Re: Security bug in mahara-1.0.4-3: upload to testing-proposed-updates?

To: Francois Marier <francois@debian.org>
Cc: debian-release@lists.debian.org, pkg-debian@mahara.org
Subject: Re: Security bug in mahara-1.0.4-3: upload to testing-proposed-updates?
From: Luk Claes <luk@debian.org>
Date: Wed, 04 Feb 2009 07:17:43 +0100
Message-id: <49893307.5030203@debian.org>
In-reply-to: <20090204020103.GA27435@isafjordur.dyndns.org>
References: <20090204020103.GA27435@isafjordur.dyndns.org>

Francois Marier wrote:
> (Please CC me on your replies, thanks!)
> 
> Hello,
> 
> The version of mahara that's in lenny (1.0.4-3) has an XSS vulnerability as
> reported in the release notes:
> 
>   http://mahara.org/interaction/forum/topic.php?id=198
> 
> (no Debian bug or CVE number for it at the moment)
> 
> There is a new upstream release (1.0.9) containing these fixes in
> sid. However, given that it contains other non-security changes, I have also
> prepared a patched 1.0.4 version for lenny.
> 
> I have attached the very small debdiff between -3 and -4 to this email.
> 
> Please let me know whether I should upload 1.0.4-4 to
> testing-proposed-updates or whether you prefer to unblock the package that's
> in sid.

Please upload to testing-proposed-updates.

Cheers

Luk

Reply to:

References:
- Security bug in mahara-1.0.4-3: upload to testing-proposed-updates?
  - From: Francois Marier <francois@debian.org>

Prev by Date: Re: freeze exception: src:rus-ispell
Next by Date: Re: Please unblock guichan 0.8.1-4
Previous by thread: Security bug in mahara-1.0.4-3: upload to testing-proposed-updates?
Next by thread: Please unblock gnu-fdisk 1.2-1
Index(es):
- Date
- Thread