Re: Bug#606311: Acknowledgement (movabletype-opensource: Unspecified XSS and SQL injection vulnerabilities fixed in 4.35)
- To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Cc: 606311@bugs.debian.org, team@security.debian.org, debian-release@lists.debian.org
- Subject: Re: Bug#606311: Acknowledgement (movabletype-opensource: Unspecified XSS and SQL injection vulnerabilities fixed in 4.35)
- From: Dominic Hargreaves <dom@earth.li>
- Date: Wed, 5 Jan 2011 22:40:47 +0000
- Message-id: <[🔎] 20110105224047.GK4826@urchin.earth.li>
- In-reply-to: <1292177592.3595.940.camel@hathi.jungle.funky-badger.org>
- References: <20101208095720.2697.77145.reportbug@urchin.earth.li> <handler.606311.B.129180224629668.ack@bugs.debian.org> <20101208195150.GF2959@urchin.earth.li> <20101208231524.GH2959@urchin.earth.li> <20101210223340.GC2959@urchin.earth.li> <1292177592.3595.940.camel@hathi.jungle.funky-badger.org>
On Sun, Dec 12, 2010 at 06:13:12PM +0000, Adam D. Barratt wrote:
> On Fri, 2010-12-10 at 22:33 +0000, Dominic Hargreaves wrote:
> > I've pushed the diff to git now:
> > <http://git.debian.org/?p=pkg-mt-om/movabletype-opensource.git;a=commit;h=66daeefb9288a35e45a0634d5419fb0cf28c8d5f>
> >
> > and built/basic sanity checked the resulting packages. It's quite
> > possibly not complete but in the absence of upstream support for older
> > versions is at least a decent attempt.
> >
> > DSA and/or SRM, would this be okay to release as either a DSA or update
> > to stable?
>
> >From a quick look the diff looks okay, but I'd prefer a definitive
> answer from the security team before we think about a stable update.
I've heard nothing from the security team; is this time to think about
a stable update instead?
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Reply to: