Your message dated Fri, 04 Apr 2025 18:56:14 +0000
with message-id <e1u0md8-00475d...@fasolo.debian.org>
and subject line Bug#1085453: fixed in mediawiki 1:1.43.0+dfsg-1
has caused the Debian Bug report #1085453,
regarding mediawiki: embedded copy of dompurify, affected by CVE-2024-47875
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1085453: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085453
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mediawiki
Severity: serious
Tags: upstream security
Dear Maintainer,
Dompurify was affected recently by a few security bug
Can you cross check that you patched the problem
https://sources.debian.org/src/mediawiki/1:1.39.10-1/extensions/VisualEditor/lib/ve/lib/dompurify/
Better will be to use last debian version
moreover could you document in the security tracker that you embed for old
version dompurify ?
Bastien
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: mediawiki
Source-Version: 1:1.43.0+dfsg-1
Done: Taavi Väänänen <ta...@debian.org>
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1085...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Taavi Väänänen <ta...@debian.org> (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 04 Apr 2025 21:11:28 +0300
Source: mediawiki
Architecture: source
Version: 1:1.43.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: MediaWiki packaging team <mediawiki-deb...@lists.wikimedia.org>
Changed-By: Taavi Väänänen <ta...@debian.org>
Closes: 1085453 1089725
Changes:
mediawiki (1:1.43.0+dfsg-1) unstable; urgency=medium
.
[ Kunal Mehta ]
* New upstream version 1.43.0 (Closes: #1089725)
* Synchronize upstream/signing-key.asc with
<https://www.mediawiki.org/keys/keys.txt>
.
[ наб ]
* d/control: Build-Depends: remove dh-buildinfo (see #1068809)
.
[ Taavi Väänänen ]
* Disable MathJax and Special:RestSandbox support due to DSFG issues.
* Update embedded DomPurify to 2.5.7. (Closes: #1085453)
* Update policy version to 4.7.2, no changes needed.
Checksums-Sha1:
171ca2f318181dfad14b73bca9d950999e3986da 2299 mediawiki_1.43.0+dfsg-1.dsc
338edb037aeb61d9bbba4e924efa2dfbfbb984fd 86721506
mediawiki_1.43.0+dfsg.orig.tar.gz
f8212e554dd8c2e28c57bd4aadcd86426303df06 127936
mediawiki_1.43.0+dfsg-1.debian.tar.xz
99d64149231d67214fbe06a339afb19bea471762 6970
mediawiki_1.43.0+dfsg-1_amd64.buildinfo
Checksums-Sha256:
8c1add25695034d84884b384b5f072db56192d987c53f32e1fb6508fe22a940d 2299
mediawiki_1.43.0+dfsg-1.dsc
dc5f0e7bb28d5b32309be0955244914c2021556747c0efd52bc6d544ff10b2ef 86721506
mediawiki_1.43.0+dfsg.orig.tar.gz
433007ff498ccea41e881bac0e8169326c377c6dfc63874e3272b4029f3f21f3 127936
mediawiki_1.43.0+dfsg-1.debian.tar.xz
4535e02b2d4badb8a4403d1593985799e42a43105f238e68a91c77703d207a6c 6970
mediawiki_1.43.0+dfsg-1_amd64.buildinfo
Files:
2e525080ea68bd24129f9df03512105b 2299 web optional mediawiki_1.43.0+dfsg-1.dsc
2184fc48930825b0bd0b3b3387056383 86721506 web optional
mediawiki_1.43.0+dfsg.orig.tar.gz
3409ba8a39d9de2575b2b708b0c77c0c 127936 web optional
mediawiki_1.43.0+dfsg-1.debian.tar.xz
c35927d2f64b2adbf1c84c4568ec4d72 6970 web optional
mediawiki_1.43.0+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEENGVGnLGdYeXi6or77yQvcJ+RL74FAmfwIqcRHHRhYXZpQGRl
Ymlhbi5vcmcACgkQ7yQvcJ+RL74Crw/9GXPXMszxvMnVIsRGhERYKnegGP8s0ZUI
kxJBTzhdhvTo0myCKIDt4gYVNolNHpdJz4zWAyLK4T1ZFV/n6zpNWUo/pns2+gf6
RPKIdD+Nt7qgapCFeZwXyucBdEipVEjf1oE2lCNC37nRPslityqc64WdeiwPpRqh
eAOmBDB9xH9b9EQRjnD4DUV4QlTdMU2CUo95MeJUbUgUJG/LdtZabiWp1JHljmzw
+PHGAUOShcF97l/1T9txjiofiB0boj2QK7x8B7abfaPg9XvJE2csRgSgdKCV5U55
mI+AvyT/03bSVFKHP0Ap11aWUKdEC/w1Fb3BcMrkXyVUcnfFppsrjU1hRSAK7J6/
eVc7ichkqEQ4aFLdefAGuIK7/oaegSIx75vGE5A+ODfPtozrIWwkqhGW2zmqIein
DQjGDFCnt7YhJw+jjrEoOfNRXxBqGRHdovYQXcPG3a2oF+nefnLc2Hzp8NpywjnB
SWvLHFW2MgVm4y6WznTw2K6cmDTwUIMVw0Rtdgrr0/okBqFexTwMIetF64j8TCqe
ZWy9gWi1p9Dt8WgNsadTVPgOToEecPv5rgrNWZkiRiit8MfGrW6bT655We2OC43A
sZ3Z81pusyh2xUeubWDuwtFNMAKedXvamdRs1jpCvK1mRmpzvAR4fcs8PZQWtej1
Sy0/WDRwQj8=
=U9cS
-----END PGP SIGNATURE-----
pgp6NZYzjTQ66.pgp
Description: PGP signature
--- End Message ---
