Hi Jonathan. Jonathan Wiltshire <jmw@debian.org> (21/01/2012): > Package: release.debian.org > Severity: important > User: release.debian.org@packages.debian.org > Usertags: pu > > (severity important because of the regression) > > Testing has shown that the fix for CVE-2011-4360 introduces a regression: > in some situations, an error is returned instead of a login prompt. Moreover, > the Debian package seems not to disclose information as described by the CVE. So we had “with no ill-effects” when the patch was introduced, and now we have “no info disclosure”. Will we get an update to re-enable the patch soon? ;-) > For this reason I would like to get a fix into this point release > rather than waiting for the next. I realise the window technically > closes this weekend and I'm sorry for the late notice. I guess the difficult part (on the timing side) might be mediawiki-math's being arch:any? Mraw, KiBi.
Attachment:
signature.asc
Description: Digital signature