Re: RFS: tikiwiki
Alec Berryman wrote:
> The version in experimental is probably vulnerable to CVE-2006-3048,
> CVE-2006-3047, and CVE-2006-2635.
These are resolved in 1.9.4 according to information here:
http://tikiwiki.org/tiki-read_article.php?articleId=131
http://www.securityfocus.com/bid/18143
http://www.securityfocus.com/bid/18421
> I'm unable to find mention that these issues have been resolved
> in the upstream changelog or in yours;
Right. Upstream seems to be sloppy announcing things. I'll discuss it with
them, and put the CVE numbers in the Debian changelog.
Thanks,
Marcus
Reply to: