntyre <93...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 844338 844340 844341 Description: python-moinmoin - Python clone of WikiWiki - library Changes: moin (1.9.8-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-7146: XSS in GUI editor's attachment dialogue (Closes: #844340) * CVE-2016-7148: XSS in AttachFile view (multifile related) (Closes: #844341) * CVE-2016-9119: XSS in GUI editor's link dialogue (Closes: #844338) Checksums-Sha1: 8b54874b6d2c9d24236c8b96e21d3bfc3eaf5dbf 2048 moin_1.9.8-1+deb8u1.dsc bead31f53152395aa93c31dc3e0a8a417be39ccd 37140821 moin_1.9.8.orig.tar.gz 22808c5fe0b5a02b47cb203dfaf8fcfb1bc2c74e 148948 moin_1.9.8-1+deb8u1.debian.tar.xz a0ab3dbd5ea449a3b680fffd343fe03a814685b0 7182696 python-moinmoin_1.9.8-1+deb8u1_all.deb Checksums-Sha256: 34ca9384c2e9471a3dfdde52b84b44674613f5a40330eb565508f64b9e871dbe 2048 moin_1.9.8-1+deb8u1.dsc a74ba7fd8cf09b9e8415a4c45d7389ea910c09932da50359ea9796e3a30911a6 37140821 moin_1.9.8.orig.tar.gz 9824100234f561827e87ae91b0983cf41a4b19779f617d9f40deae9a09376f13 148948 moin_1.9.8-1+deb8u1.debian.tar.xz 8f00de48e0c72c4e1a85051d6fd465e57763abeb3a7d97b4969b381d64e27b2d 7182696 python-moinmoin_1.9.8-1+deb8u1_all.deb Files: c6bc5ae411d04e45288adbb810eff950 2048 net optional moin_1.9.8-1+deb8u1.dsc 375a57b62565c789488c4d5b759c182c 37140821 net optional moin_1.9.8.orig.tar.gz c0ff895702b75e64ada69028a716ab61 148948 net optional moin_1.9.8-1+deb8u1.debian.tar.xz 09532d81e3be7d08f25961df09b9d04b 7182696 python optional python-moinmoin_1.9.8-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlgqHl1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ESS4QAIEmI+pBrMvnCY9e6McFDw6T2rmCZjb2 kpUQ79zEQam0aEiaoGK7lXL3IDem+gFtkg6+arSOSIaFzko4b8YAtvRlHxaLEwAv 2JueFNjxcF3qd69oTnXaZVKbs8YiZDCMCPU2ZV8JzkIvjfqqZPuBOS/d6zdSdMxG qThCNBrLTDt3PrdtDgm9ePAE2IL7QjdYadcwzZCSeLpG2hrfYf5tA6YWdFoLhMVd gRTAVHZFyGgJXbuus1YTJJboTFHv30gzjevqYF0jJI8IZeMBAr7rUBi2/rz1f/g6 7MGWLEqjkYvsdYKLvgoxKW0BPV9Jbu8XmGNn7GPnFSDHcv9iWqunkbykCc4qcXa8 J7Wo9NWjF9eJyAlG1kXkpkJAirFRaQUS1JRul8cnZ0cBtwA70twUlcg7ut0DmLNt F3RhRrQr/e8VrYKrfq1aOCyVmdDfdmM9rp4nWV5R5K6RDfz0zc4QtZv8h8mGJMZd 5AznSBNaKoZYNFRrxntezUgbcBAqey9lpVhlLFMGUkuFfkn7gub8iw6f1tknbqPa P3F/FhH+MTmRslIjepp9+Rxw8yFYNxKuNY7TNR26/uU6poA/py93A8EsESG8807Z /yKXu4yVB/FvpBkh+uVPZGkW2Sqa+ts7IMNPuB2xPV7hTZTeFyctJXAklZSISIji aDHAg1ufBBaY =yEGg -----END PGP SIGNATURE-----
--- End Message ---
