[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SRM] Permission to upload mediawiki to stable

On Sun, 2010-12-19 at 14:46 +0100, Moritz Muehlenhoff wrote:
> On 2010-12-18, Adam D. Barratt <adam@adam-barratt.org.uk> wrote:
> > The security tracker seems to be somewhat confused here, fwiw -
> > http://security-tracker.debian.org/tracker/CVE-2010-164{7,8} both claim
> > that the issue was fixed in -2lenny5.
> 
> The are both marked as no-dsa:
> 
> CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...)
>         - mediawiki 1.15.4-1 (bug #585918; low)
>         [lenny] - mediawiki <no-dsa> (Minor issue)
>         NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
> CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before ...)
>         - mediawiki 1.15.4-1 (bug #585918; low)
>         [lenny] - mediawiki <no-dsa> (Minor issue)
>         NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html

Yeah, I spotted that when looking at the tracker while checking the
request over.  It just seemed odd that they were already marked as fixed
in -2lenny5 when that upload clearly didn't include the fixes.

Regards,

Adam
Reply to: