Re: Bug#606311: Acknowledgement (movabletype-opensource: Unspecified XSS and SQL injection vulnerabilities fixed in 4.35)

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

On Fri, 2010-12-10 at 22:33 +0000, Dominic Hargreaves wrote:
> I've pushed the diff to git now:
> <http://git.debian.org/?p=pkg-mt-om/movabletype-opensource.git;a=commit;h=66daeefb9288a35e45a0634d5419fb0cf28c8d5f>
> 
> and built/basic sanity checked the resulting packages. It's quite
> possibly not complete but in the absence of upstream support for older
> versions is at least a decent attempt.
> 
> DSA and/or SRM, would this be okay to release as either a DSA or update
> to stable?

>From a quick look the diff looks okay, but I'd prefer a definitive
answer from the security team before we think about a stable update.

Regards,

Adam